Vulnerability Index: Year 2019

Uncontrolled Recursion Loop Vulnerability in Juniper Networks Junos OS Vulnerability: Ineffective Firewall Filter Configuration on EX2300 and EX3400 Series BGP Flowspec Configuration Reachable Assertion Failure Vulnerability Information Disclosure: API and Device Keys Logged in Readable File on Juniper ATP Vulnerability: Inability to Perform IPv6 Extension Header Packet Matching on Juniper Networks Junos OS Uninitialized Function Pointer Dereference Vulnerability in Juniper Networks Junos OS Predictable IP ID Sequence Number Vulnerability in Juniper Networks vMX Series Software Stack-based Buffer Overflow in Junos OS Packet Forwarding Engine Manager (FXPC) Process on QFX5000 Series, EX4300, EX4600 Devices Vulnerability: High Disk I/O Operations Disrupt Communication on EX2300 and EX3400 Series SRX Series Service Gateway UTM HTTP AV Inspection Memory Buffer Exhaustion Vulnerability Junos OS Kernel Crash Vulnerability Denial of Service (DoS) Vulnerability in BGP Auto Discovery for LDP VPLS in Juniper Networks Junos OS Denial of Service (DoS) vulnerability in Juniper Networks Junos OS J-Flow Sampling Malformed Packet Denial of Service Vulnerability Vulnerability: Persistent Dynamic VPN Connections in SRX Series Service Gateway Junos Space Unauthorized Device Deletion Vulnerability Insufficient Validity Checking in Junos Space Application Allows Malicious Image Upload Persistent XSS Vulnerability in Juniper ATP File Upload Menu BGP Tracing DoS Vulnerability in Junos OS Critical Vulnerability: Hard Coded Credentials in Juniper ATP Web Collector Clear Text Logging of Secret Passphrases in Juniper ATP 5.0 Versions Prior to 5.0.4 Critical Vulnerability: Hard Coded Credentials in Juniper ATP Allows Full Control Persistent XSS Vulnerability in Juniper ATP Golden VM Menu Persistent XSS Vulnerability in Juniper ATP Email Collectors Menu Persistent XSS Vulnerability in Juniper ATP RADIUS Configuration Menu Persistent XSS Vulnerability in Juniper ATP Zone Configuration Persistent XSS Vulnerability in Juniper ATP 5.0 Allows for Arbitrary Script Injection and Data Theft Denial of Service (DoS) Vulnerability in Junos BGP Graceful Restart Mechanism Juniper ATP Series Splunk Credentials Exposure Vulnerability Vulnerability: Trivial De-hashing of Passwords in Juniper ATP 5.0 versions prior to 5.0.3 Memory resource consumption vulnerability in Junos OS jdhcpd daemon Plaintext Storage of Organization Authentication Credentials in Log Files Proxy ARP Service Firewall Bypass Vulnerability in Juniper Networks Junos OS Administrative Bypass Vulnerability in Junos OS with Insecure Console Access Silent Ignoring of internal-n Terms in Junos OS Firewall Filter Configuration Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS DHCPv6 Implementation Denial of Service (DoS) Vulnerability in Juniper SRX340/SRX345 Services Gateways Vulnerability: Brute Force Attacks on Junos OS REST API Login Credentials Information Leak and Denial of Service Vulnerability in Junos OS rpcbind Vulnerability: Control Plane Exposure via Loopback Interface on EX4300-MP Series Devices Vulnerability in Juniper Identity Management Service (JIMS) for Windows Allows Firewall Bypass and DoS Attacks Denial of Service Vulnerability in Juniper Networks Junos OS Out-of-Band Management Interface Denial of Service Vulnerability Juniper Networks Junos OS EX4300 Broadcast Storm DoS Vulnerability Persistent Cross-Site Scripting (XSS) Vulnerability in Junos OS J-Web Interface Vulnerability: Multicast Traffic Loopback Filter Bypass on Juniper EX4300 Series Switches Denial of Service (DoS) Vulnerability in Junos OS BGP Graceful Restart SRX1500 Denial of Service Vulnerability SSL-Proxy Feature on Juniper SRX Devices Denial of Service Vulnerability Vulnerability: SRX Series Gateways Crash Due to Misinterpreted Fragmented HTTP Packet Stack-based buffer overflow vulnerability in Junos OS telnet client Improper Certificate Validation in Juniper Networks Junos OS SRX Series Application Identification Signature Update Client SIP ALG Denial of Service Vulnerability in Juniper Networks Junos OS Insufficient Resource Pool Vulnerability in Juniper Networks Junos OS Improper Authorization Vulnerability in Juniper Networks Junos OS Veriexec Subsystem Privilege Escalation Vulnerability in Juniper Networks Junos OS Memory Leak Vulnerability in Juniper Networks Junos OS: DoS via BGP Peered Host Denial of Service (DoS) Vulnerability in Juniper SRX Series Gateways with IPSec Tunnels Privilege Escalation Vulnerability in Junos OS Management Daemon (MGD) Title: Session Fixation Vulnerability in J-Web on Junos OS Allows for Session Hijacking and Unauthorized Access Denial of Service (DoS) vulnerability in Juniper Networks Junos OS Denial of Service (DoS) vulnerability in SRX5000 Series devices with 'set security zones security-zone <zone> tcp-rst' configuration Denial of Service Vulnerability in Juniper Networks Junos OS on MX Series NG-mVPN Service Denial of Service Vulnerability in Juniper Networks Junos OS IPv6 Packet Crash Vulnerability in Juniper Networks Junos OS Denial of Service Vulnerability in Juniper Networks Junos OS on SRX Series Clear text logging of console management port credentials on Juniper Networks Junos OS Privilege Escalation Vulnerability in Juniper Networks Junos OS on NFX Series Vulnerability: Veriexec Subsystem Failure Allows Unauthorized Execution Unprotected Storage of Credentials Vulnerability in Juniper Networks SBR Carrier Insecure File Permissions in PKI Key Export on Junos OS Path Traversal Vulnerability in Juniper Networks Junos OS on NFX150, QFX10K, EX9200, MX, and PTX Series Devices with Next-Generation Routing Engine (NG-RE) PIM-enabled SRX Series Devices Vulnerability: Denial of Service via srxpfe Process Crash Dynamic Application Loader Software Vulnerability: Unauthorized Privilege Escalation via Local Access Path Traversal Vulnerability in Intel(R) System Support Utility for Windows Privilege Escalation Vulnerability in Intel(R) SPS Subsystem Insufficient Access Control Vulnerability in Intel Subsystems: Potential Privilege Escalation via Physical Access Code Injection Vulnerability in Intel(R) CSME and Intel(R) TXE Installer Escalation of Privilege Vulnerability in Intel(R) AMT Subsystem Insufficient Data Sanitization Vulnerability in Intel(R) CSME and SPS Denial of Service Vulnerability in Intel(R) AMT Subsystem Escalation of Privilege Vulnerability in Intel(R) AMT Subsystem Denial of Service Vulnerability in Intel(R) AMT Subsystem Escalation of Privilege Vulnerability in Intel(R) CSME and Intel(R) TXE Subsystems Insufficient Access Control Vulnerability in Intel(R) SPS Subsystem Title: Authentication Bypass Vulnerability in Intel Unite(R) Solution 3.2-3.3 Allows Privilege Escalation Insufficient Session Authentication in Intel(R) Data Center Manager SDK: Potential Privilege Escalation via Network Access Insufficient File Protection in Intel(R) Data Center Manager SDK Install Routine: Potential Information Disclosure Vulnerability Unprotected Uninstall Routine in Intel(R) Data Center Manager SDK Prior to Version 5.0.2 Allows for Local Information Disclosure Privilege Escalation Vulnerability in Intel(R) Data Center Manager SDK Install Routine Privilege Escalation Vulnerability in Intel(R) Data Center Manager SDK Install Routine Insufficient User Prompt in Intel(R) Data Center Manager SDK Install Routine: Potential Privilege Escalation Vulnerability Improper File Permissions in Intel(R) Data Center Manager SDK: Local Access Information Disclosure Vulnerability Privilege Escalation via Improper Folder Permissions in Intel(R) Data Center Manager SDK Insufficient Key Management in Intel(R) Data Center Manager SDK: Local Access Information Disclosure Vulnerability Improper File Permissions in Intel(R) Data Center Manager SDK: Potential Information Disclosure Vulnerability Denial of Service Vulnerability in Intel(R) Data Center Manager SDK Denial of Service Vulnerability in Intel Graphics Drivers Race Condition Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel Graphics Driver Out of Bound Read Vulnerability in Intel Graphics Driver Intel SGX Vulnerability: Insufficient Access Control in Protected Memory Subsystem Buffer Overflow Vulnerability in Intel System Firmware: Privilege Escalation and Denial of Service Risk Insufficient Key Protection Vulnerability in Intel Processors: Potential Denial of Service via Local Access Privilege Escalation Vulnerability in Intel(R) Matrix Storage Manager 8.9.0.1023 and Earlier Double Free Vulnerability in Intel SGX SDK for Linux and Windows Memory Protection Vulnerability in Intel(R) 6th Generation Core Processors and Above: Potential Privilege Escalation via Local Access Memory Protection Vulnerability in Intel(R) 6th Generation Core Processors and Above: Potential Privilege Escalation via Local Access Insufficient Access Control in Intel Xeon Processors' Silicon Reference Firmware: Potential Privilege Escalation and Denial of Service Vulnerability Privilege Escalation and Information Disclosure Vulnerability in Intel(R) OpenVINO(TM) Installer for Linux Privilege Escalation Vulnerability in Intel Chipset Device Software Installer Escalation of Privilege Vulnerability in Intel(R) USB 3.0 Creator Utility Reflected XSS Vulnerability in Intel(R) Accelerated Storage Manager Web Interface Insufficient Input Validation in Intel(R) AMT Subsystem: Potential Denial of Service and Information Disclosure Vulnerability Intel Unite(R) Client Data Corruption Vulnerability Elevated Privilege Execution Vulnerability in Intel(R) Dynamic Platform and Thermal Framework Privilege Escalation Vulnerability in Intel(R) Accelerated Storage Manager Installer Insufficient Access Control in Intel(R) PROSet/Wireless WiFi Software Driver: Potential Denial of Service via Adjacent Access Improper Directory Permissions in Intel(R) ACU Wizard 12.0.0.129 and Earlier: Local Privilege Escalation Vulnerability Firmware Vulnerability in Intel(R) Ethernet 700 Series Controllers: Insufficient Access Control Firmware Vulnerability: Buffer Overflow in Intel Ethernet 700 Series Controllers Privilege Escalation Vulnerability in Intel(R) Ethernet 700 Series Controllers Denial of Service Vulnerability in Intel(R) Ethernet 700 Series Controllers Denial of Service Vulnerability in Intel(R) Ethernet 700 Series Controllers Firmware Buffer Overflow Vulnerability in i40e Driver for Intel(R) Ethernet 700 Series Controllers i40e Driver Resource Leak Vulnerability Denial of Service Vulnerability in i40e Driver for Intel(R) Ethernet 700 Series Controllers i40e Driver Resource Leak Vulnerability Denial of Service Vulnerability in i40e Driver for Intel(R) Ethernet 700 Series Controllers Firmware Vulnerability: Insufficient Access Control in Intel(R) Ethernet 700 Series Controllers Intel(R) TXT Insufficient Memory Protection Vulnerability Vulnerability: Insufficient Memory Protection in SMM and Intel TXT for Intel Xeon Processors Buffer Overflow Vulnerability in Intel(R) CSME 12.0.0 through 12.0.34: Network-based Privilege Escalation Insufficient Access Control in Intel Processor Graphics Subsystem: Potential Denial of Service Vulnerability Insufficient Access Control Vulnerability in Intel Graphics Subsystem Denial of Service Vulnerability in Intel(R) SGX Driver for Linux Privilege Escalation Vulnerability in Intel(R) Graphics Performance Analyzer for Linux Version 18.4 and Earlier Memory Protection Vulnerability in Linux Administrative Tools for Intel(R) Network Adapters EDK II System Firmware Buffer Overflow Vulnerability XHCI Stack Overflow Vulnerability in EDK II: Local Denial of Service Potential Virtual Memory Mapping Vulnerability Title: Insufficient Input Validation in Intel(R) Broadwell U i5 vPro Firmware (MYBDWi5v.86A) Allows Local Privilege Escalation and Information Disclosure Privilege Escalation Vulnerability in Intel(R) Turbo Boost Max Technology 3.0 Driver Installer Denial of Service Vulnerability in Intel(R) CSME Subsystem Intel(R) AMT Subsystem Information Disclosure Vulnerability Insufficient Input Validation in Intel(R) CSME and Intel(R) TXE Subsystems: Potential Information Disclosure via Local Access Heap Overflow Vulnerability in Intel(R) CSME and Intel(R) TXE Buffer Overflow Vulnerability in Intel(R) DAL Subsystem Privilege Escalation Vulnerability in Intel(R) Quartus(R) Software Installer Remote Privilege Escalation Vulnerability in Intel Unite(R) Client for Android Authentication Bypass Vulnerability in Intel(R) Raid Web Console 2 Partial Physical Address Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Intel(R) TXT Vulnerability: Privileged User Information Disclosure via Local Access Protected Memory Subsystem Vulnerability in Intel Processors: Potential Information Disclosure via Local Access Cross-Site Scripting (XSS) Vulnerability in Apache Pluto Chat Room Demo Portlet 3.0.0 and 3.0.1 Unauthenticated Remote Code Execution (RCE) Vulnerability in JMeter Distributed Mode XML External Entity Injection (XXE) Vulnerability in Apache Camel's camel-xmljson Component Java Deserialization Remote Code Execution in Apache Ofbiz Denial of Service Vulnerability in mod_ssl with Apache HTTP Server 2.4.37 and OpenSSL 1.1.1 or later Apache Karaf Zip-slip Vulnerability Remote Code Execution via Unsafe Deserialization in Apache Solr's Config API Apache Solr DataImportHandler dataConfig Parameter Security Vulnerability Directory Traversal Vulnerability in Apache Camel's File Component Classpath Asset File URL Manipulation and Java Deserialization Attack via Tapestry Form Component Apache HTTP Server 2.4.17 to 2.4.38 - Memory Access Vulnerability in HTTP/2 Request Handling HTTP/2 Upgrade Request Misconfiguration Vulnerability Excessive SETTINGS Frames and Thread Exhaustion DoS Vulnerability in Apache Tomcat Apache Qpid Broker-J Denial of Service Vulnerability Unauthenticated Disclosure of Digest Authentication Hash in Apache ZooKeeper Apache Storm Logviewer Daemon File Disclosure Vulnerability Apache Subversion Protocol Command Vulnerability Root-level Code Execution Vulnerability in Apache Mesos Endless Loop Vulnerability in Apache Thrift Versions up to 0.12.0 Path Traversal Vulnerability in Tapestry Asset Processing Panic Vulnerability in Apache Thrift Go Server with TJSONProtocol or TSimpleJSONProtocol Privilege Escalation Vulnerability in Apache HTTP Server 2.4 Improper Authorization Handling in Apache HBase REST Server with Kerberos and SPNEGO Authentication Stored XSS Vulnerability in Apache Archiva Arbitrary File Write Vulnerability in Apache Archiva 2.0.0 - 2.2.3 Bypassing Access Control Restrictions in Apache HTTP Server 2.4 with mod_ssl Arbitrary JavaScript Execution via Airflow Metadata Database Manipulation Race Condition in mod_auth_digest Allows Authentication Bypass Reflected XSS Vulnerability in Pony Mail Interface: Exploiting Specially Crafted URLs Cross-Site Scripting (XSS) Vulnerability in InAppBrowser WebView on Android Multiple Consecutive Slashes Vulnerability in Apache HTTP Server XSS Vulnerability in Apache Tomcat's SSI printenv Command Apache ActiveMQ Unmarshalling Vulnerability Apache Qpid Proton TLS Vulnerability Cross-Site Scripting (XSS) Vulnerability in Apache JSPWiki 2.9.0 to 2.11.0.M2 Arbitrary File Access Vulnerability in Apache JSPWiki 2.9.0 to 2.11.0.M2 Apache Karaf Config Service Directory Traversal and File Overwrite Vulnerability Apache Axis 1.4 Server Side Request Forgery (SSRF) Vulnerability XML External Entity (XXE) Vulnerability in Apache PDFBox 2.0.14 Cross-Site Request Forgery Vulnerability in Airflow Webserver Apache Struts 2 Forced Double OGNL Evaluation Remote Code Execution Vulnerability Apache MINA SSL/TLS Connection Retention Vulnerability Remote Code Execution Vulnerability in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 Apache Struts 2.0.0 to 2.5.20 File Upload Denial of Service Vulnerability Apache Roller Math Comment Authenticator Reflected Cross-site Scripting (XSS) Vulnerability CSRF Vulnerability in Apache OFBiz 17.12.01 Cross-Site Scripting (XSS) Vulnerability in SAP Commerce (previously SAP Hybris Commerce) Denial of Service Vulnerability in SAP Business Objects Mobile for Android (before 6.3.5) Denial of Service Vulnerability in SAP Work and Inventory Manager (Agentry_SDK) Privilege Escalation Vulnerability in SAP BW/4HANA Cross-Site Scripting (XSS) Vulnerability in SAP CRM WebClient UI Cross-Site Scripting (XSS) Vulnerability in SAP CRM WebClient UI Unauthenticated Access to SAP Cloud Connector Functionalities Code Injection Vulnerability in SAP Cloud Connector (CVE-2021-12345) SAP Gateway Information Disclosure Vulnerability SAP Landscape Management (VCM 3.0) Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Fiori Launchpad Cross-Site Scripting (XSS) Vulnerability in SAP Disclosure Management (before version 10.1 Stack 1301) SAP NetWeaver AS ABAP Platform Privilege Escalation Vulnerability SAP Business One Mobile Android App Information Disclosure Vulnerability Privilege Escalation in SAP NetWeaver AS ABAP Platform Privilege Escalation Vulnerability in SAP Disclosure Management 10.01 Arbitrary File Upload Vulnerability in SAP BusinessObjects (Visual Difference) Authentication Bypass Vulnerability in SAP HANA Extended Application Services, Advanced Model (XS Advanced) SAP WebIntelligence BILaunchPad XSS Vulnerability SLD Registration Denial of Service Vulnerability SAP HANA XS Advanced Credential Leakage Vulnerability Lack of Anti-XSRF Tokens in SAP Manufacturing Integration and Intelligence Servlet XML External Entity (XXE) Injection Vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC Module) Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) Versions 4.10 and 4.20 Privilege Escalation Vulnerability in SAP NetWeaver and ABAP Platform XML External Entity (XEE) Vulnerability in ABAP Server and ABAP Platform Denial of Service Vulnerability in SAP Mobile Platform SDK Cross-Site Scripting (XSS) Vulnerability in SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS) Inadequate Authorization Check in SAP Banking Services: Privilege Escalation Vulnerability XML External Entity (XXE) Vulnerability in SAP HANA Extended Application Services Information Disclosure in SAP NetWeaver Process Integration Monitoring Servlet Privilege Escalation in SAP BASIS Function Modules Privilege Escalation in SAP Treasury and Risk Management Cross-Site Scripting (XSS) Vulnerability in SAPUI5 and OpenUI5 Unauthenticated Access to SAP NetWeaver Process Integration (Runtime Workbench) Exposes Internal Data Digital Signature Spoofing Vulnerability in SAP NetWeaver Process Integration (Adapter Engine) XML External Entity (XXE) Vulnerability in SAP HANA SLD Registration Sensitive Database Information Disclosure in SAP Crystal Reports for Visual Studio SAP BusinessObjects Business Intelligence Platform Information Disclosure Vulnerability Unauthorized Information Access in SAP BusinessObjects Business Intelligence Platform Unauthorized Information Access in Solution Manager 7.2 Privilege Escalation in RFC Destination Access Cross-Site Scripting (XSS) Vulnerability in SAP E-Commerce Application SAP Identity Management REST Interface Version 2 Privilege Escalation Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform FTP Function Code Injection Vulnerability in SAP NetWeaver AS ABAP Platform Clickjacking Vulnerability in SAP NetWeaver Process Integration JSPs SAP HANA Extended Application Services (advanced model) User Enumeration Vulnerability Unencrypted Storage of Credentials in Diagnostics Agent in Solution Manager 7.2 Code Injection Vulnerability in SAP E-Commerce Allows Price Manipulation and Unauthorized Checkout Cross-Site Scripting (XSS) Vulnerability in Automotive Dealer Portal of SAP R/3 Enterprise Application Unprotected SAP NetWeaver Process Integration Web Pages Vulnerability Denial of Service Vulnerability in SAP Work Manager and SAP Inventory Manager FTP Password Disclosure Vulnerability in SAP NetWeaver Process Integration Reflected Cross Site Scripting Vulnerability in SAP NetWeaver Process Integration Information Disclosure Vulnerability in SAP NetWeaver Application Server for Java (Startup Framework) SAP Gateway Content Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in ABAP Server and ABAP Platform (SAP Basis) Versions 7.31, 7.4, 7.5 Denial of Service Vulnerability in SAP Commerce Cloud Unauthorized Access to Payroll Data in SAP ERP HCM (SAP_HRCES) Version 3 Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) File Upload Vulnerability in SAP NetWeaver for Java Application Server Privilege Escalation in ABAP Tests Modules of SAP NetWeaver Process Integration Cross-Site Scripting (XSS) Vulnerability in SAP Information Steward 4.2 Code Injection Vulnerability in SAP Diagnostic Agent (LM-Service) 7.2 Information Disclosure Vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform (Info View) Information Disclosure Vulnerability in SAP BusinessObjects Business Intelligence Platform Stored Cross Site Scripting and Privilege Escalation via Session Hijacking in SAP BusinessObjects Business Intelligence Platform Stored Cross Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform (Central Management Console) Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Process Integration Java Proxy Runtime Improper HTTP Header Configuration in SAP Gateway Allows Information Disclosure Missing XML Validation Vulnerability in SAP Enable Now (pre-1902 version) Allows Local XXE File Read Session Cookie Vulnerability in SAP Enable Now (Version 1902) Allows Unauthorized Access Code Injection Vulnerability in SAP Commerce Cloud (Mediaconversion Extension) Unsafe Deserialization Vulnerability in SAP Commerce Cloud (VirtualJDBC Extension) Allows Arbitrary Code Execution Server-Side Request Forgery in SAP NetWeaver Application Server for Java (Administrator System Overview) Unencrypted Communication Vulnerability in SAP Business Objects BI Platform 4.2 Leads to Information Disclosure Unencrypted Connection Vulnerability in SAP BusinessObjects Business Intelligence Platform Missing Authorization Check in SAP Kernel (ABAP Debugger) SAP HANA Database Denial of Service Vulnerability Remote Code Execution Vulnerability in SAP NetWeaver UDDI Server (Services Registry) Caching Vulnerability in SAP Business Objects Business Intelligence Platform SAP Business One Client Information Disclosure Vulnerability Code Injection Vulnerability in SAP NetWeaver Application Server Java Web Container and SAP-JEECOR SAP NetWeaver Process Integration Runtime Workbench Information Disclosure Vulnerability SAP HANA Database Privilege Escalation Vulnerability SAP Supplier Relationship Management (SRM) Master Data Management Catalog XSS Vulnerability SAP HANA Extended Application Services (Advanced model) HTTP/REST Endpoint Misuse Vulnerability SAP HANA Extended Application Services (Advanced model) Open Port Enumeration Vulnerability Denial of Service (DoS) vulnerability in SAP Kernel and SAP GUI Missing Authorization Check in SAP NetWeaver Process Integration (B2B Toolkit) Allows Unauthorized Import of B2B Table Content Cross-Site Scripting Vulnerability in SAP Customer Relationship Management (Email Management) Reflected Cross-Site Scripting Vulnerability in SAP Financial Consolidation XPath Injection Vulnerability in SAP Financial Consolidation (Versions 10.0 and 10.1) Reflected Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) Chart Title Reflected Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) Missing Authentication Check in SAP Process Integration B2B Add-On with BouncyCastle Security Provider Information Disclosure in SAP Landscape Management Enterprise Edition Inadvertent File Access Vulnerability in SAP SQL Anywhere, SAP IQ, and SAP Dynamic Tier Cross-Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication Pages) Privilege Escalation Vulnerability in SAP Treasury and Risk Management Insufficient Authorization Checks in SAP Treasury and Risk Management Cross-Site Scripting (XSS) Vulnerability in SAP Enable Now (pre-1908 versions) Privilege Escalation in SAP ERP Sales and S4HANA Sales Insufficient URL Validation in SAP UI5 HTTP Handler Privilege Escalation Vulnerability in SAP NetWeaver Application Server Java SAP Data Hub Vulnerability: Unauthorized Access to Connection Manager Information SAP NetWeaver AS Java Information Disclosure Vulnerability SQL Injection Vulnerability in SAP Quality Management Allows Unauthorized Access to Historical Inspection Results Stored Cross Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad) XML Injection Vulnerability in SAP BusinessObjects Business Intelligence Platform Insufficient CSRF Protection in SAP BusinessObjects Business Intelligence Platform (Monitoring Application) Allows Cross Site Request Forgery Unintended Information Disclosure in SAP Portfolio and Project Management SAP Adaptive Server Enterprise Information Disclosure Vulnerability CSV Command Injection Vulnerability in SAP Enable Now (before version 1911) SAP Enable Now Server Error Message Information Disclosure Vulnerability SAP Enable Now User Enumeration and Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Arbitrary File Content Disclosure in Microsoft Visual Studio via Malicious .vscontent File Windows Jet Database Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge URL Validation Bypass Vulnerability in Microsoft Office MSHTML Engine Remote Code Execution Vulnerability Xterm.js Remote Code Execution Vulnerability Windows Authentication Handling Elevation of Privilege Vulnerability .NET Framework and .NET Core Information Disclosure Vulnerability: Bypassing CORS Configurations Visual Studio C++ Compiler Remote Code Execution Vulnerability Windows DHCP Client Remote Code Execution Vulnerability ASP.NET Core Denial of Service Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows COM Desktop Broker Elevation of Privilege Vulnerability Windows Subsystem for Linux Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Escape from AppContainer Sandbox: Microsoft XmlDocument Elevation of Privilege Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Outlook Information Disclosure Vulnerability Memory Disclosure Vulnerability in Microsoft Office: Exposing Sensitive Information Improper Usage of Microsoft Word Macro Buttons Leads to Information Disclosure Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability ASP.NET Core Denial of Service Vulnerability in ASP.NET Core 2.1 Edge Memory Corruption Vulnerability: Remote Code Execution Exploit Edge Browser Broker COM Object Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Windows Kernel Information Disclosure Vulnerability Windows Runtime Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Word Software Microsoft Exchange Remote Code Execution Vulnerability Calendar Contributors Privilege Escalation in Microsoft Exchange Server Microsoft Edge Scripting Engine Memory Corruption Vulnerability Microsoft Edge Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Microsoft Edge Scripting Engine Memory Corruption Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-XXXX) Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability HID Information Disclosure Vulnerability HID Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Internet Explorer Remote Code Execution Vulnerability Microsoft Edge Scripting Engine Memory Corruption Vulnerability Microsoft Browser HTTP Content Parsing Spoofing Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Microsoft Edge Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Flash Object Click2Play Bypass Vulnerability in Microsoft Edge .NET Framework and Visual Studio Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Jet Database Engine Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Kernel Object Memory Handling Vulnerability Skype for Android Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Skype for Business 2015 Spoofing Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Server DHCP Service Memory Corruption Vulnerability Windows Security Feature Bypass Vulnerability Kernel Information Disclosure Vulnerability in Win32k Component Windows SMBv2 Remote Code Execution Vulnerability Windows Security Feature Bypass Vulnerability Windows Security Feature Bypass Vulnerability Windows SMBv2 Remote Code Execution Vulnerability Microsoft Edge Remote Code Execution Vulnerability Windows Hyper-V Information Disclosure Vulnerability Windows File Information Disclosure Vulnerability Cellular Network Profile Bypass Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Whitelist Bypass Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Cross-Origin Information Disclosure Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Microsoft Edge Remote Code Execution Vulnerability Team Foundation Server Cross-site Scripting Vulnerability Team Foundation Server Secret Variable Information Disclosure Vulnerability Chakra Memory Disclosure Vulnerability Microsoft Chakra JIT Server Vulnerability: Scripting Engine Elevation of Privilege Microsoft Edge Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Microsoft Browser Spoofing Vulnerability: Exploiting Improper Redirect Handling Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Memory Object Handling Vulnerability in Windows Kernel .NET Framework and Visual Studio URL Parsing Vulnerability Scripting Engine Memory Object Handling Vulnerability Windows Storage Service Elevation of Privilege Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Kernel Object Memory Handling Vulnerability GDI+ Remote Code Execution Vulnerability Windows Kernel Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Windows VBScript Engine Remote Code Execution Vulnerability Windows VBScript Engine Remote Code Execution Vulnerability Windows VBScript Engine Remote Code Execution Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Memory Disclosure Vulnerability in Microsoft Excel HTTP Content Parsing Spoofing Vulnerability in Microsoft SharePoint Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Internet Explorer Memory Handling Vulnerability Cross-Domain Policy Enforcement Bypass in Microsoft Edge Internet Explorer Scripting Engine Memory Corruption Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Active Directory Forest Trust Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Fragmented IP Packet Information Disclosure Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Memory Object Handling Vulnerability in Windows Kernel Windows DHCP Client Memory Corruption Vulnerability Windows DHCP Client Memory Corruption Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Windows Kernel Information Disclosure Vulnerability Windows SMB Server Information Disclosure Vulnerability Windows SMB Server Information Disclosure Vulnerability Windows NDIS Elevation of Privilege Vulnerability Remote Desktop Services Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Windows Hyper-V Network Switch Privilege Escalation Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Windows Hyper-V Network Switch Privilege Escalation Vulnerability Windows Hyper-V Denial of Service Vulnerability Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Hyper-V Network Switch Remote Code Execution Vulnerability Hyper-V Remote Code Execution Vulnerability Hyper-V Network Switch Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Network Switch Privilege Escalation Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Windows Server DHCP Service Memory Corruption Vulnerability Windows DHCP Client Memory Corruption Vulnerability File Deletion Elevation of Privilege Vulnerability in Diagnostic Hub and Visual Studio Standard Collectors Project-based Remote Code Execution Vulnerability in Visual Studio Code Azure IoT Java SDK Symmetric Key Generation Vulnerability Windows LUAFV Driver Elevation of Privilege Vulnerability Windows LUAFV Driver Elevation of Privilege Vulnerability Windows Security Feature Bypass Vulnerability in LUAFV Driver Windows Defender Application Control Security Feature Bypass Vulnerability Kerberos Authentication Request Replacement Vulnerability Windows CSRSS Elevation of Privilege Vulnerability Windows DHCP Client Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Azure IoT Java SDK Information Leakage Vulnerability Team Foundation Server Cross-site Scripting Vulnerability Team Foundation Server Cross-site Scripting Vulnerability Memory Object Handling Vulnerability in Microsoft Edge Access Connectivity Engine Remote Code Execution Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Windows Kernel Information Disclosure Vulnerability MSXML Remote Code Execution Vulnerability NuGet Package Manager Tampering Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Print Spooler Memory Object Handling Vulnerability Internet Explorer Security Zone Validation Bypass Vulnerability Cross-Origin Security Bypass Vulnerability in Microsoft Browsers Internet Explorer Remote Code Execution Vulnerability Unvalidated Input Tampering Vulnerability in Microsoft Browsers Memory Object Handling Vulnerability in comctl32.dll: Remote Code Execution Windows AppX Deployment Server Elevation of Privilege Vulnerability: Arbitrary File Creation Windows Kernel Information Disclosure Vulnerability Internet Explorer VBScript Execution Policy Bypass Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Windows VBScript Engine Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Windows GDI Memory Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Kernel Information Disclosure Vulnerability in Win32k Component Team Foundation Server Cross-site Scripting Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Edge Remote Code Execution Vulnerability Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Windows Kernel Memory Address Initialization Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability ADO Memory Handling Remote Code Execution Vulnerability Windows Server DHCP Service Memory Corruption Vulnerability SMB Server Elevation of Privilege Vulnerability Windows Remote Desktop Client Remote Code Execution Vulnerability Windows Remote Desktop Client Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability OLE Automation Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability Windows LUAFV Driver Elevation of Privilege Vulnerability Win32k Object Handling Elevation of Privilege Vulnerability Skype for Business and Lync Spoofing Vulnerability Office URL File Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Azure Linux Agent Swap File Information Disclosure Vulnerability Windows LUAFV Driver Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Win32k Object Handling Elevation of Privilege Vulnerability Visual Studio C++ Redistributable Installer DLL Loading Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Windows DNS Server Denial of Service Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Impersonation Vulnerability in Windows Admin Center Win32k Kernel Information Disclosure Vulnerability ASP.NET Core Denial of Service Vulnerability Azure SSH Keypairs Security Feature Bypass Vulnerability Microsoft Exchange Server Spoofing Vulnerability Metadata Permissions Enforcement Vulnerability in Microsoft SQL Server Analysis Services .NET Framework and .NET Core RegEx Denial of Service Vulnerability Windows SMB Server Information Disclosure Vulnerability Memory Object Handling Vulnerability in Microsoft Graphics Components Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Chakra Scripting Engine Remote Code Execution Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Memory Object Handling Vulnerability in Microsoft Edge Memory Object Handling Vulnerability in Microsoft Scripting Engine Windows LUAFV Driver Elevation of Privilege Vulnerability Memory Object Handling Vulnerability in DirectX Windows Task Scheduler Credential Disclosure Vulnerability Terminal Services Memory Disclosure Vulnerability Windows Kernel Object Memory Handling Vulnerability Windows AppX Deployment Service Hard Link Elevation of Privilege Vulnerability VBScript Engine Remote Code Execution Vulnerability Windows Kernel Object Memory Handling Vulnerability ASP Webpage Content Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Win32k Kernel Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Jet Database Engine Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Windows Memory Object Handling Remote Code Execution Vulnerability Azure DevOps Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Windows Error Reporting File Handling Elevation of Privilege Vulnerability Heap Memory Object Handling Vulnerability in .NET Framework SymCrypt Denial of Service Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server HTML Injection Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server Cross-site Scripting Vulnerability Azure DevOps Server Elevation of Privilege Vulnerability Memory Object Handling Vulnerability in Open Enclave SDK Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Splwow64.exe Local Elevation of Privilege Vulnerability Windows Kernel Key Enumeration Elevation of Privilege Vulnerability Windows GDI Memory Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Windows OLE Remote Code Execution Vulnerability Windows Hyper-V Information Disclosure Vulnerability Clipboard Redirection Remote Code Execution Vulnerability ADO Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers URL Spoofing Vulnerability in Internet Explorer Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Microsoft Edge Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Windows Hyper-V Denial of Service Vulnerability Internet Explorer Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Internet Explorer Windows Storage Service Elevation of Privilege Vulnerability Skype for Android: Information Disclosure Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Windows Symbolic Link Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Escape from AppContainer Sandbox: Microsoft Edge Elevation of Privilege Vulnerability Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Request Filtering Denial of Service Vulnerability in Microsoft IIS Server Windows 10 Unified Write Filter Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Windows Event Viewer XML External Entity (XXE) Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Unsafe ASP.Net web controls in Microsoft SharePoint Server can lead to remote code execution Memory Object Handling Vulnerability in Microsoft Word Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Windows GDI Memory Disclosure Vulnerability Azure Automation RunAs Account Privilege Escalation Vulnerability Microsoft Office SharePoint XSS Vulnerability Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows GDI Memory Disclosure Vulnerability Azure DevOps Server and Team Foundation Server Authentication Request Information Disclosure Vulnerability LSASS Denial of Service Vulnerability Windows Installer Elevation of Privilege Vulnerability Jet Database Engine Remote Code Execution Vulnerability ADFS Security Feature Bypass Vulnerability NuGet Package Manager Tampering Vulnerability Windows GDI Memory Disclosure Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability .NET Framework and .NET Core Web Request Denial of Service Vulnerability .NET Framework and .NET Core Web Request Denial of Service Vulnerability ASP.NET Core Denial of Service Vulnerability Windows Storage Service Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Speech API Remote Code Execution Vulnerability Symlink Exploitation in Windows User Profile Service: Elevation of Privilege Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer Chakra Scripting Engine Remote Code Execution Vulnerability Scripting Engine Information Disclosure Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Mark of the Web Bypass Vulnerability in urlmon.dll Azure DevOps Server Cross-Site Request Forgery (CSRF) Vulnerability Windows Storage Service Elevation of Privilege Vulnerability DirectX Memory Object Handling Vulnerability Microsoft Azure AD Connect Elevation of Privilege Vulnerability Storing Passwords in a Recoverable Format Vulnerability in TeamPass Incorrect Access Control in Gitea's Delete/Edit File Functionality Cross Site Request Forgery (CSRF) Vulnerability in MapSVG Lite version 3.2.3 Cross-Site Scripting (XSS) Vulnerability in Yugandhargangu JspMyAdmin2 v1.0.6 and Earlier Arbitrary Code Execution and File Write Vulnerability in mPDF getImage() Method Buffer Overflow Vulnerability in RIOT-OS sock_dns Implementation Allows Remote Code Execution Improper Handling of Structural Elements in aioxmpp Version 0.10.2 and Earlier Path Traversal Vulnerability in Helm Fetch and Helm Lint Commands Path Traversal vulnerability in Helm ChartMuseum (>=0.1.0 and < 0.8.1) allows unauthorized file uploads Cross Site Scripting (XSS) Vulnerability in phpIPAM subnet-scan-telnet.php Incorrect Access Control in GraphQL Delete Mutations in API Platform 2.2.0 to 2.3.5 Vulnerability in Hex Package Manager Allows Undetected Package Modifications and Code Execution Vulnerability in Hex Package Manager Allows Undetected Package Modifications and Code Execution Package Registry Verification Bypass in Erlang/OTP Rebar3 (CVE-2021-12345) Cross Site Scripting (XSS) Vulnerability in Chamilo-lms Version 1.11.8 and Earlier CWE-129: Improper Validation of Array Index in FFMPEG version 4.1 Chamilo-lms Ticket Component Incorrect Access Control Vulnerability Command Injection Vulnerability in rssh Version 2.3.4 with allowscp Permission Out-of-bounds Read Vulnerability in libarchive's 7zip Decompression Infinite Loop DoS Vulnerability in libarchive ISO9660 Parser Access Control Vulnerability in XEP-0223 Plugin: Unauthorized Access to Private Data via PubSub Cross Site Request Forgery (CSRF) vulnerability in Taoensso Sente WebSocket Handshake Endpoint SQL Injection Vulnerability in OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) v3.6-2 and Earlier Versions Cross Site Scripting (XSS) Vulnerability in OPT/NET BV NG-NetMS v3.6-2 and Earlier Versions Disk Space Quota Exhaustion Vulnerability in article2pdf Wordpress Plugin Session Hijacking and Privilege Escalation in Zoho ManageEngine ServiceDesk 9.3 Arbitrary File Loading Vulnerability in Titan FTP Server 2019 Build 3505 Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers PHP League CommonMark Library XSS Vulnerability Arbitrary Account Creation with Weak Password Vulnerability in Jenzabar JICS Arbitrary Code Execution via ZIP Archive Upload in Jenzabar JICS Buffer Overflow in axTLS 2.1.5 Allows Remote Denial of Service Arbitrary Password Reset Vulnerability in DedeCMS 5.7SP2 Remote Code Execution in baigoStudio baigoSSO v3.0.1 via Configuration Screen Cross-Site Scripting (XSS) Vulnerability in GForge Advanced Server 6.4.4 via commonsearch.php words parameter XSS Vulnerability in CMS Made Simple 2.2.10 via moduleinterface.php Name Field Xpdf 4.01.01 FPE Vulnerability in PostScriptFunction::exec Function FPE Vulnerability in Xpdf 4.01.01: PSOutputDev::checkPageSlice Function Chakra Scripting Engine Remote Code Execution Vulnerability FPE Vulnerability in Xpdf 4.01.01: Splash::scaleImageYuXu Function Floating Point Exception in Xpdf's ImageStream::ImageStream Function Kubernetes API Server Denial of Service Vulnerability Arbitrary Code Execution via Malicious Tar Binary in kubectl cp Command NULL Pointer Dereference in Xpdf's Gfx::opSetExtGState Function Xpdf 4.01.01 FPE Vulnerability in PostScriptFunction::exec Function FPE Vulnerability in Xpdf 4.01.01: Splash::scaleImageYuXu Function FPE Vulnerability in Xpdf 4.01.01: ImageStream::ImageStream Function in Stream.cc Xpdf 4.01.01 FPE Vulnerability in PostScriptFunction::exec XSS Vulnerability in PHPCMS 9.6.x through 9.6.3 via Mailbox Field Dial Reference Source Code Denial of Service (DOS) Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Sandbox Bypass Vulnerability in Script Security Plugin Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Pipeline: Groovy Plugin Arbitrary Code Execution Vulnerability in Pipeline: Declarative Plugin Persistent Access Vulnerability in Jenkins 2.158 and Earlier Session Hijacking Vulnerability in Jenkins Jenkins Script Security Plugin Sandbox Bypass Vulnerability Jenkins Groovy Plugin Sandbox Bypass Vulnerability Arbitrary Code Execution Vulnerability in Jenkins Warnings Plugin 5.0.0 and Earlier Arbitrary Code Execution Vulnerability in Jenkins Warnings Next Generation Plugin Impersonation Vulnerability in Jenkins Active Directory Plugin Cross-Site Request Forgery Vulnerability in Jenkins Git Plugin 3.9.1 and Earlier Jenkins Token Macro Plugin Recursive Input Vulnerability Cross-Site Request Forgery Bypass Vulnerability in Jenkins Blue Ocean Plugins Cross-Site Scripting Vulnerability in Jenkins Blue Ocean Plugins 1.10.1 and Earlier Cross-Site Scripting Vulnerability in Jenkins Config File Provider Plugin 3.4.1 and Earlier XML External Entity (XXE) Processing Vulnerability in Jenkins Job Import Plugin 2.1 and Earlier Jenkins Job Import Plugin Vulnerability: Unauthorized Access to Sensitive Information Jenkins Job Import Plugin 3.0 and Earlier: Data Modification Vulnerability Jenkins GitHub Authentication Plugin 0.29 and earlier: Sensitive Information Exposure Vulnerability Session Fixation Vulnerability in Jenkins GitHub Authentication Plugin Server-Side Request Forgery Vulnerability in Jenkins Kanboard Plugin 1.5.10 and Earlier Jenkins OpenId Connect Authentication Plugin 1.4 and earlier: Sensitive Information Exposure Vulnerability Jenkins Monitoring Plugin 1.74.0 and Earlier: Denial of Service Vulnerability Allows Thread Killing Arbitrary HTML Rendering Vulnerability in Jenkins Warnings Next Generation Plugin Jenkins Script Security Plugin Sandbox Bypass Vulnerability Jenkins Cloud Foundry Plugin: Sensitive Information Exposure Vulnerability Server-side request forgery vulnerability in Jenkins Mattermost Notification Plugin 2.6.2 and earlier allows unauthorized message sending Server-Side Request Forgery Vulnerability in Jenkins OctopusDeploy Plugin 1.8.1 and Earlier Server-side request forgery vulnerability in Jenkins JMS Messaging Plugin 1.1.1 and earlier allows unauthorized JMS endpoint connection Jenkins Script Security Plugin Sandbox Bypass Vulnerability Jenkins Pipeline: Groovy Plugin Sandbox Bypass Vulnerability Sandbox Bypass Vulnerability in Jenkins Matrix Project Plugin 1.13 and Earlier Sandbox Bypass Vulnerability in Jenkins Email Extension Plugin Sandbox Bypass Vulnerability in Jenkins Groovy Plugin 2.1 and Earlier Sandbox Bypass Vulnerability in Jenkins Job DSL Plugin Information Exposure Vulnerability in Jenkins Azure VM Agents Plugin Jenkins Azure VM Agents Plugin 0.8.0 and earlier: Data Modification Vulnerability Information Exposure Vulnerability in Jenkins Azure VM Agents Plugin Insufficiently Protected Credentials Vulnerability in Jenkins Repository Connector Plugin Insufficient Credential Protection in JenkinsAppDynamics Dashboard Plugin Arbitrary Constructor Invocation Vulnerability in Jenkins Script Security Plugin Sandbox Bypass Vulnerability in Jenkins Pipeline: Groovy Plugin Allows Invocation of Arbitrary Constructors Arbitrary JavaScript Injection Vulnerability in Jenkins Lockable Resources Plugin Jenkins Slack Notification Plugin 2.19 and Earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs Cross-Site Request Forgery Vulnerability in Jenkins Slack Notification Plugin Jenkins ECS Publisher Plugin 1.0.0 API Token Disclosure Vulnerability Cross-Site Request Forgery Vulnerability in Jenkins Fortify on Demand Uploader Plugin Unauthenticated Remote Server Connection Vulnerability in Jenkins Fortify on Demand Uploader Plugin Local File System Access Vulnerability in Jenkins PRQA Plugin 3.1.0 and Earlier Vulnerability: Persistent CLI Authentication in Jenkins Versions 2.171 and Earlier Cross-Site Scripting (XSS) Vulnerability in Jenkins UI's f:validateButton Form Control Unencrypted Storage of Credentials in Jenkins IRC Plugin's Global Configuration File Unencrypted Storage of Credentials in Jenkins AWS Elastic Beanstalk Publisher Plugin Unencrypted Storage of Credentials in Jenkins HockeyApp Plugin Unencrypted Storage of Credentials in Jenkins Jira Issue Updater Plugin Unencrypted Storage of Credentials in Jenkins FTP Publisher Plugin Unencrypted Storage of Credentials in Jenkins WebSphere Deployer Plugin Unencrypted Storage of Credentials in Jenkins Bitbucket Approve Plugin Cross-Site Request Forgery Vulnerability in Jenkins FTP Publisher Plugin Allows Unauthorized Server Connections Jenkins FTP Publisher Plugin Vulnerability: Unauthorized Server Connection Unencrypted Storage of Credentials in Jenkins Official OWASP ZAP Plugin Unencrypted Storage of Credentials in Jenkins CloudFormation Plugin Unencrypted Storage of Credentials in Jenkins AWS CloudWatch Logs Publisher Plugin Unencrypted Storage of Credentials in Jenkins Amazon SNS Build Notifier Plugin Unencrypted Storage of Credentials in Jenkins aws-device-farm Plugin Unencrypted Storage of Credentials in Jenkins CloudShare Docker-Machine Plugin Unencrypted Storage of Credentials in Jenkins Bugzilla Plugin Unencrypted Storage of Credentials in Jenkins Trac Publisher Plugin Unencrypted Storage of Credentials in Jenkins VMware vRealize Automation Plugin Unencrypted Storage of Credentials in Jenkins Aqua Security Scanner Plugin Unencrypted Storage of Credentials in Jenkins veracode-scanner Plugin Unencrypted Storage of Credentials in Jenkins OctopusDeploy Plugin Unencrypted Storage of Credentials in Jenkins WildFly Deployer Plugin Unencrypted Storage of Credentials in Jenkins VS Team Services Continuous Deployment Plugin Unencrypted Storage of Credentials in Jenkins Hyper.sh Commons Plugin Unencrypted Storage of Credentials in Jenkins Audit to Database Plugin Cross-Site Request Forgery Vulnerability in Jenkins Audit to Database Plugin Jenkins Audit to Database Plugin: Missing Permission Check in DbAuditPublisherDescriptorImpl#doTestJdbcConnection Form Validation Method Cross-Site Request Forgery Vulnerability in Jenkins VMware Lab Manager Slaves Plugin Unauthenticated Connection Initiation Vulnerability in Jenkins VMware Lab Manager Slaves Plugin Cross-Site Request Forgery Vulnerability in Jenkins OpenShift Deployer Plugin Unauthenticated Server Connection Vulnerability in Jenkins OpenShift Deployer Plugin Cross-Site Request Forgery Vulnerability in Jenkins Gearman Plugin Allows Unauthorized Server Connections Jenkins Gearman Plugin: Missing Permission Check in Connection Validation Allows Unauthorized Server Connections Cross-Site Request Forgery Vulnerability in Jenkins Zephyr Enterprise Test Management Plugin Unauthenticated Connection Initiation Vulnerability in Jenkins Zephyr Enterprise Test Management Plugin Cross-Site Request Forgery Vulnerability in Jenkins Chef Sinatra Plugin Jenkins Chef Sinatra Plugin Vulnerability: Unauthorized Connection Initiation Unencrypted Storage of Credentials in Jenkins Fabric Beta Publisher Plugin Unencrypted Storage of Credentials in Jenkins Upload to pgyer Plugin Cross-Site Request Forgery Vulnerability in Jenkins SOASTA CloudTest Plugin Unauthenticated Server Connection Vulnerability in Jenkins SOASTA CloudTest Plugin Cross-Site Request Forgery Vulnerability in Jenkins Nomad Plugin Allows Unauthorized Server Connections Jenkins Nomad Plugin Vulnerability: Unauthorized Connection Initiation Unencrypted Storage of Credentials in Jenkins Open STF Plugin Unencrypted Storage of Credentials in Jenkins Perfecto Mobile Plugin Unencrypted Storage of Credentials in Jenkins TestFairy Plugin Unencrypted Storage of Credentials in Jenkins Crowd Integration Plugin Cross-Site Request Forgery Vulnerability in Jenkins OpenID Plugin OpenId Plugin in Jenkins: Missing Permission Check Allows Unauthorized Server Connection Arbitrary Program Execution Vulnerability in Evernote 7.9 on macOS Unauthenticated Account Manipulation in D-Link DIR-816 A2 1.11 Router Scripting Engine Memory Corruption Vulnerability in Internet Explorer Unauthenticated Command Execution in D-Link DIR-816 A2 1.11 Router Unauthenticated System Account Modification in D-Link DIR-816 A2 1.11 Router Unauthenticated Router Reset Vulnerability in D-Link DIR-816 A2 1.11 IDN Homograph Attack Vulnerability in Telegram Applications Session Cookie Disclosure Vulnerability in Pydio through 8.2.2 Information Disclosure Vulnerability in Pydio 8.2.2 Allows Unauthenticated Attackers to Obtain Configuration Details Stored XSS Vulnerability in Pydio Web Application through 8.2.2 via File Upload and Preview Features Arbitrary Command Execution Vulnerability in Pydio ImageMagick Plugin Cross-Site Scripting (XSS) Vulnerability in Pydio 8.2.2 Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Buffer Over-read Vulnerability in Suricata 4.1.x Suricata 4.1.3 Vulnerability: Crash due to Unsafe Some(sfcm) => { ft.new_chunk } in filetracker_newchunk Panic Vulnerability in Suricata 4.1.3 DHCP Parser Heap-based Buffer Over-read in Suricata 4.1.x before 4.1.4 Invalid Memory Access in Suricata 4.1.3: process_reply_record_v3 Vulnerability FTP PASV Response Length Check Bypass Vulnerability in Suricata 4.1.3 Vulnerability: Double Execution of DecodeEthernet in Suricata 4.1.3 CSRF Vulnerability in Lexmark Products Lexmark Products Vulnerable to Incorrect Access Control Default Enabled Legacy Finger Service on Older Lexmark Devices WCF/WIF SAML Token Authentication Bypass Vulnerability Buffer Overflow Vulnerability in Verix Multi-app Conductor Application 2.7 for Verifone Verix Command Injection vulnerability in utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 XSS Vulnerability in Aurelia Framework's HTMLSanitizer Class Sandbox Bypass Vulnerability in Flatpak Insecure Random Number Generation in hostapd EAP Mode (CVE-2016-10743) Information Disclosure Vulnerability in Open Ticket Request System (OTRS) 7.0 through 7.0.6 JavaScript Execution Vulnerability in OTRS and OTRSAppointmentCalendar JavaScript Execution Vulnerability in Open Ticket Request System (OTRS) Unauthenticated Remote Code Execution in Kentico CMS Remote Code Execution Vulnerability in Godot through 3.1: Incorrect Deserialization Policy Windows Audio Service Elevation of Privilege Vulnerability Stored Cross-Site Scripting Vulnerability in Apache Atlas Search Functionality Timing Side Channel Vulnerability in HMAC Signature Comparison Incomplete Fix for CVE-2019-0199: HTTP/2 Connection Window Exhaustion Vulnerability in Apache Tomcat Stored XSS Vulnerability in Apache OFBiz Ecommerce Template Remote Code Execution (RCE) Vulnerability in Apache OFBiz Form Widget Textarea Field XSS Vulnerability in Apache JSPWiki 2.9.0 to 2.11.0.M3 Allows for Session Hijacking InterWiki Link XSS Vulnerability in Apache JSPWiki 2.9.0 to 2.11.0.M3 Multiple Plugins in Apache JSPWiki 2.9.0 to 2.11.0.M3 Vulnerable to XSS Exploitation and Session Hijacking Apache Traffic Server HTTP/2 Setting Flood Vulnerability Security Feature Bypass Vulnerability in Microsoft Dynamics On-Premise XML External Entity (XXE) Vulnerability in NiFi XMLFileLookupService HTTP/2 Early Push Memory Overwrite Vulnerability Apache HTTP Server 2.4.18-2.4.39: Memory Read After Free Vulnerability in HTTP/2 Session Handling Information Disclosure Vulnerability in NiFi API Apache Impala Session and Query Hijacking Vulnerability Stored XSS Vulnerability in Apache Allura Prior to 1.11.0 Vulnerability: Unprotected Classloader Access in Apache Commons Beanutils 1.9.2 Apache JSPWiki Plugin Link XSS Vulnerability Apache Tika RecursiveParserWrapper OOM Vulnerability Apache JSPWiki WYSIWYG Editor XSS Vulnerability Windows GDI Memory Disclosure Vulnerability Apache JSPWiki Plain Editor XSS Vulnerability Apache Geode SSL Handshake Vulnerability Limited Cross-Site Scripting Vulnerability in Apache HTTP Server 2.4.0-2.4.39 Apache Tika 1.19 to 1.21 Vulnerability: Denial of Service via Crafted 2003ml or 2006ml File StackOverflowError Vulnerability in Apache Tika's RecursiveParserWrapper (Versions 1.7-1.21) Apache Zeppelin Bash Command Injection Vulnerability Stack Buffer Overflow and NULL Pointer Dereference in Apache HTTP Server 2.4.32-2.4.39 with mod_remoteip and PROXY Protocol Apache HTTP Server mod_rewrite Redirect Vulnerability Unencrypted Data Leakage Vulnerability in Spark 2.3.3 and Earlier Versions Windows GDI Memory Disclosure Vulnerability Server Side Template Injection in JetBrains YouTrack Confluence Plugin Cross Site Scripting (XSS) vulnerability in Leanote prior to version 2.6 SoX - Sound eXchange 14.4.2 and earlier Vulnerability: Out-of-bounds Read in read_samples function at xa.c:219 XSS to Code Execution Vulnerability in HexoEditor v1.1.8-beta Buffer Overflow Vulnerability in Evince 3.26.0: DOS / Possible Code Execution Cross Site Scripting (XSS) Vulnerability in Emoncms 9.8.8 Insecure Permissions in DGLogik Inc DGLux Server All Versions: Remote Execution and Credential Leaks via IoT API Cross Site Scripting (XSS) vulnerability in Dolibarr 6.0.4 allows for Cookie Stealing via specially crafted link in htdocs/product/stats/card.php XML Injection Vulnerability in libnmap < v0.6.3: Denial of Service (DoS) via Specially Crafted XML Payload Cross Site Scripting (XSS) Vulnerability in Zammad GmbH Zammad 2.3.0 and Earlier Mitigation Bypass: Stack Guard Protection Bypass in GNU Libc's nptl Component Vulnerability: Privilege Escalation via Re-mapping Loaded Library Mitigation Bypass: ASLR Bypass Using Cache of Thread Stack and Heap in GNU Libc ASLR Bypass Vulnerability in GNU Libc Cross Site Scripting (XSS) vulnerability in School College Portal with ERP Script 2.6.1 and earlier: Attack on administrators, teachers, and students via /pro-school/index.php?student/message/send_reply/ SQL Injection in Deepwoods Software WebLibrarian 3.5.2 and earlier: Exposing the Entire Database Buffer Overflow Vulnerability in OpenModelica OMCompiler Buffer Overflow in uLaunchELF Loader Program (loader.c) Allows for Possible Code Execution and Denial of Service Buffer Overflow Vulnerability in Quake3e < 5ed740d Buffer Overflow in borg-reducer c6d5240: Potential for Code Execution and Denial of Service Dolibarr 7.0.0 Vulnerability: Cross Site Request Forgery (CSRF) Allows Unauthorized User Actions Buffer Overflow Vulnerability in nfdump 1.6.16 and Earlier: Potential Denial of Service to Local Code Execution NASA CFITSIO prior to 3.43 Buffer Overflow Vulnerability Unrestricted File Upload Vulnerability in PluckCMS 4.7.4 and Earlier Integer Overflow in The Sleuth Kit 4.6.0 and earlier: Crash in tsk/fs/hfs_dent.c:237 Vulnerability: Incorrect Access Control in Lawrence Livermore National Laboratory msr-safe v1.1.0 Vulnerability: Denial of Service Attack via Crafted File in moinejf abcm2ps 8.13.20 Flask before 1.0 Vulnerability: Denial of Service via Crafted Encoded JSON Data Incorrect Access Control in Dancer::Plugin::SimpleCRUD 1.14 and earlier: Potential for Unauthorized Data Access CWE-79: Improper Neutralization of Input During Web Page Generation in TinyMCE 4.7.11 and 4.7.12: JavaScript Code Execution via Media Element CSRF Vulnerability in DomainMod v4.10.0 Allows Unauthorized Password Change CSRF Vulnerability in DomainMOD v4.10.0 Allows Unauthorized Administrator Account Addition CSRF Vulnerability in DomainMOD v4.10.0 Allows Unauthorized User Privilege Escalation Insecure Artifact Resolution in JetBrains Kotlin Versions Prior to 1.3.30 Title: Critical Vulnerability in Akeo Consulting Rufus 3.0 and Earlier: DLL Search Order Hijacking Enables Arbitrary Code Execution with Privilege Escalation Insecure Permissions in Akeo Consulting Rufus 3.0 and Earlier: Arbitrary Code Execution with Privilege Escalation SQL Injection Vulnerability in TechyTalk Quick Chat WordPress Plugin Cross Site Request Forgery (CSRF) vulnerability in OECMS v4.3.R60321 and later versions allows unauthorized addition of administrator accounts Cross Site Scripting (XSS) Vulnerability in Premium Software CLEditor 1.4.5 and Earlier Unrestricted File Upload Vulnerability in MODX Revolution Gallery 1.7.0 Cross-Site Scripting (XSS) Vulnerability in WebAppick WooCommerce Product Feed Plugin VCFTools Prior to Version 0.1.15: Use-After-Free Vulnerability in header::add_FILTER_descriptor Method ChinaMobile GPN2.4P21-C-CN W2001EN-00 Vulnerability: Unauthenticated Remote Reboot Title: Scapy 2.4.0 Denial of Service Vulnerability in _RADIUSAttrPacketListField.getfield() Privilege Escalation through XSS in Yellowfin Smart Reporting (Versions Prior to 7.3) SQL Injection Vulnerability in zzcms Version 8.3 and Earlier: zzcms File Delete to Code Execution Vulnerability: File Delete to Code Execution in zzcms version 8.3 and earlier Vulnerability Title: File Delete to Code Execution in zzcms 8.3 and earlier File Delete Vulnerability in zzcms zzmcms 8.3 and Earlier: Exploiting /user/ppsave.php to Gain Shell Access Vulnerability Title: File Delete to Code Execution in zzcms 8.3 and Earlier SQL Injection Vulnerability in zzcms 8.3 and earlier Authentication Bypass Vulnerability in D-Link DSL-2750U 1.11 Incorrect Access Control in perl-CRYPT-JWT 0.022 and earlier allows for bypassing authentication Vulnerability Title: NULL Pointer Dereference in Jsi_StrcmpDict Function (jsiChar.c:121) in jsish 2.4.74 2.0474 Buffer Overflow Vulnerability in Socusoft Co Photo 2 Video Converter 8.0.0 Out-of-bounds Read Vulnerability in Jsish 2.4.77 (CVE-2021-XXXX) Use After Free vulnerability in Jsish 2.4.77 (2.0477): Denial of Service in Jsi_ObjFree (jsiObj.c:230) Nullpointer Dereference Vulnerability in Jsish 2.4.83: Denial of Service in jsi_DumpFunctions (jsiEval.c:567) Uncontrolled Resource Consumption in Jsish 2.4.84: Denial of Service Vulnerability Reachable Assertion in Jsi_ValueArrayIndex (jsiValue.c:366) in Jsish 2.4.84 2.0484: Denial of Service Vulnerability CImg Library v.2.3.3 and earlier: Command Injection in load_network() Function Buffer Overflow in lit_char_to_utf8_bytes function of JerryScript (commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166) allows for denial of service and potential arbitrary code execution Use After Free vulnerability in Jsish 2.4.70 2.047 in Jsi_RegExpNew function (jsi/jsiRegexp.c:39) allows for denial of service and possibly arbitrary code execution Vulnerability Title: Remote Code Execution in Fred MODX Revolution < 1.0.0-beta5 Command Injection Vulnerability in PHKP (commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b) Buffer Overflow Vulnerability in GNU gdb: Denial of Service, Memory Disclosure, and Possible Code Execution Uncontrolled Recursion in YamlLoader::load_from_str function leads to Denial of Service Uncontrolled Recursion in serde_yaml 0.6.0 to 0.8.3: Denial of Service via Malicious YAML Parsing Infinite Loop Denial of Service Vulnerability in mgetty Out-of-Bounds Read Vulnerability in mgetty prior to 1.2.1 SQL Injection Vulnerability in Marginalia < 1.6 Cross Site Scripting (XSS) Vulnerability in hisiphp 1.0.8 Cross Site Scripting (XSS) vulnerability in ServiceStack Framework 4.5.14 Insecure Artifact Resolution in JetBrains Ktor Framework Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is vulnerable to OS Command Injection leading to Remote Code Execution SQL Injection Vulnerability in Jeesite 1.2.7: Sensitive Information Disclosure XML External Entity (XXE) Vulnerability in Jeesite 1.2.7: Sensitive Information Disclosure Vulnerability: Denial of Service in GNU binutils gold Directory Traversal Vulnerability in LINAGORA Hublin Vulnerability: Missing SSL Certificate Validation in OSS Http Request Plugin Cross Site Scripting (XSS) vulnerability in Genetechsolutions Pie Register 3.0.15 allows session cookie theft Buffer Overflow Vulnerability in Veracrypt NT Driver (veracrypt.sys) Unauthenticated File Upload Vulnerability in GoURL WordPress Plugin 1.4.13 and Earlier Buffer Overflow Vulnerability in Cherokee Web Server Buffer Over-read Vulnerability in tcpdump 4.9.2: Exposing Stack Information via Specially Crafted pcap File Vulnerability: Incorrect Access Control in LineageOS 16.0 and earlier Buffer Overflow Vulnerability in OFFIS.de DCMTK 3.6.3 and below Buffer Overflow Vulnerability in Juniper libslax Library Remote Code Execution in Linux Foundation ONOS 1.15.0 and Earlier via Improper Input Validation in YangLiveCompilerManager.java Cross Site Scripting (XSS) Vulnerability in Frog CMS 1.1 Snippets Component Stored XSS Vulnerability in Ilias Assessment/TestQuestionPool Component Heap-based Buffer Overflow in Gnome Pango 1.42 and Later: Exploiting pango_log2vis_get_embedding_levels Function Null Dereference Vulnerability in cJSON 1.7.8: Denial of Service via Crafted JSON File Jenkins Credentials Binding Plugin 1.17: CWE-257 - Storing Passwords in a Recoverable Format Arbitrary Command Execution in Linux Foundation ONOS SDN Controller 1.15 and Earlier Versions Unauthenticated MySQL Database Password Information Disclosure in MailCleaner ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier Cross Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in Synetics GmbH I-doit 1.12 and Earlier: Unauthenticated MySQL Database Access via Web Login Form Title: Integer Overflow Vulnerability in Linux Foundation ONOS Allows Unauthorized Flow Rule Installation Vulnerability: Unintended Flow Rule Installation in ONOS 2.0.0 and Earlier Denial of Service - DNS Detection Bypass in Open Information Security Foundation Suricata (CVE-2019-12168) Title: Vulnerability in Linux Foundation ONOS 2.0.0 and Earlier: Unintended Flow Rule Installation via Poor Input Validation Arbitrary File Download and Deletion in article2pdf Wordpress Plugin Buffer Overflow in nanosvg Library: Memory Corruption and DoS SQL Injection in SaltStack Salt 2018.3, 2019.2: Privilege Escalation and RCE via mysql.user_chpass Arbitrary Code Execution via MITM Attack in ktlint Custom Ruleset Download Cross Site Scripting (XSS) vulnerability in Gitea 1.7.0 and earlier allows arbitrary JavaScript execution in victim's browser Incorrect Access Control in Perl Crypt::JWT (CVE-2021-12345) Uncontrolled Resource Consumption in Lodash Date Handler (CWE-400) XML External Entity (XXE) Vulnerability in Ladon SOAP Request Handlers Improper Certificate Validation in Helm Before 2.7.2 Allows Unauthorized Client Connections Denial of Service - TCP/HTTP Detection Bypass in Open Information Security Foundation Suricata (CVE-2020-XXXX) Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier Vulnerability: Intentional Information Exposure Cross Site Scripting (XSS) vulnerability in Timesheet Next Gen 1.5.3 and earlier allows arbitrary code execution via redirect parameter in login.php. Open Redirection Vulnerability in Babel: Allowing Unrestricted URL Redirection Boundary Check Vulnerability in Linaro/OP-TEE Prior to v3.4.0 Boundary Crossing Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier: Memory Corruption of TEE Rounding Error Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier Buffer Overflow Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier: Memory Corruption and Disclosure Buffer Overflow Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier Buffer Overflow Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier Buffer Overflow Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier Uninitialized Memory Exposure in Rust Programming Language Standard Library Vulnerability: Insecure Gradle Artifact Resolution in JetBrains IntelliJ IDEA Kotlin Projects Buffer Overflow Vulnerability in mz-automation libiec61850 1.3.2 1.3.1 1.3.0: Server Example Complex Array Component Buffer Overflow Vulnerability in jhead 3.03: Denial of Service via Specially Crafted JPEG File Denial of Service Vulnerability in jhead 3.03: Incorrect Access Control in iptc.c Line 122 show_IPTC() Incorrect Access Control in Saleor GraphQL API allows Unauthenticated Users to Access Admin-Restricted Shop Revenue Data Buffer Overflow in libmspack 0.9.1alpha: Information Disclosure in chmd_read_headers() Remote Code Execution (RCE) Vulnerability in Slanger 0.6.0 Cross Site Scripting (XSS) Vulnerability in GLPI Product 9.3.1: Privilege Escalation and Admin JS Execution via Link Tickets Feature Unrestricted Access to Sensitive Information in Aquarius CMS Log File GLPI Product 9.3.1 - Frame and Form Tags Injection Vulnerability Gitea 1.7.2, 1.7.3 Vulnerability: Cross Site Scripting (XSS) in Repository Description WavPack 5.1 and earlier Vulnerability: Divide by Zero in ParseDsdiffHeaderConfig (dsdiff.c:282) Incorrect Access Control in pyxtrlock 0.3 and earlier: False Locking Impression in Non-X11 Sessions Uninitialized Variable in WavPack's ParseCaffHeaderConfig Leads to Control Flow Issues Uninitialized Variable in WavPack's ParseWave64HeaderConfig Leads to Control Flow Issues Remote Code Execution Vulnerability in JetBrains IntelliJ IDEA Ultimate Self-XSS Vulnerability in CMS Made Simple 2.2.10 via Layout Design Manager Name Field XSS Vulnerability in CMS Made Simple 2.2.10 via 'moduleinterface.php' Name Field XSS Vulnerability in CMS Made Simple 2.2.10 via Email Address Field in myaccount.php Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition EXIF Geolocation Data Exposure in GitLab Windows GDI Memory Disclosure Vulnerability Insecure Permissions in GitLab's Move Issue Feature Persistent XSS Vulnerability in GitLab Merge Request Resolve Conflicts Page Insecure HMAC Key Derivation Vulnerability in GitLab Uncontrolled Resource Consumption in GitLab API Insecure Parameter Validation in GitLab OAuth Authentication Insecure Permissions in GitLab Releases Feature Insecure Permissions Allow Unauthorized Access to Related Branches in GitLab Open Redirect Vulnerability in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2 XSS Vulnerability in Snipe-IT (before 4.6.14) via log_meta and API User's Last Name Authentication Bypass Vulnerability in eQ-3 HomeMatic CCU2 and CCU3 Devices (HMCCU-154) Windows GDI Memory Disclosure Vulnerability HMCCU-154: Session ID Persistence Vulnerability in eQ-3 HomeMatic CCU2 and CCU3 Devices HMCCU-153: Unauthenticated Session Hijacking and Admin Access in eQ-3 HomeMatic CCU2 and CCU3 Devices Buffer Overflow Vulnerability in eQ-3 HomeMatic CCU2 and CCU3 Devices (HMCCU-179) SQL Injection Vulnerability in AIS ESEL-Server 67 Allows Arbitrary Code Execution Use-after-free vulnerability in aio_poll() in Linux kernel through 5.0.4 Heap-based Buffer Overflow in mwifiex_uap_parse_tail_ies Function in Linux Kernel Arbitrary Code Execution and Data Access Vulnerability in PostgreSQL 11.x Insecure ACL Configuration in PostgreSQL Windows Installer Arbitrary Memory Read Vulnerability in PostgreSQL 11.x (CVE-2019-10164) Windows GDI Memory Disclosure Vulnerability Vulnerability: Information Leakage in PostgreSQL Column Statistics Off-by-one read vulnerability in ImageMagick's formatIPTCfromBuffer function Vulnerability in libvirt >= 4.1.0: Unauthenticated Administrative Access via virtlockd-admin.socket and virtlogd-admin.socket Unrestricted External URL Redirect in Moodle Cohort Upload Form User Quota Exceedance Vulnerability in Moodle Insecure Code Execution Vulnerability in osbs-client's yaml.load() Function Spacewalk Vulnerability: Expired Authentication Session Manipulation Path Traversal Vulnerability in spacewalk-proxy Insufficient Access Control in python-novajoin Plugin Allows Unauthorized FreeIPA Token Generation Plain-text storage of admin and appliance passwords in ansible variable file during HE deployment via cockpit-ovirt Win32k Memory Object Handling Elevation of Privilege Vulnerability Linux Kernel OverlayFS NULL Pointer Dereference Denial of Service Vulnerability SQL-injection vulnerability in openstack-ironic-inspector's node_cache.find_node() function Vulnerability in Linux Kernel's Freescale Hypervisor Manager Implementation Privilege Escalation Vulnerability in FreeRADIUS Logrotate Configuration Lack of Process Isolation in rkt enter Vulnerability Lack of Process Isolation in rkt enter Vulnerability Reflected Cross Site Scripting Vulnerability in pki-core Server's CA Agent Service Insecure Process Isolation in rkt Versions 1.30.0 and Below Remote Command Execution Vulnerability in Exim 4.87 to 4.91 Windows GDI Memory Disclosure Vulnerability OpenShift Container Platform SSH Host Key Checking Bypass Vulnerability Path Traversal Vulnerability in Podman Allows Arbitrary File Access Vulnerability: Denial of Service in fence-agents due to Non-ASCII Characters Unrestricted Access to Conversations in Moodle Web Service Unverified Integrity Check Vulnerability in Libreswan IKEv1 Informational Exchange Processing Information Disclosure Vulnerability in Ansible Templating Keycloak Node.js Adapter Backchannel Logout Token Verification Bypass Vulnerability Improper Session Fixation Protection in Infinispan-Spring Session Integration Data Leak Vulnerability in cfme-gemset Versions 5.10.4.3 and Below, 5.9.9.3 and Below Windows GDI Memory Disclosure Vulnerability Vulnerability Title: Python Security Regression in URL Parsing (CVE-2019-9636) Arbitrary File Access and Execution Vulnerability in libvirtd PowerDNS Authoritative Server Denial of Service Vulnerability PowerDNS Authoritative Server Vulnerability: Remote Master Server CPU Load and Zone Update Prevention Stack-based Buffer Overflow in PostgreSQL Plaintext Storage of OAuth Tokens in OpenShift Container Platform Audit Logs Arbitrary Code Execution Vulnerability in libvirtd Arbitrary Code Execution Vulnerability in libvirt's virConnectGetDomainCapabilities() API Arbitrary Code Execution via Libvirt's Hypervisor CPU APIs Arbitrary Code Execution Vulnerability in Keycloak's User-Managed Access Interface Win32k Memory Object Handling Elevation of Privilege Vulnerability Arbitrary Code Execution Vulnerability in Keycloak Admin Console Denial of Service Vulnerability in 389-ds-base in RHEL 7.5 XML External Entity (XXE) Vulnerability in org.codehaus.jackson:jackson-mapper-asl:1.9.x Libraries Remote Code Execution Vulnerability in XStream API (CVE-2021-XXXX) Infinispan Privilege Escalation via Reflection Vulnerability Unauthorized Cloning of Persistent Volume Claims in virt-cdi-cloner Static CSRF Tokens in OpenShift Container Platform Stored XSS Vulnerability in CloudForms PDF Export Component Stored Cross Site Scripting (XSS) Vulnerability in Token Processing Service (TPS) Reflected Cross Site Scripting (XSS) Vulnerability in PKI-Core 10.x.x Key Recovery Authority (KRA) Agent Service DirectX Memory Object Handling Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in PKI-Core 10.x.x Token Processing Service (TPS) Code Injection Vulnerability in IcedTea-Web Arbitrary File Upload Vulnerability in IcedTea-Web Insecure Password Handling in virt-install(1) Utility Undertow Information Leak Vulnerability Zip-Slip Vulnerability in IcedTea-Web: Arbitrary File Write and Sandbox Escape CSRF Token Bypass in Moodle XML Loading/Unloading Admin Tool Glossary Entry Deletion Vulnerability in Moodle Vulnerability: Unauthorized Group Override Modification in Moodle Quiz Group Override Vulnerability in Moodle NETLOGON Message Session Key Retrieval Vulnerability DNS Resolver Component Vulnerability: Bypassing DNSSEC Validation for Non-Existence Answer Vulnerability in Knot Resolver Allows DNSSEC Downgrade and Domain Hijacking Heap-Buffer Overflow Vulnerability in Redis HyperLogLog Data Structure Stack-buffer overflow vulnerability in Redis hyperloglog data structure Insufficient Protection of Sensitive Passwords in oVirt Metrics Deployment and Configuration Clear text password logging vulnerability in FreeIPA's batch processing API Denial of Service and Memory Leak Vulnerability in http-proxy-agent Samba Directory Traversal Vulnerability Authentication Bypass Vulnerability in foreman-tasks before 0.15.7 Inadequate Header Checks in Keycloak Account Console: Untrusted Domain Request Vulnerability OpenShift Container Platform 4 Vulnerability: Unauthorized Access to AWS IAM Role Credentials on Master Nodes Path Traversal Vulnerability in Yard before 0.9.20 Credential Sniffing Vulnerability in Pterodactyl before 0.7.14 with 2FA Cross-Site Scripting (XSS) Vulnerability in Invenio-Records before 1.2.2 Tridactyl 1.16.0 Vulnerability: Fake Key Events Cross-Site Scripting (XSS) Vulnerability in Invenio-Communities before 1.0.0a20 Host Header Injection Vulnerability in Invenio-App Cross-Site Scripting (XSS) Vulnerability in Dependency-Track before 3.5.1 Cross-Site Scripting (XSS) Vulnerability in stacktable.js before 1.0.4 SMTP Credential Exposure Vulnerability in Fleet before 2.1.2 User Token Hijacking Vulnerability in Misskey before 10.102.4 Unauthorized Automatic Deployments of SmokeDetector: A Critical Vulnerability Vulnerability: Denial of Service (DoS) in parse-server before 3.4.1 Account Enumeration Vulnerability in parse-server before 3.6.0 Double Free Vulnerability in docker-credential-helpers List Functions Improper Audience Check in Hasura GraphQL Engine JWT Verification Open Redirect Vulnerability in ASH-AIO before 2.0.0.3 Lack of Confirmation Screen in Discourse User-API OTP Login Vulnerability Missing Confirmation Screen for Email Login Vulnerability Cross-Site Scripting (XSS) Vulnerability in Invenio-Previewer Keycloak SAML Broker Message Signature Verification Bypass Vulnerability Deserialization Vulnerabilities in Codehaus 1.9.x Implemented in EAP 7 PowerDNS Authoritative daemon Denial of Service Vulnerability Insecure Storage of Robot Account Tokens in Red Hat Quay Vulnerability: Password Exposure in Ansible Playbook and CLI Tools Linux Kernel Bluetooth UART Local Privilege Escalation Vulnerability Arbitrary SQL Execution Vulnerability in PostgreSQL Memory Disclosure Vulnerability in Cross-Type Comparison for Hashed Subplan in PostgreSQL 11.x before 11.5 Windows Audio Service Elevation of Privilege Vulnerability Vulnerability: Insecure Handling of Superuser Password in Postgresql Windows Installer Vulnerability: Code Execution via Unprotected Directory in PostgreSQL Windows Installer Undertow DEBUG Log Information Disclosure Vulnerability Unsanitized Secret Data Exposure in OpenShift Container Platform Vulnerability: Insecure TLS Connections in Containers/Image Library Cross-Site Scripting Vulnerability in Bootstrap-3-Typeahead's highlighter() Function Privilege Escalation Vulnerability in Ghostscript Sensitive Data Leakage in Ansible GCP Modules Samba Client Path Traversal Vulnerability XSS Vulnerability in Hibernate-Validator's SafeHtml Validator Annotation Windows Audio Service Elevation of Privilege Vulnerability Relative Paths Injection Vulnerability in Linux Kernel CIFS Implementation (Version 4.9.0) Reflected Cross Site Scripting Vulnerability in pki-core 10.x.x Ceph RGW Beast Front End Remote Denial of Service Vulnerability Vulnerability: Exposing Secret Content in Metrics Sensitive Information Disclosure in 389-ds-base Vulnerability: Unauthorized Access to GlusterFS StorageClass in OpenShift Container Platform Title: Authenticated HTML Injection Vulnerability in Fat Free CRM v0.19.0 via /comments URI Reflected XSS Vulnerability in openITCOCKPIT 404-not-found Component Arbitrary Password Login Vulnerability in MailStore Server Scripting Engine Memory Object Information Disclosure Vulnerability PHP Type Juggling Vulnerability in Teclib GLPI Allows Authentication Bypass SQL Injection in Teclib GLPI through 9.3.3 via cycle parameter in /scripts/unlock_tasks.php Timing Attack Vulnerability in Teclib GLPI before 9.4.1.1 CSRF Vulnerability in S-CMS PHP v1.0 Allows Unauthorized Addition of Admin User XSS Vulnerability in Sitemagic CMS v4.4 via Filename Parameter Insufficient Protection of Stored Credentials in Robotronic RunAsSpc 3.7.0.0 Chakra Scripting Engine Remote Code Execution Vulnerability Insecure HTTP Resolution of Maven Build Artifacts in Eclipse hawkBit XSS Vulnerability in Eclipse Jetty DefaultServlet and ResourceHandler Path Traversal Vulnerability in Eclipse Kura SkinServlet Exposure of Underlying Ui Web Server Version in Eclipse Kura Versions up to 4.0.0 XXE Vulnerability in Eclipse Kura Versions up to 4.0.0 Java Bytecode Verifier Allows Execution Past End of Bytecode Array in Eclipse OpenJ9 Windows Directory Listing Information Exposure Vulnerability in Eclipse Jetty Exposure of Configured Directory Base Resource Location in Jetty Server 404 Error Insecure Maven Artifact Resolution in Eclipse Vorto Prior to 0.11 Insecure File Transfer in Xtext & Xtend Versions Prior to 2.18.0 Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Vulnerability: UCWeb UC Browser 7.0.185.1002 on Windows PDF Module Download MITM Attack Vulnerability: MITM Attacks in UCWeb UC Browser for Android CSRF Vulnerability in TeamMate+ 21.0.0.0 Allows Remote Attackers to Modify Application Data Reflected XSS Vulnerability in MISP before 2.4.105 Open Redirect Vulnerability in Jupyter Notebook and JupyterHub VIVOTEK IPCam Authentication Bypass Vulnerability Directory Traversal Vulnerability in Zucchetti HR Portal Allows Unauthorized Access to System Files Windows Audio Service Elevation of Privilege Vulnerability XSS Vulnerabilities in Total.js CMS 12.0.0: themes/admin/views/index.html and themes/admin/public/ui.js Stored/Persistent XSS in CentOS Web Panel (CWP) 0.9.8.789 via Edit Nameservers IPs action SQL Injection Vulnerability in BlueCMS 1.6 XSS Vulnerability in Ahsay Cloud Backup Suite Allows Account Takeover XXE Vulnerability in Ahsay Cloud Backup Suite Allows Arbitrary XML Entity Expansion Directory Traversal Vulnerability in Ahsay Cloud Backup Suite Unauthenticated File Structure and Content Disclosure in Ahsay Cloud Backup Suite Insecure File Upload and Code Execution Vulnerability in Ahsay Cloud Backup Suite 8.1.0.50 Stack-based buffer overflow in BWA (Burrow-Wheeler Aligner) before 2019-01-23 via long sequence name in .alt file Windows Audio Service Elevation of Privilege Vulnerability Arbitrary Password Reset Vulnerability in Ultimate Member Plugin for WordPress Unauthorized Profile and Cover Picture Modification Vulnerability in Ultimate Member Plugin 2.39 for WordPress CRLF Injection Vulnerability in Weaver e-cology 9.0 User Enumeration Vulnerability in ManageEngine ServiceDesk Plus 9.3 File Upload Vulnerability in Western Bridge Cobub Razor 0.8.0 via web/assets/swf/uploadify.php URI Unencrypted Storage of Credentials in Jenkins StarTeam Plugin Cross-Site Request Forgery Vulnerability in Jenkins jenkins-reviewbot Plugin Missing Permission Check in Jenkins jenkins-reviewbot Plugin Allows Unauthorized Connection Initiation Windows Audio Service Elevation of Privilege Vulnerability Unencrypted Storage of Credentials in Jenkins Assembla Auth Plugin Unencrypted Storage of Credentials in Jenkins Relution Enterprise Appstore Publisher Plugin Unencrypted Storage of Credentials in Jenkins Klaros-Testmanagement Plugin Unencrypted Storage of Credentials in Jenkins mabl Plugin Unencrypted Storage of Credentials in Jenkins Diawi Upload Plugin Unencrypted Storage of Credentials in Jenkins Minio Storage Plugin Unencrypted Storage of Credentials in Jenkins DeployHub Plugin Unencrypted Storage of Credentials in Jenkins YouTrack-Plugin Unencrypted Storage of Credentials in Jenkins Jabber Server Plugin Cross-Site Request Forgery Vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and Older Skype for Business Denial of Service Vulnerability Vulnerability: Missing Permission Check in Jenkins Netsparker Cloud Scan Plugin Unencrypted Storage of Credentials in Jenkins Netsparker Cloud Scan Plugin Cross-Site Request Forgery Vulnerability in Jenkins Kmap Plugin Allows Server Connection Initiation Unauthenticated Remote Code Execution in Jenkins Kmap Plugin Unencrypted Storage of Credentials in Jenkins Kmap Plugin Unencrypted Storage of Credentials in Jenkins crittercism-dsym Plugin Unencrypted Storage of Credentials in Jenkins Serena SRA Deploy Plugin Unencrypted Storage of Credentials in Jenkins Sametime Plugin's Global Configuration File Unencrypted Storage of Credentials in Jenkins Koji Plugin's Global Configuration File Unencrypted Storage of Credentials in Jenkins CloudCoreo DeployTime Plugin Memory Object Handling Vulnerability in Microsoft Edge Cross-Site Request Forgery Vulnerability in Jenkins GitLab Plugin 1.5.11 and Earlier Missing Permission Check in Jenkins GitLab Plugin Allows Unauthorized Access to Credentials Unencrypted Storage of Credentials in Jenkins Jira-ext Plugin Unencrypted Storage of Credentials in Jenkins Azure PublisherSettings Plugin Cross-Site Request Forgery Vulnerability in Jenkins XebiaLabs XL Deploy Plugin Missing Permission Check in Jenkins XebiaLabs XL Deploy Plugin Allows Unauthorized Server Connections Sandbox Bypass Vulnerability in Jenkins ontrack Plugin 3.4 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins Static Analysis Utilities Plugin Allows Unauthorized Modification of Default Graph Configuration Vulnerability: Unauthorized Modification of Default Graph Configuration in Jenkins Static Analysis Utilities Plugin XML External Entity (XXE) Processing Vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin Microsoft Office SharePoint XSS Vulnerability Cross-Site Request Forgery Vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and Earlier Vulnerability: Missing Permission Check in Jenkins Ansible Tower Plugin Allows Unauthorized Access to Credentials Vulnerability: Enumeration of Credentials in Jenkins Ansible Tower Plugin Unencrypted Storage of Credentials in Jenkins Twitter Plugin's Global Configuration File Global SSL/TLS and Hostname Verification Bypass in Jenkins Koji Plugin CSRF Vulnerability in Jenkins GitHub Authentication Plugin 0.31 and Earlier Unencrypted Storage of Credentials in Jenkins Aqua MicroScanner Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins SiteMonitor Plugin Unencrypted Storage of Client Secret in Jenkins Azure AD Plugin Information Disclosure Vulnerability in Jenkins PAM Authentication Plugin Microsoft Office SharePoint XSS Vulnerability Jenkins Credentials Plugin Path Disclosure and Certificate Content Disclosure Vulnerability Cross-Site Request Forgery Vulnerability in Jenkins Artifactory Plugin 3.2.2 and Earlier Jenkins Artifactory Plugin 3.2.2 and Earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs and Credentials Jenkins Artifactory Plugin 3.2.3 and Earlier: Missing Permission Check Allows Enumeration of Credentials Cross-Site Request Forgery Vulnerability in Jenkins Artifactory Plugin 3.2.2 and Earlier Cross-Site Scripting Vulnerability in Jenkins Warnings NG Plugin 5.0.0 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins Warnings NG Plugin 5.0.0 and Earlier XML External Entities (XXE) Vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and Earlier Arbitrary Method Invocation Vulnerability in Jenkins Pipeline Remote Loader Plugin Unencrypted Storage of Credentials in Jenkins InfluxDB Plugin Microsoft Office SharePoint XSS Vulnerability Untrusted Revision Manipulation in Jenkins Gitea Plugin 1.1.1 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and Earlier Unauthenticated Remote Code Execution in Jenkins ElectricFlow Plugin Information Disclosure Vulnerability in Jenkins ElectricFlow Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins ElectricFlow Plugin Stored Cross Site Scripting Vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and Earlier Reflected Cross-Site Scripting Vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and Earlier XML External Entities (XXE) Vulnerability in Jenkins Token Macro Plugin 2.7 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins JX Resources Plugin Allows Credential Leakage Jenkins JX Resources Plugin 1.0.36 and Earlier: Missing Permission Check Allows Unauthorized Access to Kubernetes Server Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1034) Cross-Site Request Forgery Vulnerability in Jenkins Docker Plugin 1.1.6 and Earlier Unauthenticated Remote Code Execution in Jenkins Docker Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Docker Plugin 1.1.6 and earlier Improper Value Masking in Jenkins Configuration as Code Plugin Information Disclosure in Jenkins Configuration as Code Plugin Insecure Handling of Proxy Password in Jenkins Configuration as Code Plugin Reflected Cross-Site Scripting Vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and Earlier Unencrypted Storage of Credentials in Jenkins Mashup Portlets Plugin Unencrypted Storage of Credentials in Jenkins Gogs Plugin Stored Cross Site Scripting Vulnerability in Jenkins Dependency Graph Viewer Plugin Microsoft Word Remote Code Execution Vulnerability Unencrypted Storage of Credentials in Jenkins Port Allocator Plugin Unencrypted Storage of Credentials in Jenkins Caliper CI Plugin Arbitrary File Write Vulnerability in Jenkins 2.185 and Earlier CSRF Token Expiration Bypass in Jenkins 2.185 and Earlier Stapler Web Framework Vulnerability: Unauthorized Access to View Fragments in Jenkins Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Information Disclosure Vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin Sensitive Build Variable Disclosure in Jenkins Maven Integration Plugin Cross-Site Request Forgery Vulnerability in Jenkins Maven Release Plugin 0.14.0 and Earlier Microsoft Office SharePoint XSS Vulnerability Stored Cross Site Scripting Vulnerability in Jenkins Maven Release Plugin 0.14.0 and Earlier Unencrypted Storage of Credentials in Jenkins Maven Release Plugin Jenkins Configuration as Code Plugin: Variable Interpolation Vulnerability Inadequate Identification of Sensitive Values in Jenkins Configuration as Code Plugin Sensitive Private Key Information Leakage in Jenkins Amazon EC2 Plugin Insecure Temporary Access Token Storage in Jenkins Google Kubernetes Engine Plugin Unencrypted Storage of Credentials in Jenkins Skytap Cloud CI Plugin Incomplete Fix of CVE-2019-10343 in Jenkins Configuration as Code Plugin 1.26 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins JClouds Plugin 2.14 and Earlier Jenkins JClouds Plugin Vulnerability: Unauthorized Access to Attacker-Specified URLs and Credentials Capture Windows Error Reporting File Handling Elevation of Privilege Vulnerability Jenkins Mask Passwords Plugin: Plain Text Transmission of Global Passwords Session Fixation Vulnerability in Jenkins Gitlab Authentication Plugin Open Redirect Vulnerability in Jenkins Gitlab Authentication Plugin Stored Cross-Site Scripting Vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and Earlier Stored Cross-Site Scripting Vulnerability in Jenkins PegDown Formatter Plugin 1.3 and Earlier Arbitrary File Read Vulnerability in Jenkins File System SCM Plugin 2.1 and Earlier Reflected Cross-Site Scripting Vulnerability in Jenkins Wall Display Plugin 0.6.34 and Earlier Jenkins Avatar Plugin 1.2 and Earlier: Unauthorized Avatar Modification Vulnerability Unencrypted Storage of Credentials in Jenkins TestLink Plugin Unencrypted Storage of Credentials in Jenkins Google Cloud Messaging Notification Plugin Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Arbitrary Code Execution in Jenkins Simple Travis Pipeline Runner Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins Codefresh Integration Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins VMware Lab Manager Slaves Plugin Stored Cross-Site Scripting Vulnerability in Jenkins Update Center CSRF Token Bypass Vulnerability in Jenkins 2.191 and Earlier Unencrypted Storage of Credentials in Jenkins eggPlant Plugin 2.2 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins XL TestView Plugin 1.2.0 and Earlier Unauthenticated Remote Code Execution in Jenkins XL TestView Plugin Cross-Site Request Forgery Vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin Unauthenticated Remote Code Execution in Jenkins Relution Enterprise Appstore Publisher Plugin Windows Kernel Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Jenkins Splunk Plugin 1.7.4 and Earlier Plain Text Transmission of Configured Passwords in Jenkins IBM Application Security on Cloud Plugin OS Command Injection in Jenkins Git Client Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Cross-Site Scripting Vulnerability in Jenkins Build Environment Plugin 1.6 and Earlier Cross-Site Scripting Vulnerability in Jenkins Dashboard View Plugin 2.11 and Earlier Vulnerability: Plain Text Transmission of Configured Passwords in Jenkins Aqua Security Serverless Scanner Plugin Unencrypted Storage of Credentials in Jenkins Beaker Builder Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin NTLM MIC Bypass Vulnerability in Microsoft Windows Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Stored XSS Vulnerability in Jenkins LTS and Earlier Versions Stored XSS Vulnerability in Jenkins LTS and Earlier Versions Stored XSS Vulnerability in Jenkins 2.196 and Earlier Stored XSS vulnerability in Jenkins 2.196 and earlier, LTS 2.176.3 and earlier Jenkins XSS Vulnerability: Session Cookie Disclosure via Cookie Header Stored XSS Vulnerability in Jenkins Global Configuration Unmasked Sensitive Variables in Jenkins Project Inheritance Plugin Cross-Site Request Forgery Vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and Earlier Vulnerability: Unauthorized Project Generation in Jenkins Project Inheritance Plugin Windows Kernel Object Handling Elevation of Privilege Vulnerability Cross-Site Scripting Vulnerability in Jenkins Log Parser Plugin 2.0 and Earlier Inedo BuildMaster Plugin: Plain Text Transmission of Configured Credentials Inedo ProGet Plugin for Jenkins: Plain Text Transmission of Configured Credentials Unencrypted Storage of Credentials in Jenkins CI/CD Plugin 1.3 and Earlier Unencrypted Storage of Credentials in Jenkins Git Changelog Plugin Unencrypted Storage of Credentials in Jenkins Violation Comments to GitLab Plugin Unencrypted Storage of Credentials in Jenkins Violation Comments to GitLab Plugin Jenkins Kubernetes Pipeline: Arbitrary Method Invocation Vulnerability Arbitrary Method Invocation Vulnerability in Jenkins Kubernetes Pipeline Arquillian Steps Plugin Unencrypted Storage of Credentials in Jenkins vFabric Application Director Plugin Unencrypted Storage of Credentials in Jenkins Assembla Plugin Unencrypted Storage of Credentials in Jenkins Azure Event Grid Build Notifier Plugin Unencrypted Storage of Credentials in Jenkins Call Remote Job Plugin Unencrypted Storage of Credentials in Jenkins CodeScan Plugin's Global Configuration File Unencrypted Storage of Credentials in Jenkins elOyente Plugin Unencrypted Storage of Credentials in Jenkins Google Calendar Plugin Unencrypted Storage of Credentials in Jenkins Gem Publisher Plugin Jenkins Aqua MicroScanner Plugin: Plain Text Transmission of Configured Credentials Jenkins Aqua Security Scanner Plugin: Plain Text Transmission of Configured Credentials Unencrypted Storage of Credentials in Jenkins GitLab Logo Plugin Memory Object Handling Vulnerability in comctl32.dll: Remote Code Execution Unencrypted Storage of Credentials in Jenkins NeuVector Vulnerability Scanner Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Cross-Site Scripting Vulnerability in Jenkins HTML Publisher Plugin 1.20 and Earlier Unencrypted Storage of Credentials in Jenkins Dingding Plugin Jenkins LDAP Email Plugin: Plain Text Transmission of Configured Credentials Jenkins SourceGear Vault Plugin: Plain Text Transmission of Configured Credentials Arbitrary File Read Vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins CRX Content Package Deployer Plugin Jenkins CRX Content Package Deployer Plugin 1.8.1 and Earlier: Missing Permission Check Allows Unauthorized URL Connection and Credential Capture Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier: Missing Permission Check Allows Enumeration of Stored Credentials Windows Secure Kernel Mode Security Feature Bypass Vulnerability Unencrypted Storage of Credentials in Jenkins NeoLoad Plugin Cross-Site Request Forgery Vulnerability in Jenkins iceScrum Plugin 1.1.5 and Earlier Unauthenticated Remote Code Execution in Jenkins iceScrum Plugin Unencrypted Storage of Credentials in Jenkins iceScrum Plugin Unconditional SSL/TLS and Hostname Verification Disabling in Jenkins Bumblebee HP ALM Plugin Information Disclosure Vulnerability in Jenkins Google Kubernetes Engine Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins Cadence vManager Plugin Unencrypted Storage of Credentials in Jenkins Sofy.AI Plugin Unencrypted Storage of Credentials in Jenkins Extensive Testing Plugin Unencrypted Storage of Credentials in Jenkins Fortify on Demand Plugin Windows Network File System Elevation of Privilege Vulnerability Unencrypted Storage of Credentials in Jenkins ElasticBox CI Plugin Unencrypted Storage of Credentials in Jenkins SOASTA CloudTest Plugin Unencrypted Storage of Credentials in Jenkins View26 Test-Reporting Plugin Unencrypted Storage of Credentials in Jenkins Delphix Plugin's Global Configuration File Jenkins Rundeck Plugin Cross-Site Request Forgery Vulnerability: Unauthorized Access to Attacker-Specified URL Jenkins Rundeck Plugin Vulnerability: Unauthorized URL Connection with Attacker-Specified Credentials Cross-Site Request Forgery Vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin Unauthenticated Remote Code Execution in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin Arbitrary Code Execution Vulnerability in Jenkins Puppet Enterprise Pipeline Unencrypted Storage of Secret Token in Jenkins Mattermost Notification Plugin Windows GDI Memory Disclosure Vulnerability Unencrypted Storage of Credentials in Jenkins Bitbucket OAuth Plugin Unencrypted Storage of Credentials in Jenkins Dynatrace Application Monitoring Plugin Cross-Site Request Forgery Vulnerability in Jenkins Dynatrace Application Monitoring Plugin Unauthenticated Remote Code Execution in Jenkins Dynatrace Application Monitoring Plugin Cross-Site Request Forgery Vulnerability in Jenkins Deploy WebLogic Plugin Jenkins Deploy WebLogic Plugin Missing Permission Check Vulnerability Jenkins 360 FireLine Plugin XXE Vulnerability: Extracting Secrets and Enabling SSRF and DoS Attacks Unencrypted Storage of Credentials in Jenkins Sonar Gerrit Plugin Cross-Site Request Forgery Vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Vulnerability: Missing Permission Check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Windows GDI Memory Disclosure Vulnerability Vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Allows Enumeration of Credentials Jenkins Libvirt Slaves Plugin Cross-Site Request Forgery Vulnerability: Unauthorized SSH Server Connection and Credential Capture Vulnerability: Unauthorized SSH Server Connection in Jenkins Libvirt Slaves Plugin Vulnerability: Enumeration of Credentials ID in Jenkins Libvirt Slaves Plugin Vulnerability: Unauthorized Script Listing in Jenkins Global Post Script Plugin Jenkins build-metrics Plugin: Reflected Cross-Site Scripting Vulnerability Unencrypted Storage of Credentials in Jenkins Zulip Plugin FusionInventory Plugin SendXML Action Mishandling Vulnerability Unrestricted File Upload Vulnerability in Glory RBW-100 Devices with Firmware ISP-K05-02 7.0.0 Hard-coded Username and Password Vulnerability in Glory RBW-100 Devices Windows GDI Memory Disclosure Vulnerability WMI Firmware Event Handler Out of Bound Write Vulnerability Out of Bound Access Vulnerability in WMI FW Event Handling in Snapdragon Platforms Timing Side Channel Vulnerability in Snapdragon Processors Side Channel Vulnerability in QTEE: Non-Time-Constant Comparison Function Usage in Snapdragon Platforms Use After Free Vulnerability in Snapdragon Platforms Infinite Loop Vulnerability in Multiple Snapdragon Platforms Race condition vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Buffer Over-read Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Null-pointer dereference vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 while parsing avi clip during copy. Windows GDI Memory Disclosure Vulnerability Use After Free Vulnerability in Xtra Daemon Shutdown in Multiple Snapdragon Platforms Vulnerability: Compromised ADSP in Snapdragon Processors AVB Boot Image Verification Vulnerability in Multiple Qualcomm Snapdragon Processors Vulnerability: Position Determination Accuracy Degradation in Snapdragon Processors Race condition vulnerability in camera functions leading to memory corruption and UAF issue in multiple Snapdragon platforms Arbitrary Buffer Write Vulnerability in Snapdragon Processors Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Use After Free Vulnerability in Snapdragon Processors Multiple Buffer Overflow Vulnerabilities in Qualcomm Snapdragon Processors Out-of-Bound Access Vulnerability in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Windows GDI Memory Disclosure Vulnerability Buffer Overflow Vulnerability in Snapdragon Processors Use After Free Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Stack Overflow Vulnerability in Camera Module of Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24 Out-of-bounds Access Vulnerability in Snapdragon Camera Driver Firmware Resource Consumption Vulnerability in Qualcomm Snapdragon Devices Out of Bound Access Vulnerability in Snapdragon Processors Unvalidated User Input in QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY Command Out of Buffer Read Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music Out-of-Bounds Access Vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820A, SDX20 due to Lack of Input Validation Pairing Device Use-After-Free Vulnerability in Snapdragon Devices Chakra Scripting Engine Remote Code Execution Vulnerability Null Pointer Dereference Vulnerability in Bluetooth Process of Snapdragon Auto, Consumer IoT, Mobile, Voice & Music Processors Memory Overflow Vulnerability in GSNDCP Compressed Mode PDU Decoding in Snapdragon Platforms Unbounded Array Index Vulnerability in Multiple Snapdragon Platforms Null Pointer Access Vulnerability in Trustzone Execution of SPDM Commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, Preemptive Freeing Vulnerability in Snapdragon Processors Multiple Read Overflows in MM Decoding Vulnerability in Snapdragon Auto, Compute, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, and Wearables Double Free Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Use After Free Vulnerability in iWLAN State Transition in Snapdragon Platforms Chakra Scripting Engine Remote Code Execution Vulnerability GPU Memory Exhaustion Vulnerability in Snapdragon Mobile Processors Nonstandard Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Data Leakage Vulnerability in Multiple Snapdragon Platforms Use-after-free vulnerability in clk driver allows for arbitrary code execution Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables Processors Out of Bound Write Vulnerability in WLAN Driver in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music Vulnerability: SMEM Partition Manipulation Leading to Memory Corruption Use After Free Vulnerability in Kernel for Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 Race condition vulnerability in set_page_dirty() function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 Folder Shortcut Validation Vulnerability Buffer Overflow Vulnerability in Snapdragon Auto, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables Buffer Overflow Vulnerability in Qualcomm Snapdragon Processors Null-pointer dereference vulnerability in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Array Index Out of Bounds Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 Null-pointer dereference vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 Out-of-Bound Access Vulnerability in WLAN Function in Snapdragon Processors Double Free Vulnerability in Multiple Snapdragon Chipsets and Modules Integer overflow vulnerability in event buffer extraction from FW response in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Firmware Response Address Range Vulnerability Buffer Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Multiple Qualcomm Chipsets Edge MOTW Bypass Vulnerability Buffer Overflow Vulnerability in WLAN NAN Function in Multiple Snapdragon Platforms Uninitialized Buffer Dereference Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 Firmware File Buffer Over-read Vulnerability Out-of-Bound Access Vulnerability in Diag Handlers in Snapdragon Processors Critical Null Pointer Dereference Vulnerability in Snapdragon Kernel Buffer Overflow Vulnerability in WLAN Firmware during Roaming in Multiple Snapdragon Platforms Memory Leak Vulnerability in ION IOCTL Calls in Snapdragon Auto, Compute, Consumer Electronics, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables, Wired Infrastructure, and Networking Heap Use-After-Free Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Wearables Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables in Multiple Chipsets Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Buffer Over-read Vulnerability in Multiple Snapdragon Platforms Buffer Overread Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Multiple Buffer Over-read Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, Wired Infrastructure and Networking Multiple Read Overflows in Authentication Decoding in Snapdragon Platforms Multiple Read Overflows Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in various Qualcomm chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Out-of-bound read vulnerability in Linux kernel wireless driver in Snapdragon devices Out of Bound Vulnerability in FastRPC HLOS Driver in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Processors Internet Explorer Scripting Engine Memory Corruption Vulnerability Improper Initialization of Local Variables in Snapdragon Processors Leads to Denial of Service Vulnerability Vulnerability in Secure Boot Loader Allows Loading of Unverified Debug Policies and Leads to Memory Corruption Improper Input Validation Leads to Buffer Over-read in Snapdragon Processors Out-of-Bounds (OOB) Vulnerability in EEPROM Memory Access in Snapdragon Platforms Double Free Vulnerability in Multiple Snapdragon Platforms Buffer Overflow Vulnerability in WLAN Module with Supported Rates or Extended Rates Element Length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IoT, Snapdragon Industrial IoT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR2130 GPU Ringbuffer Overwrite Vulnerability in Snapdragon Processors Misplaced Instance ID Vulnerability in Snapdragon Platforms MSXML Remote Code Execution Vulnerability Missing size check in Snapshot of IB function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130 Integer Overflow and Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables in Multiple Qualcomm Chipsets Out-of-Bound Read Vulnerability in Multiple Snapdragon Platforms Unsigned Wlan Binary Vulnerability in Snapdragon Devices Buffer Over-read Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Buffer Over-read Vulnerability in Multiple Snapdragon Platforms Use-after-free vulnerability in kernel thread unregistered listener Use-after-free vulnerability in audio device pointer assignment in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Invalidated Iterator Use After Free Vulnerability in Sensors HAL Critical Use After Free Vulnerability in Snapdragon Platforms Out of Bound Access Vulnerability in Debug Queue of Snapdragon Processors Integer overflow vulnerability in mmap find function can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in multiple Qualcomm chipsets. Buffer Overflow Vulnerability in Snapdragon Processors Stack Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Remote Stack Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in Snapdragon Platforms Internet Explorer Scripting Engine Memory Corruption Vulnerability Out-of-Bound Access Vulnerability in DTS Atom Parsing in Multiple Snapdragon Platforms Null Pointer Dereference Vulnerability in Parsing Non-Standard udta Atom in Snapdragon Platforms Potential Integer Overflow Vulnerability in QDCM API of Snapdragon Platforms Buffer Overflow Vulnerability in SDP Video Image Attribute Processing in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Stack Overflow Vulnerability in Multiple Snapdragon Platforms Buffer Overwrite Vulnerability in Message Handler in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24 Improper Access Control Vulnerability in Snapdragon Platforms Arbitrary Memory Write Vulnerability in Multiple Snapdragon Platforms Out of Bound Access Vulnerability in Snapdragon Processors MSXML Remote Code Execution Vulnerability Out-of-Scope Local Variable Vulnerability in Multiple Snapdragon Platforms Firmware Event Processing Vulnerability in Multiple Snapdragon Platforms Heap-based use-after-free vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables processors Use After Free Vulnerability in Snapdragon Devices during Route Lookup Heap-buffer-overflow vulnerability during image version information population in diag command response packet Buffer Overwrite Vulnerability in IEEE80211 Header Filling Function in Multiple Snapdragon Platforms Out-of-Bound Access Vulnerability in Snapdragon Chipsets USB Driver Out of Bounds memcpy Vulnerability in Multiple Snapdragon Platforms Insecure Binding Vulnerability in Snapdragon Platforms Out of Bound Write Vulnerability in Multiple Snapdragon Platforms Buffer Over Read Vulnerability in SDP Message Processing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Stack Overflow Vulnerability in UTCB Object's Memory Deallocation Function Pointer Unvalidated Data Access Vulnerability in Multiple Snapdragon Platforms Integer Overflow Vulnerability in Keymaster 4 Leading to Memory Corruption Null Pointer Access Vulnerability in SPDM Commands Execution in Non-Standard Way Privilege Escalation Vulnerability in QCA6174_9377.WIN.1.0 Invalid Address Access Vulnerability in Snapdragon Connectivity (QCA6390) Chakra Scripting Engine Remote Code Execution Vulnerability Improper User Data Length Check Leading to Kernel Memory Error in Snapdragon Processors Use After Free Vulnerability in Snapdragon Auto, Compute, Industrial IOT, Mobile, Voice & Music Out-of-Bound Memory Access Vulnerability in Snapdragon Processors Integer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile Processors Integer Truncation Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Industrial IOT, Mobile, and more Critical Out-of-Bound Access Vulnerability in Snapdragon Processors Unvalidated Payload Size Vulnerability in Multiple Snapdragon Platforms Critical Integer Overflow to Buffer Overflow Vulnerability in PostScript and PDF Printers TLB Manipulation Vulnerability in Snapdragon Processors Kernel Virtual Page Corruption Vulnerability in Snapdragon Processors Internet Explorer Remote Code Execution Vulnerability Zyxel NAS 326 through 5.21 Plaintext Password Vulnerability Zyxel NAS 326 Package Installer Shell Metacharacter Injection Vulnerability Directory Traversal Vulnerability in Zyxel NAS 326 File Browser Component Eval Injection Vulnerability in Zyxel NAS 326 v5.21 and Below: Remote Code Execution via tjp6jp6y4, simZysh, and ck6fup6 APIs Zyxel NAS 326 XSS Vulnerability: Remote Code Injection via User, Group, and File-Share Description Fields Flash Memory Reprogramming Vulnerability in Marvell SSD Controller Devices Secure Boot Bypass Vulnerability in Marvell SSD Controller Devices Vulnerability: Tracking and Hash Collision in Linux Kernel IP ID Generation KASLR Bypass: Information Exposure Vulnerability in Linux Kernel 4.x and 5.x Windows AppXSVC Hard Link Handling Elevation of Privilege Vulnerability Uncontrolled Resource Consumption in GitLab CI Configuration Validation Weak Password Recovery Mechanism in Contao Versions 3.5.39 and 4.x before 4.7.3 CSRF Vulnerability in Contao 4.7 Expired Key Vulnerability in Contao 4.7 CSRF Vulnerability in HYBBS 2.2 Allows Unauthorized Administrator Account Creation Cross-Site Scripting (XSS) Vulnerability in Wolf CMS v0.8.3.1 Add Snippet Module Remote Code Execution in ZZZCMS zzzphp v1.6.3 via plugins/ueditor/php/controller.php?action=catchimage source[] Parameter Remote DNS Query Vulnerability in Robocode Memory Leak Vulnerability in ImageMagick 7.0.8-36 Q16's SVGKeyValuePairs Function Windows Kernel Object Handling Elevation of Privilege Vulnerability Heap-based Buffer Over-read in WriteTIFFImage Function of ImageMagick 7.0.8-36 Q16 Remote Code Execution Vulnerability in Ivanti Endpoint Manager (EPM) 2017.3 and 2018.x Arbitrary PHP File Upload Vulnerability in flatCore 1.4.7 SQL Injection Vulnerability in Hsycms V1.1 via /news/*.html Page Denial of Service Vulnerability in LZO 2.10 Library (CVE-2017-8846) Unauthenticated Remote Code Execution via Shell Metacharacters and Buffer Overflow in Grandstream IP Phones Arbitrary Code Execution in Grandstream GWN7000 Devices via Filename Metacharacters Password Disclosure Vulnerability in Grandstream GWN7000 and GWN7610 Devices Arbitrary Code Execution in Grandstream GWN7610 Devices Arbitrary Code Execution in Grandstream GXV3370 and WP820 Devices via /manager?action=getlogcat Priority Field Arbitrary Code Execution in Grandstream GXV3611IR_HD Devices Root Account Without Password Vulnerability Arbitrary Code Execution Vulnerability in Grandstream UCM6204 Devices SQL Injection Vulnerability in Grandstream UCM6204 Devices SQL Injection in Domoticz WebServer.cpp via idx parameter Unvalidated User Input in LibreNMS Graphing Options Allows for RRDtool Syntax Injection Arbitrary PHP Code Execution via Dynamic Script Inclusion in LibreNMS Information Disclosure and File Path Exposure Vulnerability in LibreNMS Unauthenticated Access to Sensitive Functions and Information in LibreNMS Command Injection Vulnerability in LibreNMS through 1.47 Memory Object Handling Vulnerability in Windows Kernel Cross-Site Scripting (XSS) Vulnerability in LibreNMS SQL Injection Vulnerability in LibreNMS Improper Validation of Multiplications and Additions in treeRead Function in libmysofa CSRF Vulnerability in Ultimate Member Plugin Allows Unauthorized Admin Access and Code Execution Uniqkey Password Manager 1.14 - Cleartext Credential Exposure Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in DASAN Zhone ZNID GPON 2426A EU Version S3.1.285 Insecure Argument Options in Domoticz: Neglecting \n and \r Weak Permissions in Thomson Reuters Eikon 4.0.42144 Allow Local Users to Modify Service Executable SQL Server Remote Code Execution Vulnerability Cleartext Secrets Storage in django-nopassword before 5.0.0 Arbitrary PHP Code Execution in 74cms v5.0.1 via site_domain Parameter Reflected Cross Site Scripting (XSS) Vulnerability in Heidelberg Prinect Archiver v2013 release 1.0 SSRF Vulnerability in Ctrip Apollo API: Intranet Port Scan and GET Request via /system-info/health SQL Injection Vulnerabilities in KBPublisher 6.0.2.1 Hard-coded Credentials Vulnerability in VVX Products with BToE Application 3.9.1 Insufficient Authentication in VVX Products with BToE Application: Sensitive Information Leakage Task Scheduler Elevation of Privilege Vulnerability Dovecot JSON Encoder Denial of Service Vulnerability Unsanitized Field Names in wp-google-maps Plugin REST API Default Admin Password Vulnerability in Puppet Enterprise Exposure of Root User Credentials in cd4pe::root_configuration Task Microsoft Office SharePoint XSS Vulnerability Decryption Vulnerability in Western Digital SanDisk X600 Drives Allows Unauthorized Access to Data Firmware Update Authentication Vulnerability in Western Digital SanDisk Devices SQL Injection Vulnerability in MKCMS V5.0 via bplay.php Play Parameter SQL Injection Vulnerability in S-CMS PHP v1.0 via 4/js/scms.php?action=unlike id parameter Asus Precision TouchPad Driver Pool Overflow Vulnerability Windows Kernel Object Memory Handling Vulnerability Vulnerability: Insecure Permissions in Hisilicon Hi3510-based IP Cameras' Web Management Portal Expose WiFi Credentials Unauthenticated RTSP Stream Access Vulnerability in Hisilicon Hi3510-based IP Cameras Undocumented Service Access in WAGO Series 750-88x and 750-87x Web-GUI Out-of-Bounds Access Vulnerability in LocaleLowercase Function in ImageMagick Stored XSS Vulnerability in Verodin Director 3.5.3.0 and Earlier Information Disclosure Vulnerability in Verodin Director 3.5.3.1 and Earlier Directory Traversal Vulnerability in BlogEngine.NET 3.3.7.0 via /api/filemanager Path Parameter XML External Entity Blind Injection in BlogEngine.NET 3.3.7.0 and earlier Directory Traversal and Remote Code Execution Vulnerability in BlogEngine.NET 3.3.7.0 and Earlier Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability Directory Traversal and Remote Code Execution Vulnerability in BlogEngine.NET 3.3.7.0 and Earlier Client Side URL Redirect Vulnerability in BlogEngine.NET 3.3.7.0 Excessive Memory Allocation Vulnerability in PoDoFo 0.9.6 Dolby DAX2 API System Services Privilege Escalation Vulnerability Windows Kernel Object Memory Handling Vulnerability KDE KMail 5.2.3 Encrypted Email Leakage Vulnerability Vulnerability: Email Encryption Leakage in KDE Trojita 0.7 Vulnerability: Covert Leakage of Encrypted Emails in Claws Mail 3.14.1 Microsoft Windows Symbolic Link Elevation of Privilege Vulnerability Vulnerability: Covert Leakage of Encrypted Emails in Roundcube Webmail Vulnerability: HTML Code Injection in K-9 Mail v5.600 Denial of Service Vulnerability in Axios 0.18.0 and earlier Zip Slip Vulnerability: Path Traversal Exploit in Archiver's Unarchive Function Prototype Pollution Vulnerability in lodash.defaultsDeep() Prototype Pollution in assign-deep versions before 0.4.8 and 1.0.0 Prototype Pollution in mixin-deep: Exploiting Object.prototype Modification Prototype Pollution Vulnerability in set-value (versions < 3.0.1) SQL Injection Vulnerability in Sequelize SQL Injection in Sequelize JSON Path Keys in Postgres Dialect ASP.NET Core Open Redirect Vulnerability Prototype Pollution in deeply.assign-deep function in versions before 3.1.0 Open Redirect Vulnerability in HTTPie Package Allows Arbitrary File Write Sequelize JSON Query SQL Injection Vulnerability Insecure Dependency Resolution in Eclipse-WTP, Eclipse-CDT, and Eclipse-Groovy Predictable Token and ID Generation in Apereo CAS Before 6.1.0-RC5 Predictable SAML Identifier Vulnerability in pac4j-saml 3.X JavaScript Injection Vulnerability in node-red-dashboard SQL Injection Vulnerability in Knex.js Versions Before 0.19.5 Remote Code Execution in mongo-express via `toBSON` Method Arbitrary Code Execution Vulnerability in Safer-eval (before 1.3.4) Team Foundation Server Cross-site Scripting Vulnerability Arbitrary Code Execution Vulnerability in Safer-eval Before 1.3.2 Arbitrary Code Execution via Infinite Recursion in vm2 Package SQL Injection Vulnerability in medoo before 1.7.5: Improper Escaping in columnQuote SQL Injection in Pimcore before 6.3.0 allows for Data Leakage Timing Attacks and Scalar Leakage Vulnerability in elliptic-php Versions Prior to 1.0.6 Arbitrary File Inclusion Vulnerability in iobroker.admin SQL Injection Vulnerability in Pixie Versions 1.0.x and 2.0.x Arbitrary File Inclusion Vulnerability in Administrative Web Panel Prototype Pollution in AngularJS merge() Function Arbitrary Code Execution Vulnerability in safer-eval via RangeError Generation Visual Studio Updater Service File Permissions Vulnerability Cross-site Scripting (XSS) Vulnerability in io.ratpack:ratpack-core URL Path Injection Vulnerability Bypassing enshrined/svg-sanitize: xlink:href Attribute Vulnerability Arbitrary Symlink Generation Vulnerability in Yarn Package Install Functionality Command Injection Vulnerability in php-shellcommand versions before 1.6.1 Ecstatic Denial of Service Vulnerability: Application Crash Exploitation Remote Code Execution in git-diff-apply (Versions < 0.22.2) Arbitrary Command Injection in AWS Lambda's config.FunctionName Parameter Command Injection in devcert-sanscache before 0.4.7 allows remote code execution Cross-site Scripting (XSS) Vulnerability in Stroom:Stroom-App Windows Graphics Component Information Disclosure Vulnerability Shell Command Injection in BibTeX-ruby before 5.1.0 Bypassing Sanitization and Validation in schema-inspector (before 1.6.9) XML External Entity (XXE) Injection Vulnerability in com.puppycrawl.tools:checkstyle (versions before 8.29) Command Injection Vulnerability in lsof npm Module CSRF Vulnerability in phppgadmin through 7.12.1 Allows Remote Command Execution Cross-site Scripting Vulnerability in dojox.xmpp.util.xmlEncode Arbitrary Command Execution Vulnerability in Network-Manager Arbitrary Command Execution in im-resize through 2.3.2 Arbitrary Command Execution Vulnerability in im-metadata through 3.0.1 Command Injection Vulnerability in curling.js XML Parsing Vulnerability in Visual Studio TaffyDB npm Module Internal Index Forgery Vulnerability Command Injection Vulnerability in promise-probe before 0.10.0 Prototype Pollution Vulnerability in bodymen before 1.1.1 Prototype Pollution in dot-object before 2.1.3 allows Object.prototype Modification Prototype Pollution Vulnerability in component-flatten Prototype Pollution Vulnerability in Undefsafe before 2.0.3 Arbitrary Command Execution Vulnerability in rpi through 0.0.3 HTTP Response Splitting Vulnerability in Netty Transport-HTTP in WSO2 v6.3.1 and earlier versions Prototype Pollution in rdf-graph-array through 0.3.0-rc6: Manipulation of JavaScript Objects via rdf.Graph.prototype.add Arbitrary Command Execution in compile-sass Prior to 1.0.5 Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Unsanitized Gcov Arguments in Codecov Package (CVE-XXXX-XXXX) Arbitrary Command Execution in enpeem through 2.2.0 Arbitrary Command Execution Vulnerability in Giting Version Prior to 0.0.8 Arbitrary Command Execution in push-dir through 0.4.1 Arbitrary Command Execution Vulnerability in serial-number through 1.3.0 Internal Property Tampering Vulnerability in Valib 2.0.0 Prototype Manipulation Vulnerability in vega-util Arbitrary Command Execution Vulnerability in Blamer Versions Prior to 1.0.1 Object Property Modification Vulnerability in Utilitify Prior to 1.0.3 Memory Object Handling Vulnerability in Microsoft Browsers Race Planting Vulnerability in Microsoft Windows .NET Denial of Service Vulnerability Invisible Display Name Exploit in Microsoft Exchange Arbitrary Code Execution via Backdoor in bootstrap-sass 3.2.0.3 Untrusted HOME Environment Variable Vulnerability in Sony Neural Network Libraries Uniqkey Password Manager 1.14 - Remote Manipulation of Credential Saving Pop-up Unauthenticated Reflected Cross-Site Scripting Vulnerabilities in Computrols CBAS 18.0.0 Login and Password Reset Pages Cross-Site Request Forgery Vulnerability in Computrols CBAS 18.0.0 Username Enumeration Vulnerability in Computrols CBAS 18.0.0 Unprotected Subversion (SVN) Directory/Source Code Disclosure in Computrols CBAS 18.0.0 WLAN Service Elevation of Privilege Vulnerability in Windows Default Credentials in Computrols CBAS 18.0.0 Hard-coded Encryption Keys in Computrols CBAS 18.0.0 Authenticated Blind SQL Injection in Computrols CBAS 18.0.0 via id GET Parameter Authentication Bypass Vulnerability in Computrols CBAS 18.0.0 Authenticated Command Injection in Computrols CBAS 18.0.0 Insecure Password Hashing in Computrols CBAS 18.0.0 Open Redirect Vulnerability in Jupyter Notebook before 5.7.8 Windows Audio Service Elevation of Privilege Vulnerability Command Injection Vulnerability in TeemIp Versions Before 2.4.0: Instantaneous Execution of Malicious PHP Code XSS Vulnerability in WP Statistics Plugin for WordPress SQL Injection Vulnerability in Form Maker Plugin for WordPress Untrusted Data Object Deserialization Vulnerability in Pimcore Unauthenticated User Access to Restricted Field Ordering Vulnerability Path Traversal and Unrestricted File Upload Vulnerability in Ninja Forms Plugin for WordPress Windows Audio Service Elevation of Privilege Vulnerability Heap-based Buffer Over-read in Poppler 0.74.0's PSOutputDev::checkPageSlice Function Heap-based Buffer Over-read in Poppler's Splash::blitTransparent Function NULL Pointer Dereference in SplashClip::clipAALine in Poppler 0.74.0 Arbitrary Code Execution via CSRF in Bolt CMS 3.6.6 File Upload Feature URL Spoofing Vulnerability in Xiaomi Mi Browser and Mint Browser OpenStack Neutron Open vSwitch Firewall KeyError Vulnerability Integer Overflow and Buffer Overflow Vulnerability in Teeworlds 0.7.2 Arbitrary Free and Out-of-Bounds Pointer Write Vulnerability in Teeworlds 0.7.2 Integer Overflow and Buffer Overflow Vulnerability in Teeworlds 0.7.2 Windows Audio Service Elevation of Privilege Vulnerability XEROX Products: Remote Command Execution Vulnerability via Crafted HTTP Request Weak Hard-Coded Password Vulnerability in Xerox AltaLink and AltaLink C Series Stack-based Buffer Overflow in Netskope Client Service Command Injection Vulnerability in Citrix SD-WAN Center and NetScaler SD-WAN Center Domain Confusion Vulnerability in Uniqkey Password Manager 1.14 Bypassing Workspace Control Security Features via Session Context Reset Sony Photo Sharing Plus Application Incorrect Access Control Vulnerability Reflected HTML Injection Vulnerability on Salicru SLC-20-cube3(5) Devices CSRF Vulnerability in UKcms v1.1.10 Allows Unauthorized Addition of Admin User Windows RPCSS Elevation of Privilege Vulnerability Command Injection Vulnerability in D-Link DIR-806 Devices Stack-based Buffer Overflow in D-Link DIR-806 Devices via HTTP Header Stored/Persistent XSS vulnerability in CentOS Web Panel (CWP) allows execution of XSS payload via Admin Email fields GSS-API Dissector Crash Vulnerability in Wireshark NetScaler File Parser Crash Vulnerability Vulnerability: Crash in Wireshark DOF Dissector Infinite Loop Vulnerability in Wireshark 3.0.0 IEEE 802.11 Dissector GSUP Dissector Infinite Loop Vulnerability in Wireshark 3.0.0 Heap-based Buffer Under-read Vulnerability in Wireshark SRVLOC Dissector Windows dnsrslvr.dll Elevation of Privilege Vulnerability Infinite Loop Vulnerability in Wireshark 3.0.0 Rbm Dissector Vulnerability: Crash in LDSS Dissector in Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0 TSDNS Dissector Crash Vulnerability in Wireshark 3.0.0 DCERPC SPOOLSS Dissector Crash Vulnerability Cross-Site Scripting (XSS) Vulnerability in Roundup 1.6 via URI Arbitrary JavaScript Code Execution in Parsedown (before 1.7.2) Sandbox Escape Vulnerability in Pallets Jinja before 2.10.1 Insecure Remember-Me Mechanism in Airsonic 10.2.1 Allows Password Bruteforce Vulnerability: Weak PRNG Seed in Airsonic 10.2.1 Leads to Privilege Escalation Attacks Cross-Site Scripting (XSS) Vulnerability in Symfony Framework Bundle Unistore.dll Memory Object Handling Vulnerability SQL Injection and Remote Code Execution Vulnerability in Symfony Dependency Injection Privileged User Authentication Vulnerability in Symfony File Deletion Vulnerability in Symfony Cache and PHPUnit-Bridge Unvalidated HTTP Methods in Symfony HTTP Foundation Vulnerability Stack-based Buffer Overflow in pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open Unauthenticated Command Execution Vulnerability in TIA Administrator Arbitrary System Command Execution Vulnerability in SIMATIC PCS 7 and WinCC Local Access Denial-of-Service Vulnerability in SIMATIC PCS 7 and WinCC Vulnerability in SIMATIC PCS 7 and WinCC Allows Arbitrary Command Execution Vulnerability in LOGO! 8 BM Allows Unauthorized Access and Device Manipulation Chakra Scripting Engine Remote Code Execution Vulnerability Hardcoded Encryption Key Vulnerability in LOGO! 8 BM (incl. SIPLUS variants) Unencrypted Storage of Passwords in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3) Unauthenticated Remote Code Execution Vulnerability in SIMATIC PCS 7 and WinCC Denial of Service Vulnerability in SIMATIC Industrial Control Systems Arbitrary Code Execution Vulnerability in LOGO! Soft Comfort (All versions < V8.3) Privilege Escalation Vulnerability in SIMATIC MV400 Family (All Versions < V7.0.6) Unencrypted Communication Vulnerability in SIMATIC MV400 Family (All Versions < V7.0.6) Title: Authenticated Remote DoS Vulnerability in SCALANCE Industrial Networking Devices Vulnerability: Arbitrary Command Execution in SCALANCE SC-600 (V2.0) Vulnerability: Message Protection Bypass in SIMATIC Products DirectWrite Memory Disclosure Vulnerability Vulnerability in SIPROTEC 5 Devices: Remote File Manipulation via Port 443/TCP Denial of Service Vulnerability in SIPROTEC 5 Devices Cross-Site Scripting (XSS) Vulnerability in Spectrum Power Web Interface Arbitrary Code Execution Vulnerability in TIA Portal Versions V14-V17 Arbitrary ASPX Code Upload Vulnerability in SIMATIC WinCC DataMonitor Denial of Service Vulnerability in SIMATIC S7-400 and Other Devices UDP Denial-of-Service Vulnerability in SIMATIC TDC CP51M1 (All versions < V1.1.7) Arbitrary Code Execution Vulnerability in Siemens SIPROTEC 5 and Power Meters Open Debug Port Vulnerability in TIM 3V-IE and TIM 4R-IE Devices Windows GDI Memory Disclosure Vulnerability Title: SINEMA Server Vulnerability: Unauthorized Administrative Operations and Firmware Updates Missing Authentication in SINEMA Server Allows Unauthorized Access to System Configuration Backup Files Denial-of-Service Vulnerability in SCALANCE X-200 Switch Family and SCALANCE X204RNA Vulnerability: Unauthorized Modification of User Program on SIMATIC Controllers Joomla! Media Manager Directory Traversal Vulnerability Unauthenticated Access to Refresh List of Helpsites Endpoint in Joomla! Multiple Remote Code Execution Vulnerabilities in Delta Industrial Automation CNCSoft Denial-of-Service Vulnerability in Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2 Multiple Out-of-Bounds Read Vulnerabilities in Delta Industrial Automation CNCSoft ScreenEditor Version 1.00.88 and Prior Windows GDI Memory Disclosure Vulnerability Insecure Telnet Services in Fujifilm FCR Systems Multiple Heap-Based Buffer Overflow Vulnerabilities in Delta Industrial Automation CNCSoft ScreenEditor Version 1.00.88 and Prior Stack-based Buffer Overflow Vulnerability in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 Controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and Earlier Denial-of-Service Vulnerability in Programmable Logic Controllers SMTP Packet Denial-of-Service Vulnerability in CompactLogix and GuardLogix Controllers Open Redirect Vulnerability in Rockwell Automation MicroLogix and CompactLogix Controllers Remote Code Execution Vulnerability in Geutebruck IP Cameras Remote Code Execution in Geutebruck IP Cameras Remote Code Execution in Geutebruck IP Cameras Vulnerability: Unrestricted Upload of Malicious Files during Firmware Update Kernel Information Disclosure Vulnerability in Win32k Component Unrestricted Front Panel Access Vulnerability in Zebra Industrial Printers Remote Code Execution Vulnerability in Advantech WebAccess HMI Designer Version 2.1.9.23 and Prior Alaris Gateway Workstation Unauthorized Access Vulnerability Information Disclosure Vulnerability in Moxa EDR 810 (Versions 5.1 and Prior) Vulnerability: Unauthorized Access and Control of Medtronic Insulin Pumps Heap-based Buffer Overflow Vulnerability in Emerson Ovation OCR400 Controller 3.3.1 and Earlier Remote Configuration Modification and Alarm Silencing Vulnerability in GE Aestiva and Aespire Versions 7100 and 7900 Stack-based Buffer Overflow in Emerson Ovation OCR400 Controller FTP Server Unauthorized Activation of System Options in Philips Holter 2010 Plus Ping Abuse Vulnerability in Moxa EDR 810: Remote Code Execution DirectWrite Memory Disclosure Vulnerability Root-level File System Access Vulnerability in Rockwell Automation PanelView 5510 Untrusted Search Path Vulnerability in Network Configurator for DeviceNet Safety 3.41 and Prior CPU Exhaustion Vulnerability in Mitsubishi Electric FR Configurator2 Unintentional Access Vulnerability in Quest KACE Arbitrary Code Execution Vulnerability in NREL EnergyPlus Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Vulnerability Arbitrary File Read Vulnerability in Mitsubishi Electric FR Configurator2 Denial-of-Service Vulnerability in Mitsubishi Electric MELSEC-Q Series Ethernet Module QJ71E71-100 Multiple Memory Exploitation Vulnerabilities in Red Lion Controls Crimson Hard-coded Customer Account Password Vulnerability in SICK MSC800 Firmware Versions Prior to 4.0 Windows GDI Memory Disclosure Vulnerability Type Confusion Vulnerability in LAquis SCADA 4.3.1.71 Allows Remote Code Execution Local User Credential Access Vulnerability in Vijeo Citect and CitectSCADA Multiple Heap-Based Buffer Overflow Vulnerabilities in Delta Electronics CNCSoft ScreenEditor Out-of-Bounds Read Vulnerability in WebAccess/SCADA Versions 8.3.5 and Prior Multiple Pointer Mishandling Vulnerabilities in Red Lion Controls Crimson Path Traversal Vulnerability in WebAccess/SCADA Versions 8.3.5 and Prior Multiple Out-of-Bounds Write Vulnerabilities in WebAccess/SCADA Versions 8.3.5 and Prior Vulnerability: Exploitable Operating System in Philips HDI 4000 Ultrasound Systems Heap-based Buffer Overflow Vulnerabilities in WebAccess/SCADA Versions 8.3.5 and Prior Windows GDI Memory Disclosure Vulnerability Hard-coded Password Vulnerability in Red Lion Controls Crimson Multiple Stack-Based Buffer Overflow Vulnerabilities in WebAccess/SCADA Versions 8.3.5 and Prior Out-of-Bounds Read Vulnerabilities in Delta Electronics CNCSoft ScreenEditor Untrusted Pointer Dereference Vulnerabilities in WebAccess/SCADA Versions 8.3.5 and Prior Out-of-Bounds Read Vulnerability in LAquis SCADA 4.3.1.71 Hidden Administrative Accounts in ABB CP651 HMI Products: Vulnerability in Revision BSP UN30 v1.76 and Prior Memory Corruption Vulnerability in Red Lion Controls Crimson Protocol Fuzzing Vulnerability in Phoenix Contact AXC F 2152 Devices Unlimited Physical Access Vulnerability Leading to SD Card Manipulation and Authentication Bypass Stack-based Buffer Overflow in D-Link DCS Series Wi-Fi Cameras' Alphapd Web Server Windows GDI Memory Disclosure Vulnerability GitLab Enterprise Edition Information Disclosure Vulnerability Command Injection Vulnerability in Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W Devices XSS Vulnerability in Materialize Tooltip Feature XSS Vulnerability in Materialize Autocomplete Feature XSS Vulnerability in Materialize's Toast Feature Stack-based Buffer Overflow in GraphicsMagick 1.4 Snapshot-20190322 Q8: Remote Code Execution via SVGStartElement Heap-based Buffer Over-read in GraphicsMagick's ReadMIFFImage Function Heap-based Buffer Over-read in GraphicsMagick's ReadMNGImage Function Heap-based Buffer Overflow in GraphicsMagick 1.4 Snapshot-20190322 Q8: WriteXWDImage Vulnerability Heap-based Buffer Over-read in GraphicsMagick's ReadXWDImage Function Windows GDI Memory Disclosure Vulnerability Memory Leak in ReadMPCImage Function of GraphicsMagick 1.4 Snapshot-20190322 Q8 Remote Code Execution Vulnerability in Akamai CloudTest before 58.30 Nimble Streamer Directory Traversal Vulnerability Vulnerability: Camera Spoofing and Credential Theft in VStarCam Eye4 Application MIUI OS Version 10.1.3.0 Lockscreen Bypass Vulnerability via Wallpaper Carousel Open Redirect Vulnerability in Elgg before 1.12.18 and 2.3.x before 2.3.11 Multiple Stored and Reflected XSS Vulnerabilities in D-Link DI-524 V2.06RU Web Configuration Cookie-based credentials can be exploited to retain administrator access after password change in ThinkAdmin V4.0 Unauthenticated Remote Access to Claim Details in DDRT Dashcom Live GDI+ Remote Code Execution Vulnerability Remote Access to Claim Details in DDRT Dashcom Live 2019-05-09 Authenticated Unrestricted File Upload Vulnerability in Schlix CMS 2.1.8-7 Allows Remote Code Execution NULL Pointer Dereference in agroot() function in Graphviz 2.39.20160612.1140 Infinite Recursion Vulnerability in libsixel 1.8.2's load_pnm function Cross-Site Scripting (XSS) Vulnerability in clearFilter() Function in Cacti before 1.2.3 Infinite Recursion Vulnerability in Poppler 0.75.0's FontInfoScanner::scanFonts Remote Code Execution Vulnerability in Ruby OpenID (ruby-openid) Library Arbitrary File Upload Vulnerability in GAT-Ship Web Module before 1.40 Directory Traversal Vulnerability in Mirasys VMS AutoUpdateService Chakra Scripting Engine Remote Code Execution Vulnerability Insecure Deserialization Vulnerability in Mirasys VMS Privilege Escalation via Auto-Update Feature in Mirasys VMS Cross Site Scripting (XSS) Vulnerabilities in EasyToRecruit (E2R) before 2.11 HTML Injection Vulnerability in Applaud HCM 4.0.42+ with XSS Payload Buffer Overflow Vulnerability in PHP EXIF Extension Buffer Overflow Vulnerability in PHP EXIF Extension Buffer Overflow Vulnerability in PHP EXIF Extension Out-of-Bounds Write Vulnerability in PHP Imagick Extension Uninitialized Variable Vulnerability in gdImageCreateFromXbm() Function Out-of-Buffer Read Vulnerability in PHP's iconv_mime_decode_headers() Function Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Buffer Overflow Vulnerability in PHP EXIF Extension Buffer Overflow Vulnerability in PHP EXIF Extension Buffer Overflow Vulnerability in PHP EXIF Extension Remote Code Execution Vulnerability in PHP FPM Module PHP link() Function Vulnerability: Embedded Null Byte Termination PHP DirectoryIterator Class Vulnerability: Embedded Null Byte Termination Memory Disclosure Vulnerability in PHP bcmath Extension Buffer Overflow Vulnerability in PHP EXIF Extension Memory Exhaustion and Disk Space Accumulation Vulnerability in PHP File Uploads Double-Free Vulnerability in PHP mail() Function on Windows Outlook for Android Email Spoofing Vulnerability Buffer Overflow Vulnerability in PHP EXIF Extension Arbitrary SQL Command Execution in Vtiger CRM before 7.1.0 hotfix3 Buffer Overflow Vulnerability in Das U-Boot 2016.11-rc1 through 2019.04 Chakra Scripting Engine Remote Code Execution Vulnerability Vulnerability: Slowloris HTTP Denial of Service in ASUS HG100 Firmware up to 1.05.12 Unauthenticated Control of IoT Devices via HG100 Firmware Vulnerability OS Command Injection Vulnerability in SUNNET WMPro v5.0 and v5.1 for eLearning System via /teach/course/doajaxfileupload.php Unauthenticated Access Control Vulnerability in SmartHome App Allows Unauthorized Control of IoT Devices Remote Credential Disclosure Vulnerability in Advan VD-1 Firmware Versions up to 230 Insecure HTTP URL Vulnerability in Gradle's JavaScript and CoffeeScript Plugins SSRF Vulnerability in LightOpenID through 1.3.1 via Crafted OpenID 2.0 Assertion Request Bypass of Protection Mechanism in libxslt through 1.1.33 Improper Handling of Standard Conforming Strings in Sequelize Version 5 before 5.3.0 Chakra Scripting Engine Remote Code Execution Vulnerability Improper Application of HTTP Proxy Settings in WebKitGTK and WPE WebKit Leads to Deanonymization Arbitrary Code Execution Vulnerability in SPIP 3.1 and 3.2 Signed Integer Overflow in lighttpd before 1.4.54 Allows Denial of Service Remote Code Execution Vulnerability in PRTG Network Monitor before 19.4.54.1506 Arbitrary File Placement Vulnerability in PRTG Network Monitor Arbitrary Command Execution in Cribl UI 1.5.0 CSRF Vulnerability in FastAdmin V1.0.0.20190111_beta Allows Unauthorized Addition of Admin User CSRF Vulnerability in MKCMS V5.0 Allows Unauthorized Addition of Admin User Windows RDP Client Memory Disclosure Vulnerability Remote Code Execution via Deserialization in Sitecore Experience Platform (XP) prior to 9.1.1 Default Username and Password Vulnerability in Dentsply Sirona Sidexis 4.3.1 and Earlier Directory Traversal Vulnerability in DKPro Core API Allows Overwriting of Local Files Stored XSS vulnerability in GAuth 0.9.9 beta allows for repeated popups and cookie disclosure. Kernel Mode Driver Vulnerability in Intel(R) i915 Graphics for Linux Intel(R) AMT Subsystem Vulnerability: Unauthenticated Privilege Escalation via Physical Access Insufficient Input Validation in Intel(R) CSME and Intel(R) TXE Subsystems: Privilege Escalation, Information Disclosure, and Denial of Service Vulnerability Escalation of Privilege Vulnerability in Intel(R) AMT Subsystem Denial of Service Vulnerability in Intel(R) Graphics Driver Microsoft Office Javascript Spoofing Vulnerability Timing-based Cryptographic Vulnerability in Intel Subsystems MDSUM: Information Disclosure Vulnerability via Uncacheable Memory Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Unquoted Service Path Vulnerability in Intel(R) SCS Discovery Utility Insufficient Input Validation in Intel (R) NUC Kit Firmware: Potential Privilege Escalation, DoS, and Information Disclosure Vulnerability Insufficient Access Control in Intel(R) Driver & Support Assistant Allows Information Disclosure via Local Access Memory Protection Vulnerability in Intel(R) Ethernet I218 Adapter Driver for Windows* 10 Privilege Escalation via Improper Directory Permissions in Intel Management Engine Consumer Driver Installer Insufficient Input Validation in MdeModulePkg in EDKII: Potential for Privilege Escalation, DoS, and Information Disclosure via Physical Access Microsoft Excel Remote Code Execution Vulnerability Intel(R) AMT Subsystem Insufficient Input Validation Vulnerability Information Disclosure Vulnerability in Intel(R) CSME and Intel(R) TXE Information Disclosure Vulnerability in Intel(R) DAL and Intel(R) TXE Software Firmware Update Software Vulnerability in Intel(R) CSME: Potential Privilege Escalation via Local Access Insufficient Input Validation in Intel(R) CSME and TXE Software: Local Privilege Escalation Vulnerability Privilege Escalation and Information Disclosure Vulnerability in Intel(R) CSME Subsystem Insufficient Session Validation Vulnerability in Intel(R) CSME and Intel(R) TXE Intel(R) AMT Subsystem Vulnerability: Unauthenticated Privilege Escalation via Network Access Privilege Escalation Vulnerability in Intel(R) CSME Subsystem Denial of Service Vulnerability in Intel(R) SPS Subsystem Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111) Authentication Bypass Vulnerability in Intel(R) CSME and Intel(R) TXE Potential Privilege Escalation via Pointer Corruption in Intel Graphics Drivers Kernel Mode Driver Memory Corruption Vulnerability in Intel(R) Graphics Driver Buffer Overflow Vulnerability in Intel(R) Graphics Driver Allows Information Disclosure via Local Access Denial of Service Vulnerability in Intel(R) Driver & Support Assistant version 19.3.12.3 and earlier Privilege Escalation Vulnerability in Intel(R) Omni-Path Fabric Manager GUI Insufficient Session Validation in Intel(R) RWC3 Service API: Potential Privilege Escalation via Network Access Memory Disclosure Vulnerability in Microsoft Excel Path Traversal Vulnerability in Intel(R) Active System Console Installer Privilege Escalation via Improper File Permissions in Intel(R) Media SDK Installer Insufficient Session Validation in Intel(R) NUC Kit Firmware: Privilege Escalation, DoS, and Information Disclosure Vulnerability Critical Vulnerability in Intel(R) NUC Kit Firmware Allows Privilege Escalation and Information Disclosure Vulnerability: Insufficient Input Validation in Intel(R) NUC Kit Firmware Vulnerability: Pointer Corruption in Intel(R) NUC Kit System Firmware Buffer Overflow Vulnerability in Intel(R) NUC Kit Firmware: Potential Privilege Escalation, Denial of Service, and Information Disclosure Vulnerability: Insufficient Input Validation in Intel(R) NUC Kit Firmware Critical Vulnerability in Intel(R) NUC Kit Firmware Allows Privilege Escalation and Information Disclosure .NET Framework Remote Code Execution Vulnerability Intel(R) AMT Subsystem Logic Issue Vulnerability Cross-Site Scripting Vulnerability in Intel(R) AMT Subsystem Improper Access Control in Intel(R) Processor Diagnostic Tool: Potential Privilege Escalation, Information Disclosure, and Denial of Service TSX Asynchronous Abort: Speculative Execution Side Channel Vulnerability Vulnerability: Insufficient Access Control in System Firmware for Intel Processors Vulnerability: Insufficient Input Validation in Intel Processors Firmware Denial of Service Vulnerability in Intel Xeon Scalable Processors' Voltage Modulation Interface Insufficient Session Validation in Intel(R) NUC System Firmware: Privilege Escalation, DoS, and Information Disclosure Vulnerability Privilege Escalation Vulnerability in Intel(R) Authenticate Software Installer Vulnerability: Improper File Verification in Intel® Driver & Support Assistant Escalation of Privilege Vulnerability in Intel® Driver & Support Assistant Privilege Escalation Vulnerability in Intel Hardware Abstraction Driver for MEInfo, TXEInfo, INTEL-SA-00086 Detection Tool, and INTEL-SA-00125 Detection Tool Privilege Escalation Vulnerability in Intel(R) Remote Displays SDK Installer Vulnerability: Memory Corruption in Intel(R) WIFI Drivers Allows Privilege Escalation and Information Disclosure Vulnerability: Memory Corruption in Intel(R) WIFI Drivers Allows Privilege Escalation and Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Software Extension DLL Allows for Privilege Escalation and Information Disclosure Improper Directory Permissions in Intel(R) PROSet/Wireless WiFi Software: Potential Denial of Service and Information Disclosure Vulnerability Improper Directory Permissions in Intel(R) PROSet/Wireless WiFi Software: Potential Denial of Service and Information Disclosure Vulnerability Intel(R) PROSet/Wireless WiFi Software Logic Errors Vulnerability Voltage Settings Vulnerability in Intel(R) Processors: Potential Privilege Escalation and Information Disclosure via Local Access Windows GDI Memory Disclosure Vulnerability Insufficient Access Control in SEMA Driver for Intel(R) Computing Improvement Program: Potential Privilege Escalation, Denial of Service, and Information Disclosure Insufficient Access Control in Intel(R) Processor Identification Utility for Windows: Potential Privilege Escalation, Denial of Service, and Information Disclosure Denial of Service Vulnerability in Linux Kernel Driver for Intel FPGA SDK for OpenCL Pro Edition Privilege Escalation Vulnerability in Intel(R) Easy Streaming Wizard Installer Privilege Escalation Vulnerability in Intel(R) Smart Connect Technology Installer for Intel(R) NUC Title: Intel Baseboard Management Controller Firmware Vulnerability: Insufficient Session Validation Enables Information Disclosure and Denial of Service DirectWrite Remote Code Execution Vulnerability Intel(R) Baseboard Management Controller Firmware Authentication Bypass Vulnerability Heap Corruption Vulnerability in Intel(R) Baseboard Management Controller Firmware Intel Baseboard Management Controller Firmware Out-of-Bound Read Vulnerability Title: Intel Baseboard Management Controller Firmware Vulnerability: Insufficient Session Validation Enables Information Disclosure and Denial of Service Intel(R) Baseboard Management Controller Firmware Vulnerability: Unauthorized Information Disclosure via Network Access Title: Unauthenticated Denial of Service Vulnerability in Intel(R) Baseboard Management Controller Firmware Intel(R) Baseboard Management Controller Firmware Unauthenticated Denial of Service Vulnerability Intel Baseboard Management Controller Firmware Stack Overflow Vulnerability Intel(R) Baseboard Management Controller Firmware Information Disclosure Vulnerability DirectWrite Remote Code Execution Vulnerability Title: Unauthenticated Denial of Service Vulnerability in Intel(R) Baseboard Management Controller Firmware Unauthenticated Network Access Vulnerability in Intel(R) Baseboard Management Controller Firmware Intel(R) Baseboard Management Controller Firmware Memory Corruption Vulnerability Race Condition Vulnerability in Intel (R) DDIO Cache Allocation and RDMA: Potential Information Disclosure via Adjacent Access Arbitrary File Upload Vulnerability in WP Live Chat Support Pro Plugin LDAP Class of GONICUS GOsa: Incorrect Access Control Vulnerability Authentication Bypass by Spoofing in ONOS v2.0 and earlier: Exploiting Access Control and Host Mobility Vulnerability DirectWrite Remote Code Execution Vulnerability Race condition vulnerability in Linux kernel allows local users to bypass ASLR on setuid programs Race condition vulnerability in Linux kernel allows bypassing ASLR on setuid a.out programs Cross-Site Scripting (XSS) Vulnerability in InfinitumIT DirectAdmin v1.561 Allows Administration Panel Takeover Authentication Bypass Vulnerability in ValuePLUS Integrated University Management System (IUMS) Allows Remote Attackers to Gain Administrator Privileges Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sitecore CMS 9.0.1 and Earlier Stored XSS Vulnerability in Dolibarr ERP/CRM 9.0.1 via Uploaded Files DirectWrite Remote Code Execution Vulnerability Arbitrary Binary Execution Vulnerability in Dolibarr ERP/CRM 9.0.1 Code Execution Vulnerability in Dolibarr ERP/CRM 9.0.1 Website Module Default Admin User Vulnerability Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities in TIBCO ActiveMatrix BPM and TIBCO Silver Fabric Vulnerability in TIBCO Spotfire Statistics Services Web Interface Allows Unauthorized Access to Sensitive Information Reflected Cross-Site Scripting (XSS) Vulnerability in TIBCO Spotfire Analytics Platform and Server Integrity Undermining Vulnerability in TIBCO Spotfire Analytics Platform and Server Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities in TIBCO LogLogic Enterprise Virtual Appliance and Log Management Intelligence OAuth Authorization Privilege Escalation Vulnerability in TIBCO API Exchange Gateway Access Control Failure in TIBCO FTL Realm Configuration Component DirectWrite Remote Code Execution Vulnerability Remote Code Execution Vulnerability in TIBCO Enterprise Runtime for R - Server Edition and TIBCO Spotfire Analytics Platform for AWS Marketplace Remote Code Execution Vulnerability in TIBCO Enterprise Runtime for R - Server Edition and TIBCO Spotfire Analytics Platform Multiple Cross-Site Scripting (XSS) Vulnerabilities in TIBCO MDM Server Component Session Token Replay and Spoofing Vulnerability in Pulse Secure Pulse Desktop Client and Network Connect Arbitrary Code Execution via Writable Configuration File in Combodo iTop BMC Smart Reporting 7.3 20180418 - Authenticated XXE Vulnerability in Import Functionality Arbitrary Command Execution in Bonobo Git Server Privilege Escalation via Extra Parameters in Bonobo Git Server AccountController Predictable Device IDs in Shenzhen Yunni Technology iLnkP2P: Exploiting a Flaw in UID Generation Algorithm DirectWrite Remote Code Execution Vulnerability iLnkP2P Authentication Flaw: Remote Interception of Cleartext Traffic and Device Credentials Buffer Overflow Vulnerability in GPAC 0.7.1's gf_import_message() Buffer Overflow Vulnerability in gf_bin128_parse Function in GPAC 0.7.1 Unrestricted File Upload Vulnerability in SupportCandy Plugin for WordPress Remote OS Command Injection in HARMAN AMX MVP5150 v2.87.13 Devices XSS Vulnerability in CMS Made Simple 2.2.10 via Add Article in Content Manager Unvalidated Input in MirrorAddress Parameter in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 Remote Code Execution via Mishandled Mirror Repo URL Settings in Gitea DirectWrite Remote Code Execution Vulnerability Symlink Vulnerability in Avast Antivirus Allows Arbitrary File Renaming Arbitrary File Upload and Authentication Bypass in GetSimple CMS Unauthenticated User Information Leakage in EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 Unauthenticated User Information Leakage in EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 Dragonblood: Authentication Spoofing Vulnerability in FreeRADIUS Dragonblood: FreeRADIUS Vulnerability in Scalar Verification and Curve Point Validation CRLF Injection Vulnerability in urllib3 Library DirectWrite Remote Code Execution Vulnerability Unverified TLS Certificate Vulnerability in Cohesity DataPlatform Kubernetes Vulnerability: Ineffective Clearing of Service Account Credentials in rest.AnonymousClientConfig() World-writeable permissions in kubectl cache directory in Kubernetes v1.8.x-v1.14.x Container RunAsRoot Vulnerability in kubelet v1.13.6 and v1.14.2 Arbitrary Code Execution via kubectl cp Command Kubernetes kube-apiserver Cluster-Scoped Custom Resource Access Vulnerability Unauthenticated Debugging Endpoint Exposes Sensitive Information in Kubelet Healthz Port Arbitrary Code Execution via kubectl cp Command Speculative Memory Access Vulnerability Kubernetes Client-go Library Vulnerability: Unauthorized Disclosure of Credentials via Request Header Logging Kubernetes kubectl cp Command Symlink Vulnerability Credential Leakage in Kubernetes kube-controller-manager Kubernetes API Server Denial of Service Vulnerability Excessive CPU Consumption Vulnerability in Kubernetes API Server Unauthorized Data Access and Volume Manipulation in Kubernetes CSI Sidecar Containers ADFS Extranet Lockout Bypass Vulnerability Improper Escaping in Cloud Foundry UAA Allows Privilege Escalation and Information Disclosure Open Redirect Vulnerability in Spring Security OAuth DirectWrite Remote Code Execution Vulnerability Arbitrary Scope Creation Vulnerability in Cloud Foundry UAA Information Disclosure Vulnerability in Cloud Foundry BOSH Director Vulnerability: Authentication Bypass via Null Password in Spring Security Information Leakage in Pivotal Container Services (PKS) Logging XSS Vulnerability in Cloud Foundry UAA Versions Prior to 74.0.0 CSV Formula Injection Vulnerability in Pivotal Application Manager Unsecured HTTP Request Vulnerability in Pivotal Apps Manager LDAP Injection Vulnerability in Cloud Foundry NFS Volume Service Privilege Escalation and Scope Control Vulnerability in CF UAA Privilege Escalation via Scope Manipulation in CF UAA DirectWrite Remote Code Execution Vulnerability Privilege Escalation through Invitations in Pivotal Apps Manager Cross-Site Scripting (XSS) Vulnerability in Pivotal RabbitMQ and RabbitMQ for PCF SCIM Injection Vulnerability in Cloud Foundry UAA Sensitive Information Exposure in Cloud Foundry SMB Volume Logs Authorization Header Leakage in Pivotal Reactor Netty Remote Code Execution in VMware GemFire and VMware Tanzu GemFire JMX Service Denial of Service Vulnerability in Pivotal RabbitMQ and RabbitMQ for Pivotal Platform Man-in-the-Middle Attack on JMX Interface in Pivotal tc Server and tc Runtimes Cloud Foundry Routing Nonce Validation Vulnerability Windows AppX Deployment Service (AppXSVC) Hard Link Elevation of Privilege Vulnerability Information Leakage: Logging of Query Parameters in Cloud Foundry UAA Cross-Site Scripting (XSS) Vulnerability in Pivotal RabbitMQ and RabbitMQ for PCF Authentication Credentials Logging Vulnerability in Pivotal Ops Manager Information Leakage: Client Secret Credentials Exposed in Cloud Foundry UAA Logging Unauthorized Access to Global Service Brokers in Cloud Foundry Cloud Controller API (CAPI) Windows AppX Deployment Service (AppXSVC) Hard Link Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Persistent XSS vulnerability in Zimbra Collaboration before 8.8.12 Patch 1 Remote Code Execution via Command Injection in Motorola CX2 and M2 Firmware Download Function Win32k Memory Object Handling Elevation of Privilege Vulnerability Unauthenticated Remote Telnet Access Vulnerability in Motorola CX2 1.01 and M2 1.01 Routers Unauthenticated Information Disclosure in Motorola CX2 and M2 Routers Remote Code Execution via Command Injection in Motorola CX2 and M2 1.01 Uninitialized HMAC Keys Vulnerability in HAProxy Improper SSL Certificate Verification in urllib3 Library Arbitrary PHP Code Execution Vulnerability in Symfony VarExport Component Authentication Bypass Vulnerability in Topcon Positioning Net-G5 GNSS Receiver Local File Inclusion Vulnerability in Topcon Positioning Net-G5 GNSS Receiver Firmware 5.2.2 Privilege Escalation via Insecure Permissions in Singularity 3.1.0 to 3.2.0-rc2 Internet Explorer Scripting Engine Memory Corruption Vulnerability NTP Vulnerability: Off-Path Attacks via Port 123 Arbitrary User Account Takeover in MKCMS 5.0 via ucenter/repass.php Authentication Bypass Vulnerability in Tzumi Electronics Klic Lock Application 1.0.9 Allows Unauthorized Access and Unlocking of Tzumi Electronics Klic Smart Padlock Model 5686 Remote Retrieval of Wi-Fi Password in Sony Bravia Smart TVs via Photo Sharing Plus Application FFmpeg HEVC Decoder Remote Denial of Service Vulnerability Out-of-array Access Vulnerability in FFmpeg MPEG-4 Video Decoder Microsoft Office SharePoint XSS Vulnerability Email Domain Bypass Vulnerability in Matrix Sydent Vulnerability: Unauthorized TCP Dump Capture on Samsung P(9.0) Phones Torpedo Query before 2.5.3 SQL Injection Vulnerability Arbitrary Code Execution via .htaccess File Upload in Pluck 4.7.8 Cross-Site Scripting (XSS) Vulnerability in Citrix SD-WAN Center and NetScaler SD-WAN Center Cleartext Password Storage and Retrieval Vulnerability in CloudBees Jenkins Operations Center 2.150.2.3 Remote Code Execution Vulnerability in TeamSpeak 3 Client (Versions before 3.2.5) via Qt Framework Command Injection Vulnerability in EnGenius EWS660AP Router Firmware 2.0.284 Template Injection Vulnerability in EA Origin 10.5.36 on Windows Command Injection Vulnerability in Poly HDX 3.1.13 Arbitrary Code Execution via CalDAV PUT Operation with Long iCalendar Property Name Object.prototype Pollution in jQuery before 3.4.0 Arbitrary Web Script Injection in I, Librarian 4.10 via display.php Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Buffer Overflow Vulnerability in iptables-restore Allows Code Execution Privilege Escalation and Application Takeover in Zoho ManageEngine Remote Access Plus 10.0.258 SQL Injection Vulnerability in ROCBOSS V2.2.1 via PostController.php SQL Injection Vulnerability in Snare Central 7.4.5 and Earlier: Remote Code Execution via AgentConsole/UserGroupQuery.php ShowUser Parameter OS Command Injection Vulnerability in Snare Central before 7.4.5 via ServerConf/DataManagement/DiskManager.php Stack-based Buffer Overflow in atftpd Denial of Service Vulnerability in atftpd 0.7.1 Insecure HTTP Basic Authentication in AUO Solar Data Recorder Stored XSS Vulnerability in AUO Solar Data Recorder 1.3.0 via protect/config.htm addr Parameter Carel pCOWeb Cleartext Password Storage Vulnerability Microsoft Exchange Server Spoofing Vulnerability Stored XSS Vulnerability in Carel pCOWeb (prior to B1.2.4) via System Contact Field Buffer Overflow Vulnerability in BWA 0.7.17 r1198 MediaInfoLib: Out-of-Bounds Read Vulnerability in File__Tags_Helper::Synched_Test Out-of-Bounds Read Vulnerability in MediaInfoLib CSRF Vulnerability in 74CMS v5.0.1 Allows Unauthorized Addition of Admin User CSRF Vulnerability in Msvod v10 Allows Unauthorized User Information Modification Arbitrary PHP Code Execution in SOY CMS v3.0.2 Arbitrary File Upload Vulnerability in WCMS v0.3.2 via WCMS Finder Action Arbitrary File Read and Potential Code Execution in ProjectSend r1053 Chakra Scripting Engine Remote Code Execution Vulnerability Bypassing Master-Password Feature in ES File Explorer Allows Remote FTP Access User Credentials Disclosure in Medha WiFi FTP Server Application Insecure Storage of Confidential Information in Zalora Android App (Version 6.15.1) Denial of Service Vulnerability in OWASP ModSecurity Core Rule Set (CRS) Denial of Service (ReDOS) Vulnerability in OWASP ModSecurity Core Rule Set (CRS) Denial of Service Vulnerability in OWASP ModSecurity Core Rule Set (CRS) 3.1.0 Chakra Scripting Engine Remote Code Execution Vulnerability Denial of Service Vulnerability in OWASP ModSecurity Core Rule Set (CRS) Denial of Service Vulnerability in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0 XXE Vulnerability in BlogEngine.NET 3.3.7 and Earlier via apml File in syndication.axd Privilege Escalation via Password Change in M/Monit Buffer Overflow Vulnerability in MailCarrier 2.51 Allows Remote Code Execution Privilege Escalation via Permissive Access Rights in Avira Free Security Suite 10 Local File Inclusion Vulnerability in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 Multiple Cross-Site Scripting (XSS) Vulnerabilities in UliCMS 2019.2 and 2019.1 OS Command Injection Vulnerability in TRENDnet TEW-651BR, TEW-652BRP, and TEW-652BRU Devices Chakra Scripting Engine Remote Code Execution Vulnerability Buffer Overflow Vulnerability in TRENDnet TEW-651BR, TEW-652BRP, and TEW-652BRU Devices Arbitrary Code Execution Vulnerability in SiteServer CMS 6.9.0 Unencrypted Storage of Credentials in Gradle Enterprise Build Cache Nodes Password Reflection in Gradle Enterprise Build Cache Nodes Insecure HTTP Resolution of Gradle Build Artifacts in arrow-kt before 0.9.0 Insecure Dependency Resolution in OpenAPI Generator Cross-Site Scripting (XSS) Vulnerability in Subrion CMS 4.2.1 via _core/en/contacts/ Information Disclosure Vulnerability in FusionPBX Operator Panel Module Remote Code Execution via XSS in FusionPBX Operator Panel Command Injection and Remote Code Execution in FusionPBX Operator Panel Chakra Scripting Engine Remote Code Execution Vulnerability Command Injection Vulnerability in FusionPBX Backup Module Stack-based Buffer Overflow in Artifex MuJS 1.0.5's Number#toFixed() and numtostr Implementations Denial of Service Vulnerability in Artifex MuJS 1.0.5 Unlimited Recursion Vulnerability in Artifex MuJS 1.0.5 Vulnerability: Unauthorized Administrative Access on Intelbras IWR 3000N 1.5.0 Devices Denial of Service Vulnerability in Intelbras IWR 3000N 1.5.0 Devices CSRF Vulnerability in Intelbras IWR 3000N 1.5.0 Devices Allows Complete Router Control Buffer Overflow Vulnerability in TRENDnet TV-IP110WN Cameras Buffer Overflow Vulnerability in TRENDnet TEW-632BRP 1.010B32 Router's apply.cgi via SOAPACTION:HNAP1 Interface Denial of Service Vulnerability in WeChat Android Application through Emoji File Replacement .NET Framework File Creation Elevation of Privilege Vulnerability XSS Vulnerability in iCMS 7.0.14 via admincp.php?app=config Tab Parameter XSS Vulnerability in iCMS 7.0.14 via search.app.php XSS Vulnerability in I, Librarian 4.10 via export.php export_files Parameter Reflected XSS Vulnerability in CentOS Web Panel's Add DNS Zone Screen Windows Graphics Component Memory Disclosure Vulnerability Windows Font Library Remote Code Execution Vulnerability Liferay Portal CE 7.1.2 GA3 OS Command Execution Vulnerability Arbitrary File Upload and Remote Code Execution in OpenKM 6.3.2 - 6.3.7 Arbitrary File Upload Vulnerability in ATutor 2.2.4 Arbitrary Code Execution via Avatar Upload in CutePHP CuteNews 2.1.2 Zoho ManageEngine Applications Manager Unauthenticated SQL Injection Vulnerability XSS Vulnerability in I, Librarian 4.10 via notes.php notes Parameter Windows Font Library Remote Code Execution Vulnerability Title: WhatsNS 4.0 Index.php?question/ajaxadd.html SQL Injection Vulnerability WhatsNS 4.0 SQL Injection Vulnerability via index.php?inform/add.html qid Parameter Vulnerability: SQL Injection in whatsns 4.0 admin_category/remove.html Persistent Cross-Site Scripting (XSS) in Tildeslash Monit before 5.25.3 via Manipulation of Authorization Header Buffer Over-read Vulnerability in Tildeslash Monit Allows Memory Retrieval and Denial of Service Gila CMS 1.10.1 - Arbitrary PHP Code Execution via fm/save CSRF Multiple CSRF Vulnerabilities in MicroPyramid Django CRM 0.2.1 Arbitrary File Overwriting Vulnerability in SmtpTransport in CakePHP 3.7.6 Uninitialized Memory Use in GNOME Evince TIFF Document Backend Jet Database Engine Remote Code Execution Vulnerability Thumbnailer Escape Vulnerability in GNOME gnome-desktop Vulnerability: Sandbox Escape in GNOME Nautilus Thumbnailer Memory Leak Vulnerability in libarchive 3.3.4-dev via Crafted ZIP File Missing Security Headers in Couchbase Server Views REST API (port 8092) in Versions 5.5.0 and 5.1.2 Username Leakage in Couchbase Server Logs Unauthenticated Access to System Diagnostic Profile in Couchbase Server 6.0.0 and 5.5.0 Buffer Overrun Vulnerability in Couchbase Server 4.6.3 and 5.5.0 SQL Injection and Remote Code Execution in Zoho ManageEngine Applications Manager Jet Database Engine Remote Code Execution Vulnerability Uncontrolled Resource Consumption Vulnerability in ImageMagick's Cineon Parsing Component Use-after-free vulnerability in libheif 1.4.0's heif::HeifContext::Image::set_alpha_channel in heif_context.h Denial-of-Service Vulnerability in ImageMagick's XWD Image Parsing Component Denial of Service in GraphicsMagick 1.3.31 via Crafted XWD Image File Denial of Service in GraphicsMagick 1.3.31 via Crafted XWD Image File Integer Overflow Vulnerability in Whoopsie: Out-of-Bounds Write and Potential Code Execution Integer Overflow Vulnerability in Linux Kernel TCP SACK Handling TCP SACK Fragmentation Vulnerability Linux Kernel Default MSS Hard-Coded to 48 Bytes Denial of Service Vulnerability Microsoft Graphics Component Information Disclosure Vulnerability Insecure Repository and Unauthenticated Package Installation Vulnerability in pc-kernel Snap Build Process Privilege Escalation Vulnerability in apport TOCTTOU Vulnerability in Apport Allows Arbitrary Directory Write Privilege Escalation via Apport Mishandling of Container Crash Dumps Integer Overflow in bson_ensure_space: A Vulnerability Discovered by Kevin Backhouse in whoopsie World-writable directory vulnerability in Apport's lock file allows users to prevent crash handling Multiple Race Conditions in Siemens R3964 Line Discipline Driver Linux Kernel Reference Count Overflow Vulnerability Account Access and Data Manipulation via Persistent HTTP GET Request Hash Link Replay Privilege Escalation via Crafted HTTP PUT Request in SimplyBook.me Enterprise Windows Font Library Remote Code Execution Vulnerability Kernel Pool Corruption Vulnerability in Npcap 0.992 Insecure Logging of User Passwords in ProjectSend Memory Overflow Vulnerability in VeryPDF 4.1: Code Execution via pdfocx.ocx IMAP Server Crash Vulnerability in Dovecot 2.3.3 through 2.3.5.2 Insecure Cookie Generation in Couchbase Server 5.1.1 Unauthenticated and Unauthorized Access to default Bucket in Couchbase Server Remote Cluster Certificate Validation Bypass in Couchbase Server 5.0.0 Uninitialized Value Vulnerability in WavPack Library IMAP Server in Dovecot 2.3.3 through 2.3.5.2: Submission-Login Component Crash Vulnerability Windows Font Library Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Dovecot and Pigeonhole Protocol Processing Improper Ownership Assignment in snap-confine Allows Unauthorized Access to Private /tmp Directory CWD Restore Permission Bypass in snap-confine Zotonic Mod_Admin XSS Vulnerability Heap-based Buffer Overflow in WritePDBImage Function of GraphicsMagick Heap-based Buffer Overflow in GraphicsMagick's WriteMATLABImage Function Cross-Site Scripting (XSS) Vulnerability in Pulse Secure Pulse Connect Secure (PCS) Application Launcher Page Directory Traversal Vulnerability in Pulse Secure Pulse Connect Secure (PCS) Arbitrary Code Execution via Incorrect Access Control in Pulse Secure Pulse Connect Secure and Pulse Policy Secure Windows Font Library Remote Code Execution Vulnerability Arbitrary File Reading Vulnerability in Pulse Secure Pulse Connect Secure (PCS) XSS Vulnerability in Zoho ManageEngine ADSelfService Plus Mobile App API SQL Injection Vulnerability in Contao 4.x Reflected XSS Vulnerability in CMS Made Simple File Manager Invalidation of User Email Tokens Vulnerability in Flarum Arbitrary File Read Vulnerability in Gila CMS 1.10.1 Heap-based Buffer Overflow in Cypress Wireless IoT Bluetooth Component CSRF Vulnerability in WampServer's add_vhost.php Allows Unauthorized Vhost Manipulation SQL Injection Vulnerability in SEMCMS 3.8's SEMCMS_Inquiry.php XXE Vulnerability in LocalizationService.cs in nopCommerce Windows Font Library Remote Code Execution Vulnerability Content Spoofing Vulnerability in OX App Suite 7.10.1 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.0 to 7.10.2 Anviz Global M3 Outdoor RFID Access Control: Unauthenticated Command Execution and Data Exposure File Path Injection Vulnerability in Softing uaGate SI 1.60.01 Command Injection Vulnerability in Softing uaGate SI 1.60.01 CGI Script User-Writable Default Executable Path Vulnerability in Softing uaGate SI 1.60.01 Microsoft Graphics Component Information Disclosure Vulnerability Arbitrary Web Script Injection Vulnerability in ProjectSend before r1070 Remote Command Execution Vulnerability in Linksys WiFi Extender Products Kalki Kalkitech SYNC3000 Substation DCU GPC Remote Code Execution Vulnerability XSS and Local File Inclusion Vulnerability in osTicket User Importer Arbitrary File Access Vulnerability in Pulse Secure Pulse Connect Secure Command Injection Vulnerability in Pulse Secure Pulse Connect Secure and Pulse Policy Secure Windows Graphics Component Memory Disclosure Vulnerability Session Hijacking Vulnerability in Pulse Secure Products Authentication Leak in Pulse Secure Pulse Connect Secure Versions 9.0RX, 8.3RX, and 8.2RX Stack Buffer Overflow in Pulse Secure Pulse Connect Secure and Pulse Policy Secure Cross-Site Scripting (XSS) Vulnerability in Pulse Secure and Pulse Policy Secure Web Console Information Disclosure in GitLab Community and Enterprise Edition Information Disclosure Vulnerability in GitLab Community Edition 11.9.x and 11.10.x Race Condition Vulnerability in GitLab Community and Enterprise Edition Improper Encoding of Branch Name in GitLab Merge Request Notification Emails Unauthorized Comment Posting on Confidential Issues in GitLab Information Disclosure Vulnerability in GitLab Community and Enterprise Edition Jet Database Engine Remote Code Execution Vulnerability Improper Certificate Validation in Citrix and NetScaler SD-WAN Privilege Escalation Vulnerability in Code42 Enterprise and Crashplan for Small Business Proxy Auto-Configuration File Eval Injection Vulnerability in Code42 Enterprise and Crashplan for Small Business Client Privilege Escalation Vulnerability in Code42 for Enterprise through 6.8.4 Missing SSL Certificate Validation in Audible Android App Allows Denial of Service Attacks Fragmentation Reassembly State Validation Vulnerability in EAP-pwd Implementation XSS Vulnerability in Pagure before 5.6 via templates/blame.html CSRF and Local File Inclusion Vulnerability in WebDorado Contact Form Builder Plugin for WordPress Reflected XSS Vulnerability in HRworks V 1.16.1 Login Component Jet Database Engine Remote Code Execution Vulnerability Buffer Overflow Vulnerability in Hisilicon Streaming Server Allows Remote Code Execution Denial of Service Vulnerability in Chuango 433 MHz Burglar-Alarm Product Line HumHub 1.3.12 Cross-Site Scripting (XSS) Vulnerability in index.php POST Request Print My Blog Plugin for WordPress 1.6.7 SSRF Vulnerability SQL Injection Vulnerability in AikCms v2.0 via $_GET['del'] Parameter File Upload Vulnerability in AikCms v2.0 CSRF Vulnerability in Veeam ONE Reporter 9.5.0.3201 Jet Database Engine Remote Code Execution Vulnerability SSRF Vulnerability in Simple Machines Forum (SMF) before 2.0.17 Gitea 1.8.0 Vulnerability: Bypassing 2FA Enrollment for User Accounts Buffer Overflow in dhcpcd's dhcp6_findna Function Inference of Secrets through Latency Attacks in dhcpcd (before 7.2.1) 1-Byte Read Overflow Vulnerability in dhcpcd's dhcp.c Windows Graphics Component Memory Disclosure Vulnerability Arbitrary Plugin Installation and Remote Code Execution in Atlassian Crowd and Crowd Data Center Server-side Template Injection Vulnerability in Jira Server and Data Center Remote Code Execution Vulnerability in Atlassian Sourcetree for Windows URI Handlers Denial of Service Vulnerability in Jira Issue Search Component Cross-Site Scripting (XSS) Vulnerability in Jira's MigratePriorityScheme Resource Open Redirect Vulnerability in Jira Versions 7.13.6 to 8.3.1 Jira AddResolution.jspa CSRF Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Jira ViewLogging Class Jira ViewSystemInfo Class CSRF Garbage Collection Vulnerability Open Redirect Vulnerability in Jira ChangeSharedFilterOwner Resource Windows Kernel Object Handling Elevation of Privilege Vulnerability CSRF and Local File Inclusion Vulnerability in 10Web Form Maker Plugin for WordPress CSRF and Local File Inclusion Vulnerability in WebDorado Contact Form Plugin for WordPress Reflected XSS Vulnerability in WeBid 1.2.2 Arbitrary Code Execution via $rewrite Filter Option in Adblock Plus Arbitrary Code Execution via Open Redirect in AdBlock's $rewrite Filter Option Arbitrary Code Execution via Open Redirect in uBlock before 0.9.5.15 NULL Pointer Dereference Vulnerability in Memcached Heap-based Buffer Over-read in ImageMagick 7.0.8-43 Q16's WriteTIFFImage Function Heap-based Buffer Over-read in WritePNMImage Function of ImageMagick 7.0.8-40 Q16 Race condition vulnerability in Linux kernel's coredump implementation SQL Injection Vulnerability in OpenProject Activities API Remote Directory Traversal Vulnerability in ProSyst mBS SDK and Bosch IoT Gateway Software Stack Trace Leakage in Remote Access to Backup & Restore HTTP Traversal Vulnerability in ProSyst mBS SDK and Bosch IoT Gateway Software Unauthenticated Reflected XSS Vulnerability in Quest KACE Systems Management Appliance Information Disclosure Vulnerability in GitLab API Endpoints Sensitive Information Disclosure Vulnerability in doorGets 7.0 Sensitive Information Disclosure Vulnerability in doorGets 7.0 Sensitive Information Disclosure Vulnerability in doorGets 7.0's /fileman/php/renamefile.php Sensitive Information Disclosure Vulnerability in doorGets 7.0's /fileman/php/movefile.php Microsoft Defender Elevation of Privilege: Arbitrary File Deletion Vulnerability Sensitive Information Disclosure Vulnerability in doorGets 7.0 Sensitive Information Disclosure Vulnerability in doorGets 7.0 /fileman/php/download.php Arbitrary File Deletion Vulnerability in doorGets 7.0 SQL Injection Vulnerability in /doorgets/app/views/ajax/contactView.php SQL Injection Vulnerability in doorGets 7.0: Remote Unauthorized Access to Database Arbitrary File Upload Vulnerability in /fileman/php/upload.php in doorGets 7.0 Sensitive Information Disclosure Vulnerability in doorGets 7.0 Setup Files CSRF Vulnerability in DoorGets 7.0 Allows Unauthorized Modification of Google Analytics Code Default Administrator Credential Vulnerability in doorGets 7.0 SQL Injection Vulnerability in DoorGets 7.0: Unauthorized Database Access via Analytics Configuration Windows ALPC Elevation of Privilege Vulnerability SQL Injection Vulnerability in doorGets 7.0: Unauthorized Database Access via modulecategory_add_titre SQL Injection Vulnerability in DoorGets 7.0: Unauthorized Access to Database Sensitive Information SQL Injection Vulnerability in doorGets 7.0: Unauthorized Database Access via modulecategory_edit_titre SQL Injection Vulnerability in DoorGets 7.0: Remote Privilege Escalation and Database Exposure Arbitrary File Deletion Vulnerability in DoorGets 7.0 SQL Injection Vulnerability in /doorgets/app/requests/user/emailingRequest.php Web Site Physical Path Leakage Vulnerability in doorGets 7.0 Shell Injection Vulnerability in gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 File-read bypass vulnerability in QlikView and Qlik Sense installations Cross-Site Scripting (XSS) Vulnerability in Sonatype Nexus Repository Manager 2.x before 2.14.13 CAB File Signature Validation Bypass Vulnerability Unscoped Variable Access Control Vulnerability in Octopus Deploy HoneyPress Vulnerability: Fingerprinting and Hostname Exposure Incorrect Access Control in Citrix Workspace App before 1904 for Windows Zcash 2.x Vulnerability: Sapling Wood-Chipper Attack NULL Pointer Dereference in rec_rset_get_props Function NULL Pointer Dereference in GNU recutils 1.8: Crash in rec_field_name_equal_p Stack-based Buffer Overflow in rec_type_check_enum Function Windows Kernel Object Handling Elevation of Privilege Vulnerability Heap-based Buffer Overflow in rec_fex_parse_str_simple function Fingerprinting Vulnerability in Anomali Agave (formerly Drupot) 1.0.0 Log Poisoning Vulnerability in OneShield Policy (Dragon Core) Framework Persistent XSS Vulnerability in OneShield Policy (Dragon Core) Framework Privilege Escalation through DLL Hijacking in F-Secure Installers Micro Focus Service Manager Remote Command Execution and Information Disclosure Vulnerability XSS Vulnerability in Micro Focus NetIQ Software Allows for Self Service Password Reset Exploitation Information Leakage Vulnerability in Micro Focus NetIQ Self Service Password Reset Software Cross-Site Scripting (XSS) Vulnerability in Micro Focus Fortify Software Security Center Server NetIQ Advanced Authentication Framework: Man in the Middle (MITM) Vulnerability Critical Reflected XSS Vulnerability in Micro Focus Enterprise Developer and Enterprise Server Authorization Bypass Vulnerability in Micro Focus Self Service Password Reset (SSPR) Remote Access Control Bypass in Micro Focus Content Manager: Exploiting CheckIn Manipulation Vulnerability Arbitrary File Read Vulnerability in Micro Focus Verastream Host Integrator (VHI) Unrestricted File Upload Vulnerability in Micro Focus ArcSight Logger Stored XSS Vulnerability in Micro Focus ArcSight Logger: Exploiting Improper Input Neutralization Critical Cross-Site Request Forgery Vulnerability in Micro Focus ArcSight Logger Versions Below 7.0 Information Exposure in Micro Focus Content Manager with Oracle Database NTLM MIC Bypass Vulnerability in Microsoft Windows Privileges Escalation in Micro Focus Data Protector Unauthorized Access and Data Modification Vulnerability in Micro Focus Service Manager Versions 9.30-9.62 Information Exposure through Error Message in Micro Focus Service Manager Clear Text Credentials Vulnerability in Micro Focus Service Manager Clear Text Password Exposure in Micro Focus Service Manager Versions 9.30-9.62 Sensitive Data Exposure Vulnerability in Micro Focus Service Manager Insecure Deserialization Vulnerability in Micro Focus Service Manager Unauthenticated Access to Contact Information in Micro Focus Service Manager HTTP Cookie Vulnerability in Micro Focus Service Manager and Chat Server Unauthenticated Data Modification Vulnerability in Micro Focus Service Manager Windows Defender Application Control Security Feature Bypass Vulnerability Critical Man-in-the-Middle Vulnerability in Micro Focus Self Service Password Reset Insecure Ownership and Symlink Vulnerability in groonga-httpd Package for Debian Stored XSS Vulnerability in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 XML External Entity (XXE) Injection Vulnerability in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 SQL Injection Vulnerability in Zoho ManageEngine Firewall Analyzer's Default Reports Feature Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability Remote Code Execution in KonaKart 8.9.0.0 via Product Category Image Upload Buffer Overflow Vulnerability in MailCarrier 2.51 SMTP Response Service GRO Packet of Death Vulnerability in Linux Kernel 5.x Improper Access Control in Bosch VRM Component Allows Arbitrary Certificate Access Persistent Cryptographic Parameters Vulnerability in Western Digital SanDisk X300, X300s, X400, and X600 Devices Vulnerability: Execution of Malicious PE Files via DICOM Part 10 File Format Missing SSL Certificate Validation in ASUSTOR exFAT Driver ASUSTOR exFAT Driver Remote Code Execution Vulnerability Win32k Kernel-Mode Object Handling Elevation of Privilege Vulnerability Lack of srand Call in gen_rand_uuid Function in Das U-Boot Allows UUID Value Determination Use-After-Free Vulnerability in XMLHttpRequest Event Loop Handling Use-After-Free Vulnerability in Thunderbird and Firefox Buffer Overflow Vulnerability in WebGL on Linux Graphics Drivers Windows Sandbox Memory Leak Vulnerability Cursor Spoofing Vulnerability in Firefox < 67 Java Web Start Files Not Prompted as Executable Downloads in Firefox < 67 Extension Installation Prompt Spoofing Vulnerability in Firefox < 67 Drag-and-Drop Bookmark Hijacking Vulnerability Address Bar Spoofing Vulnerability in Firefox < 67 Windows NTFS Sandbox Escape: Reparse Point Elevation of Privilege Vulnerability Local File Disclosure Vulnerability in Internet Explorer and Firefox Webcal: Protocol Handler XSS Vulnerability in Firefox < 67 Local File Access Vulnerability in Internet Explorer: Exploiting Hyperlinks to Open Files Heap Buffer Overflow in Thunderbird's iCal Parser Heap Buffer Overflow in Thunderbird's iCal Implementation Stack Buffer Overflow in Thunderbird's iCal Implementation Type Confusion Vulnerability in Thunderbird's iCal Implementation Type Confusion Vulnerability in Array.pop() Allows for Exploitable Crashes Arbitrary Code Execution via Insufficient Parameter Vetting in Prompt:Open IPC Message Memory Corruption Vulnerabilities in Firefox 67 and Firefox ESR 60.7 SymCrypt OAEP Decryption Information Disclosure Vulnerability Memory Corruption Vulnerability in Firefox 67 Cross-Origin Script Injection via Reused Inner Window CORS Bypass Vulnerability in NPAPI Plugins Allows CSRF Attacks Use-After-Free Vulnerability in HTTP/2 Stream Closure Necko Child Thread Access Vulnerability in Firefox < 68 Cross-Site Scripting (XSS) Vulnerability in Firefox ESR, Firefox, and Thunderbird Sandbox Bypass Vulnerability in Firefox < 68 Caret Character Spoofing Vulnerability in Firefox ESR, Firefox, and Thunderbird Unsanitized Content Injection in Activity Stream Out-of-Bounds Read Vulnerability in NSS Library when Importing Curve25519 Private Key Azure Active Directory (AAD) Microsoft Account (MSA) Login Session Information Disclosure Vulnerability Whitespace Bypass Vulnerability in Firefox < 68 Domain Spoofing Vulnerability in Firefox < 68: Unicode Latin 'kra' Character Spoofing Origin Attribute Ignored During Add-On Installation in Firefox < 68 Unnecessary Remote Troubleshooting Permission in Retired Site Redirect: Potential Attack Vector in Firefox < 68 Bypassing Safebrowsing Protections in Firefox < 68 Vulnerability: Forced Use of PKCS#1 v1.5 Signatures in TLS 1.3 HTTP Alternative Services Header (Alt-Svc) Vulnerability in Firefox < 68 Segmentation Fault Vulnerability in Firefox ESR, Firefox, and Thunderbird PsmServiceExtHost.dll Memory Object Handling Elevation of Privilege Vulnerability Local File Access Vulnerability in Firefox and Thunderbird Clipboard Password Theft Vulnerability in Firefox Memory Corruption Vulnerability in Firefox 68 Memory Corruption Vulnerability in Firefox 68 and Firefox ESR 68 Privilege Escalation and File Manipulation Vulnerability in Mozilla Maintenance Service Wildcard Host Bypass in Content Security Policy (CSP) Directives CSP Bypass Vulnerability in Firefox < 69 and Firefox ESR < 68.1 Vulnerability: Plaintext Leakage in Encrypted S/MIME Parts in Thunderbird PsmServiceExtHost.dll Memory Object Handling Elevation of Privilege Vulnerability Memory Corruption Vulnerabilities in Firefox 68, Firefox ESR 68, and Firefox 60.8 Universal Cross-site Scripting (UXSS) Vulnerability in Firefox < 69 Same-Origin Policy Violation in Cached Image Content: Cross-Origin Image Theft Vulnerability Cross-Origin Information Exposure through Timing Side-Channel Attacks in Firefox and Thunderbird HTML Injection Vulnerability in Certain HTML Elements Block Cipher Encryption Vulnerability in Thunderbird, Firefox ESR, and Firefox Use-After-Free Vulnerability in Video Element Manipulation HSTS Setting Removal Bug in Firefox: Pre-load List Vulnerability WebRTC Permissions Persistence Vulnerability in Firefox WebRTC getUserMedia API Vulnerability: Silent Camera Fingerprinting in Firefox Windows Elevation of Privilege Vulnerability in psmsrv.dll Type Confusion Vulnerability in Spidermonkey: Non-Exploitable Crash in Firefox Arbitrary Log File Write Vulnerability in Firefox Use-after-free vulnerability in IndexedDB key value deletion in Firefox and Thunderbird Privilege Escalation via Firefox Installer Vulnerability Pointer Hijacking Vulnerability in Firefox < 69.0.1 Vulnerability: Misleading Digital Signature Validation in Thunderbird Use-after-free vulnerability in Firefox < 71 due to improper refcounting of soft token session objects Use-after-free vulnerability in Firefox, Thunderbird, and Firefox ESR Memory Corruption Vulnerability in Firefox 68 with 360 Total Security Installed Stack Buffer Overflow in HMAC Output Handling DirectX Memory Object Handling Vulnerability Stack buffer overflow in nrappkit during WebRTC signaling Data URI Bypass Vulnerability in Firefox, Thunderbird, and Firefox ESR Cross-Origin DOM Method Access Vulnerability in Firefox, Thunderbird, and Firefox ESR Null Byte Handling Vulnerability in Firefox and Thunderbird Allows XSS Attacks and Entity Masking Memory Corruption Vulnerabilities in Firefox 69 and Firefox ESR 68.1 Firefox Content Process Vulnerability: Unauthorized Permission Granting Buffer Over-read Vulnerability in dhcpcd's D6_OPTION_PD_EXCLUDE Feature Remote File and Service Enumeration through SSRF in phpBB SQL Injection Vulnerability in phpMyAdmin Designer Feature Privilege Escalation Vulnerability in TeamViewer 14.2.2558 Windows RPCSS.dll Memory Object Handling Elevation of Privilege Vulnerability Vulnerability: Insecure Dependency Resolution in Eclipse Buildship Unused RPATHs in AIX builds of Eclipse OpenJ9 before 0.15.0: Code Injection and Privilege Elevation Vulnerability Arbitrary Write Vulnerability in Eclipse OpenJ9's String.getBytes() Method RPATH Vulnerability in AIX Builds of Eclipse OMR Prior to 0.1 Loop Versioning Bug in Eclipse OMR Prior to 0.1: Potential Field Value Privatization Failure Privatization Failure in Loop Versioning Vulnerability in Eclipse OpenJ9 Reflected XSS Vulnerability in Eclipse BIRT Report Viewer TLS Host Name Verification Bypass in Eclipse Paho Java Client Library 1.2.0 Use After Free Vulnerability in Eclipse Mosquitto MQTT v5 Client Stack Overflow Vulnerability in Eclipse Mosquitto MQTT Broker Windows SSDP Service Elevation of Privilege Vulnerability Improper Access Control in Odoo Community and Enterprise 13.0: Remote Privilege Escalation via Crafted RPC Requests Account Privilege Escalation via Crafted Links in Odoo Community and Enterprise 12.0 and Earlier Privilege Escalation via Improper Access Control in Odoo Community and Enterprise 14.0 and earlier Improper Access Control in Mail Module Allows Unauthorized Subscription to Channels Arbitrary Message Access Vulnerability in Odoo Community and Enterprise 14.0 and earlier Improper Access Control in Mail Module Allows Unauthorized Access and Subscription Arbitrary Content Modification Vulnerability in Odoo Community and Enterprise 13.0 and Earlier Windows Unistore.dll Elevation of Privilege Vulnerability Windows WCMSVC.dll Elevation of Privilege Vulnerability Insecure Permissions in OX App Suite 7.10.1 and earlier Vulnerability: Media Deletion in WooCommerce Checkout Manager Plugin Weak PRNG in Ratpack versions before 1.6.1 allows session ID sequence determination Cross-Site Scripting (XSS) Vulnerability in Joomla! before 3.9.6 Remote Desktop Services Remote Code Execution Vulnerability Use-after-free vulnerability in Linux kernel before 5.0.7 allows for Denial of Service Use-after-free vulnerability in Linux kernel before 5.0.4 allows unauthorized read access to /proc/ioports after removal of ipmi_si module Persistent XSS Vulnerability in MISP before 2.4.107 Allows JavaScript Injection via Discussion Interface Persistent XSS via javascript:// links in MISP before 2.4.107 Persistent XSS via Image Names in Titles in MISP before 2.4.107 Race Condition Leading to Use-After-Free in rds_tcp_kill_sock Privilege Escalation via Incorrect Access Control in OPNsense and pfSense WebUI Stored Cross-Site Scripting (XSS) in Alkacon OpenCMS v10.5.4 and Earlier CSV Injection Vulnerability in Alkacon OpenCMS v10.5.4 and earlier Remote Desktop Services Remote Code Execution Vulnerability Synology Calendar Information Exposure Vulnerability Arbitrary SQL Command Execution in Synology Photo Station Arbitrary File Upload Vulnerability in Synology Photo Station CRLF Injection Vulnerability in Synology Router Manager (SRM) Network Center Arbitrary Web Script Injection in Synology Calendar Event Editor Arbitrary File Upload Vulnerability in Synology Moments Arbitrary Web Script Injection in Synology Note Station Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 Remote Code Execution Vulnerability in Synology Calendar VBScript Engine Remote Code Execution Vulnerability PharStreamWrapper Package Vulnerability: Bypassing Deserialization Protection Mechanism Directory Traversal Vulnerability in PharStreamWrapper Package for TYPO3 Remote Code Execution in TYPO3 Image Processing Applications Uninitialized Memory Disclosure in ext4 Extents Tree Block Out-of-Bounds Access Vulnerability in cJSON (before 1.7.11) due to \x00 in String Literal Out-of-Bounds Access Vulnerability in cJSON before 1.7.11 Cleartext Mail Content Vulnerability in Rediffmail Android App Segmentation Fault Vulnerability in njs through 0.3.1 Heap-based Buffer Overflow in njs through 0.3.1: Vulnerability in NGINX Heap-based Buffer Overflow in njs through 0.3.1: Array.prototype.push Vulnerability Windows Core Shell COM Server Registrar Elevation of Privilege Vulnerability Flaw in Salsa20 Cryptography Library Allows Keystream Reuse and Predictability OpenPGP Message Forgery Vulnerability in Go Cryptography Libraries Predictable Random Number Generation in Matrix Sydent and Synapse Reflective Server-Side XSS Vulnerability in MailPoet Plugin for WordPress RICOH SP 4520DN HTML Injection Vulnerability RICOH SP 4510DN HTML Injection Vulnerability XSS and HTML Injection Vulnerability in dotCMS 5.1.1 via /servlets/ajax_file_upload?fieldName=binary3 Improper Privilege Management Vulnerability in ALEOS: Root Escalation via Command Shell AT Command API Abuse Vulnerability in ALEOS Versions Before 4.13.0, 4.9.5, 4.4.9 Stack Overflow Vulnerability in ALEOS AT Command APIs (Before 4.11.0) Enables Code Execution Stack Corruption Vulnerability in Windows Subsystem for Linux AT Command Interface Stack Overflow Vulnerability in ALEOS before 4.11.0 Remote Code Execution via Buffer Overflow in Sierra Wireless ALEOS Out-of-Bounds Reads Vulnerability in ACEView Service of ALEOS AT Command Interface Command Injection Vulnerabilities in ALEOS Versions Before 4.11.0 and 4.9.4 Default RPC Server Vulnerability in ALEOS Versions 4.12.0, 4.9.5, and 4.4.9 Nonce Reuse Vulnerability in ACEView Service Allows Message Replay Information Disclosure Vulnerability in AceManager of ALEOS before 4.12.0, 4.9.5, and 4.4.9 Multiple Buffer Overflow Vulnerabilities in AceManager Web API of ALEOS Buffer Overflow Vulnerability in ALEOS SMS Handler API: Potential Root Code Execution Windows WCMSVC.dll Elevation of Privilege Vulnerability Traffic Proxying Vulnerability in ALEOS SSH Service Realtek NDIS Driver rt640x64.sys Buffer Size Vulnerability Arbitrary Kernel Write Vulnerability in SoftEther VPN Server Yuzo Related Posts Plugin 5.12.94 for WordPress XSS Vulnerability XmlLite Runtime Denial of Service Vulnerability XSS Vulnerability in Serendipity before 2.1.5 via Mishandled EXIF Data XSS Vulnerability in Custom Field Suite Plugin for WordPress CSV Injection Vulnerability in WordPress Popup Plugin Buffer Overflow in DoPreSharedKeys in wolfSSL 4.0.0 Privilege Escalation Vulnerability in Blue Prism Robotic Process Automation 6.4.0.8445 Reflected XSS Vulnerability in PrestaShop 1.7.5.2 Installation Script Unauthenticated Credential Theft via Crafted ESSID in PIX-Link Repeater/Router LV-WR09 (v28K.MiniRouter.20180616) Firmware Integer Overflow Vulnerability in XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 Cameras Directory Traversal Vulnerability in WEBrick Gem 1.4.2 for Ruby LNK Remote Code Execution Vulnerability in Microsoft Windows SQL Injection Vulnerability in CommSy 8.6.5 via cid Parameter Arbitrary Content Injection Vulnerability in Rancher 2.1.4 Login Component Information Disclosure Vulnerability in Linux Kernel HIDP Sock IOCTL Function Cleartext Password Vulnerability in eyeDisk's Unlock Feature WaspThemes Visual CSS Style Editor Plugin CSRF Vulnerability File Upload Vulnerability in SimplyBook.me Privilege Escalation Vulnerability in Go 1.12.5 on Windows Denial of Service Vulnerability in Sony BRAVIA Smart TV Devices via Crafted Web Page over HbbTV Denial of Service Vulnerability in Sony Bravia Smart TV Devices App Pairing Mechanism Privilege Escalation Vulnerability in Bosch Smart Home Controller Improper Access Control in Bosch Smart Home Controller (SHC) JSON-RPC Interface Incorrect Privilege Assignment Vulnerability in Bosch Smart Home Controller (SHC) API Improper Access Control Vulnerability in Bosch Smart Home Controller Backup Mechanism Improper Access Control Vulnerability in Bosch Smart Home Controller (SHC) JSON-RPC Interface Privilege Escalation Vulnerability in Bosch Smart Home Controller (SHC) Pairing Mechanism Server-Side Request Forgery (SSRF) Vulnerability in Backup & Restore Functionality Reverse Engineering Vulnerability in Bosch Access Professional Edition (APE) 3.8 Allows Unauthorized APE Administration Privileges Unauthenticated Access to Sensitive Data via Windows SMB Protocol in Bosch Access Professional Edition (APE) 3.8 Windows Image Elevation of Privilege Vulnerability Cross-Origin Security Bypass Vulnerability in Microsoft Browsers Vulnerability: Out of Bounds Write in Proxygen's Structured HTTP Headers Parsing Race Condition Vulnerability in Zstandard Compression Functions Unbounded Buffer Allocation Vulnerability in Mcrouter Padding-based Memory Exhaustion Vulnerability in Fizz JPEG APP12 Block Marker Boundary Check Vulnerability JPEG Header Processing Vulnerability in GD Extension WhatsApp Integer Overflow Vulnerability in Media Parsing Libraries Cross-Site Scripting Vulnerability in WhatsApp Desktop Versions Prior to v0.3.4932 Boundary Check Vulnerability in number_format Function Allows Remote Code Execution Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Invalid Free Vulnerability in mb_detect_order WhatsApp MP4 Parsing Stack-Based Buffer Overflow Vulnerability Double Free Vulnerability in android-gif-drawable Library Allows Remote Code Execution Heap Buffer Overflow Vulnerability in libpl_droidsonroids_gif Out-of-Bounds Read Vulnerability in AsyncSSLSocket in Folly Out-of-bounds Memory Access Vulnerability in HHVM Null Byte Truncation Vulnerability in APC Functions Stack Exhaustion Vulnerability in Mcrouter Prior to v0.41.0 Denial of Service Vulnerability in Java Facebook Thrift Servers Denial of Service Vulnerability in Golang Facebook Thrift Servers Internet Explorer Scripting Engine Memory Corruption Vulnerability HPACK Header Table Corruption Vulnerability in Proxygen Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Remote Credential Disclosure Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Chakra Scripting Engine Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Chakra Scripting Engine Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Privilege Escalation Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Chakra Scripting Engine Remote Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability SyncController.dll Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Cross Site Scripting Vulnerability in HPE Integrated Lights-Out (iLO) Servers Critical Remote Buffer Overflow Vulnerability in HPE Integrated Lights-Out (iLO) Servers Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Local Unauthorized Elevation of Privilege Vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 Critical Remote Unauthorized Access Vulnerability in HPE Smart Update Manager (SUM) Prior to Version 8.3.5 Remote Denial of Service Vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module) Outlook Remote Code Execution Vulnerability Unauthorized Remote Access and Data Exposure Vulnerability in HPE UIoT Versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 Remote Information Disclosure Vulnerability in HPE 3PAR Service Processor (SP) 4.1-4.4 Remote Cross-Site Scripting Vulnerability in HPE OneView for VMware vCenter 9.5 Unauthenticated File Manipulation Vulnerability in HPE SimpliVity Nodes Unauthenticated Remote Execution of Manifest Files in HPE SimpliVity Nodes Unauthorized Remote Access and Data Exposure Vulnerability in HPE UIoT version 1.2.4.2 Elevated Privileges Vulnerability in HPE Nimble Storage Systems Cross Site Scripting Vulnerability in HPE enhanced Internet Usage Manager (eIUM) Versions 8.3 and 9.0 Multiple Remote Vulnerabilities in HPE Superdome Flex Server: Bypassing Security Restrictions and Accessing Information Disclosure and Denial of Service Remote Arbitrary File Download and Cross-Site Scripting Vulnerabilities in HPE OpenCall Media Platform (OCMP) Outlook Object Memory Handling Remote Code Execution Vulnerability Potential Remote Access Restriction Bypass in HPE MSE Msg Gw Application E-LTU Remote Session Reuse Vulnerability in HPE MSA SAN Storage Remote Session Reuse Vulnerability in HPE MSA SAN Storage Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1206) Remote Code Execution Vulnerability in MapR CLDB Code Session Object Information Disclosure in Microsoft SharePoint Microsoft Office SharePoint XSS Vulnerability Outlook Message Processing Elevation of Privilege Vulnerability Regular Expression Denial of Service (ReDoS) Vulnerability in lib/common/html_re.js of remarkable 1.7.1 Privilege Escalation via Insecure Permissions in Panda Products XSS Vulnerability in remarkable 1.7.1 via URL Filtering Mishandling Buffer Overflow Vulnerability in Citrix NetScaler Gateway and Application Delivery Controller LemonLDAP::NG -2.0.3 Access Control Vulnerability XSS Vulnerability in Gridea v0.8.0 Allows Arbitrary Code Execution Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1202) Windows Server DHCP Service Memory Corruption Vulnerability NULL Dereference Vulnerability in QEMU's ahci_commit_buf Function Infinite Loop Vulnerability in QEMU SCSI Adapter Emulator VBScript Object Memory Handling Remote Code Execution Vulnerability Memory Safety Vulnerability in Rust Programming Language Standard Library Arbitrary File Read Vulnerability in FasterXML jackson-databind Unprotected Intent Vulnerability in Samsung S9+, S10, and XCover 4 P(9.0) Devices Lync 2013 Information Disclosure Vulnerability Command Injection Vulnerability in Netskope Client Service Cross-Site Scripting (XSS) Vulnerability in Horde Groupware Webmail Edition 5.2.22 CSRF Vulnerability in Horde Trean Bookmark Tags Parameter Telerik Fiddler v5.0.20182.28034 Hash Verification Bypass Vulnerability Vulnerability: Man-in-the-Middle Attack in Heimdal Client Side PKINIT Key Exchange Verification Arbitrary Code Execution Vulnerability in PHP-Fusion 9.03.00's edit_profile.php Denial of Service Vulnerability in LibNyoci 0.07.00rc1: coap_decode_option in coap.c Unauthenticated File Upload and Exploration Vulnerability in Kentico 11-12 Pre-Authentication Command Injection Vulnerability in TP-Link M7350 V3 Configuration Interface Post-Authentication Command Injection Vulnerabilities in TP-Link M7350 V3 Unauthenticated Access to Log Files and Service Restart in Supervisor Use After Free vulnerability in MiniUPnP MiniSSDPd 1.4 and 1.5 allows remote code execution Heap Information Leak Vulnerability in MiniUPnP MiniUPnPd through 2.1 Denial of Service Vulnerability in MiniUPnP MiniUPnPd through 2.1: NULL Pointer Dereference in GetOutboundPinholeTimeout Denial of Service Vulnerability in MiniUPnP MiniUPnPd through 2.1: NULL Pointer Dereference in GetOutboundPinholeTimeout Git for Visual Studio Configuration File Parsing Elevation of Privilege Vulnerability NULL Pointer Dereference Vulnerability in MiniUPnP MiniUPnPd through 2.1 NULL Pointer Dereference Vulnerability in MiniUPnP MiniUPnPd through 2.1 Arbitrary Command Execution Vulnerability in ONAP SDNC Arbitrary Command Execution in ONAP SDNC Arbitrary Code Execution Vulnerability in ONAP HOLMES Arbitrary Code Execution Vulnerability in ONAP SDC Arbitrary Code Execution Vulnerability in ONAP SDC Arbitrary Code Execution Vulnerability in ONAP SDC Arbitrary Code Execution Vulnerability in ONAP SDC Arbitrary Code Execution Vulnerability in ONAP SDC Windows Server DHCP Service Memory Corruption Vulnerability Arbitrary Code Execution Vulnerability in ONAP VNFSDK Padding Oracle Attack Vulnerability in ONAP Portal User Password Retrieval Vulnerability in ONAP Portal Arbitrary Command Execution Vulnerability in ONAP SDNC Arbitrary File Read/Write Vulnerability in ONAP APPC Unauthenticated Access Vulnerability in ONAP Logging through Dublin Unauthenticated Access Vulnerability in ONAP DCAE through Dublin Unauthenticated Access Vulnerability in ONAP OOM through Dublin Unauthenticated Access Vulnerability in ONAP SO through Dublin Unauthenticated Access Vulnerability in ONAP MSB through Dublin Windows Server DHCP Service Memory Corruption Vulnerability Unauthenticated Access Vulnerability in ONAP CLI through Dublin Arbitrary User Impersonation Vulnerability in ONAP APPC and SDC Arbitrary Command Execution Vulnerability in ONAP SDNC Local Privilege Escalation Vulnerability in Multiple Zoho ManageEngine Products CSV Injection in Workday Export Feature Remote Code Execution Vulnerability in PaperCut MF and NG Application Server XSS Vulnerability in BoostIO Boostnote 0.11.15 via Mermaid Label Directory Traversal Vulnerability in Typora 0.9.9.24.6 on macOS Directory Traversal Vulnerability in MacDown 0.7.1 Allows Arbitrary Program Execution Cross-Site Scripting (XSS) Vulnerability in eZ Platform Admin UI Windows Common Log File System Driver Elevation of Privilege Vulnerability Directory Traversal Vulnerability in Progress Ipswitch WS_FTP Server 2018 before 8.6.1 Path Traversal and Remote Code Execution Vulnerability in Progress ipswitch WS_FTP Server 2018 before 8.6.1 Directory Traversal Vulnerability in Progress Ipswitch WS_FTP Server 2018 before 8.6.1 Directory Traversal Vulnerability in Progress ipswitch WS_FTP Server 2018 before 8.6.1 Argument Injection Vulnerability in Sangoma Session Border Controller (SBC) 2.3.23-119 GA Web Interface Authentication Bypass Vulnerability in Sangoma Session Border Controller (SBC) 2.3.23-119 GA Web Interface Arbitrary SQL Command Execution in SilverStripe/RestfulServer and SilverStripe/Registry Modules Winsock Elevation of Privilege Vulnerability Unrestricted File Upload Vulnerability in Karamasoft UltimateEditor 1 SSRF Vulnerability in RealObjects PDFreactor before 10.1.10722 XML External Entity (XXE) Vulnerability in RealObjects PDFreactor before 10.1.10722 NULL Pointer Dereference in QEMU's interface_release_resource Function Exposure of Server Metadata in JetBrains TeamCity and UpSource Versions before 2018.2.5 Credential Disclosure via RPC Commands in JetBrains UpSource Versions Before 2018.2 Build 1293 GoHTTP GetExtension Heap-Based Buffer Overflow Stack-Based Buffer Over-read Vulnerability in GoHTTP through 2017-07-25 Memory Object Handling Vulnerability in DirectX GoHTTP sendHeader Use-After-Free Vulnerability SSRF Vulnerability in WPO WebPageTest 19.04 due to Inadequate Validation of Octal Encoded IP Addresses Unverified Update Execution Vulnerability in Upwork Time Tracker 5.2.2.716 Information Disclosure Vulnerability in GAT-Ship Web Module 1.30 Remote Code Execution Vulnerability in Status React Native Desktop before v0.57.8_mobile_ui Command Execution Vulnerability in MiCollab and MiCollab AWV Cross-Site Scripting (XSS) Vulnerability in Emerson Network Power Liebert Challenger 5.1E0.5 Devices via statusstr Parameter in httpGetSet/httpGet.htm Remote Code Execution Vulnerability in Four-Faith Wireless Mobile Router F3x24 v1.0 Arbitrary File Upload and Directory Traversal Vulnerability in ATutor 2.2.4 Chakra Scripting Engine Remote Code Execution Vulnerability Arbitrary File Upload and Remote Command Execution Vulnerability in ATutor through 2.2.4 Insecure Storage of Cleartext Credentials in Dropbox Desktop Application Arbitrary Code Execution via Modified File URL Syntax in Typora 0.9.9.21.1 (1913) Remote Code Execution in MacDown 0.7.1 (870) via file:\\\ URI in HREF Attribute Privilege Escalation Vulnerability in hide.me macOS VPN Helper Tool NULL Pointer Dereference in Zeek Network Security Monitor's Kerberos Protocol Parser Leading to Denial of Service (DoS) Privilege Escalation via Service Reconfiguration in HTC VIVEPORT Insecure Directory Permissions in HTC VIVEPORT Desktop Service Leading to Privilege Escalation via DLL Hijacking Outlook iOS Email Spoofing Vulnerability Arbitrary Code Execution Vulnerability in SmartBear ReadyAPI and SoapUI Privilege Escalation Vulnerability in SolarWinds Serv-U for Linux Remote Code Execution via Directory Traversal in Safescan Timemoto and TA-8000 Series Version 1.0 Remote File Read Vulnerability in Safescan Timemoto TM-616 and TA-8000 Series XSS Vulnerability in BoostIO Boostnote 0.11.15 via Flowchart, Sequence, Gallery, or Chart Label in MarkdownPreview.js Arbitrary File Upload and Remote Command Execution in eLabFTW 1.8.5 Cross-Site Scripting (XSS) Vulnerability in Sylius Products XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 via SearchN.do Search Field Windows Transaction Manager Memory Object Handling Vulnerability Cross-Site Scripting (XSS) Vulnerability in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via testacc/fileManager2.php fm_current_dir or filename parameter SQL Injection Vulnerability in H3C H3Cloud OS (All Versions) via ear/grid_event sidx Parameter XSS Vulnerability in TP-Link TL-WR840N v5 00000005 Devices via Network Name Arbitrary SQL Command Execution Vulnerability in Zoho ManageEngine NetFlow Analyzer 12.3 Stack-Based Buffer Over-Read Vulnerability in GoHttp via Long User-Agent Header Microsoft Browser Security Zone Validation Bypass Vulnerability Session Fixation Vulnerability in SilverStripe Change Password Form Unauthenticated Admin Access Vulnerability in SilverStripe through 4.3.3 SilverStripe 4.3.3 Vulnerability: Flash Clipboard Reflected XSS Heap-Based Buffer Overflow in njs through 0.3.1: A Critical Vulnerability in NGINX Heap-Based Buffer Over-Read Vulnerability in njs through 0.3.1 Heap-Based Buffer Overflow in njs_function_native_call in njs/njs_function.c Privilege Escalation and Information Disclosure in Yubico pam-u2f 1.0.7 Internet Explorer Scripting Engine Memory Corruption Vulnerability File Descriptor Inheritance Vulnerability in Yubico pam-u2f 1.0.7 Heap Overflow Vulnerability in FreeImage 3.18.0 PluginTIFF.cpp Stack Exhaustion Vulnerability in FreeImage 3.18.0 when Reading Special JXR Files Stack Exhaustion Vulnerability in FreeImage 3.18.0 TIFFReadDirectory Function Out-of-Bounds Access in FreeImage 3.18.0 due to Mishandling of OpenJPEG j2k_read_ppm_v3 Function Full Path Disclosure Vulnerability in Matomo v3.9.1 Heap-based Buffer Overflow in IMG_LoadPCX_RW function NULL Pointer Dereference in SDL stdio_read Function NULL Pointer Dereference in IMG_LoadPCX_RW function Invalid Free Error in SDL_SetError_REAL Function Remote Desktop Services Remote Code Execution Vulnerability Out-of-Bounds Read Vulnerability in SDL2 and SDL2_image SEGV Vulnerability in SDL2 and SDL2_image Out-of-Bounds Read Vulnerability in SDL 2.0.9 Buffer Overflow Vulnerability in Hanwah Techwin SRN-x Devices Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Vulnerability: Lack of CSRF Protection in WP Booking System Plugin 1.5.1 for WordPress Windows RDP Server Memory Disclosure Vulnerability Insecure Deserialization Vulnerability in Virim Plugin 0.4 for WordPress Insecure Deserialization Vulnerability in Carts Guru Plugin for WordPress Istio 1.1.x through 1.1.6 Incorrect Access Control Vulnerability Incorrect Access Control for Protected Files in SilverStripe through 4.3.3 Denial of Service Vulnerability in SilverStripe 4.3.3 QEMU 3.0.0 Integer Overflow Vulnerability in qga/commands*.c Files Remote Code Execution via Malicious Email in OTRS Windows RDP Server Memory Disclosure Vulnerability Stored XSS Vulnerability in IdentityServer4 RequestLoggerMiddleware SQL Injection Vulnerability in UCMS 1.4.7 via sadmin/ceditpost.php Arbitrary Post Viewing Vulnerability in Zoho ManageEngine ServiceDesk Plus through 10.5 CSRF Vulnerability in My Little Forum before 2.4.20 Allows Unauthorized Post Deletion Unauthenticated Access Control Vulnerability in Tecson Tankspion and GOKs SmartBox 4 Vulnerability: Wind River VxWorks TCP Component Buffer Overflow (Issue 1 of 4) Buffer Overflow in IPv4 Component: IPNET Stack Overflow Vulnerability Buffer Overflow in VxWorks DHCP Client Component: IPNET Heap Overflow Vulnerability Session Fixation Vulnerability in Wind River VxWorks TCP Component IPNET Security Vulnerability: Denial of Service via NULL Dereference in IGMP Parsing Remote Desktop Services Remote Code Execution Vulnerability Buffer Overflow in TCP Component: IPNET Security Vulnerability Buffer Overflow in Wind River VxWorks TCP Component: IPNET Urgent Pointer State Confusion Vulnerability Vulnerability: Incorrect Access Control in VxWorks RARP Client Component Buffer Overflow in TCP Component: IPNET Security Vulnerability Incorrect Access Control in IPv4 Assignment by ipdhcpc DHCP Client Component in Wind River VxWorks Memory Leak in IGMPv3 Client Component in Wind River VxWorks Arbitrary Code Execution Vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 PGP Signature Spoofing Vulnerability in Enigmail before 2.0.11 Windows Kernel Object Memory Handling Vulnerability Excessive Permissions Vulnerability in OpenText Brava! Enterprise and Brava! Server Unrestricted File Upload Vulnerability in Sandline Centraleyezer (On Premises) Command Injection Vulnerability in OpenWrt LuCI Web Application CSRF Vulnerability in OutSystems Platform 10 through 11 for Content Modifications and File Uploads Unprivileged Users Can Gain Admin Access in Rancher Management Plane through Node Driver Options GrandNode 4.40 LetsEncryptController Path Traversal Vulnerability Path Traversal Vulnerability in Blogifier 2.3 before 2019-05-11 Address Bar Spoofing Vulnerability in Opera for Android Nagios XI 5.6.1 SQL Injection Vulnerability in login.php?forgotpass Windows Kernel Object Memory Handling Vulnerability Uncontrolled Search Path Element in PC-Doctor Toolbox before 7.3 Unauthenticated Firmware Update Vulnerability in VStarcam 100T and 200V Devices Unauthenticated Remote Command Execution in VStarcam Firmware Update Dynamics On-Premise v9 Elevation of Privilege Vulnerability Vulnerability: Domain Impersonation in GNU libidn2 Incorrect Access Control in HashiCorp Consul 1.4.0 through 1.5.0 Allows Unauthorized Key Deletion Critical Vulnerability: Incorrect Access Control in Citrix AppDNA before 7 1906.1.0.472 Heap-based Buffer Over-read in JPXStream::init in Poppler Vulnerability: Denial of Service in Wireshark Dissection Engine Use of an Externally Controlled Format String Vulnerability in scopd on Motorola Routers CX2 1.01 and M2 1.01 Out-of-Bounds Write Vulnerability in Leanify 0.4.3 Stored XSS Vulnerability in Sandline Centraleyezer (On Premises) Category Name Field Hyper-V Network Switch Input Validation Vulnerability OAuth Authorization Token Hijacking Vulnerability Root Password Reset Vulnerability in Percona Server 5.6.44-85.0-1 Packages Arbitrary Command Execution and File Read Vulnerability in Rancher 2 through 2.2.3 Vulnerability: Weak Administrator Password Hash in EZCast Pro II Clickable JavaScript Link Vulnerability in Django AdminURLFieldWidget dotCMS Path Traversal Vulnerability in ZIP Archive Extraction Server SSL/TLS Certificate Validation Vulnerability in Rome SDK ExaGrid Appliance Firmware v4.8.1.1044.P50 Directory Traversal Vulnerability Unrestricted File Upload in Sandline Centraleyezer (On Premises) Leads to Stored XSS Libreswan 3.27 Vulnerability: Assertion Failure and IKE Daemon Restart Cross-Site Scripting (XSS) Vulnerability in Shave before 2.5.3 Local File Inclusion Vulnerability in Deltek Maconomy 2.2.5 via Absolute Path Traversal Reflected Cross-Site Scripting (XSS) Vulnerability in Samsung SCX-824 Printers Improper Impersonation in Diagnostics Hub Standard Collector Service: Elevation of Privilege Vulnerability Invalid Pointer Write DoS Vulnerability in Hosting Controller HC10 10.14 Command Injection Vulnerability in Akuvox R50P VoIP Phone Configuration Web Interface Buffer Overflow Vulnerabilities in Htek UC902 VoIP Phone Web Management Interface Arbitrary Code Execution via Manipulated Ringtone Upload in Akuvox R50P VoIP Phone 50.0.6.156 Insecure Telnet Access with Hardcoded Credentials in Akuvox R50P VoIP Phone 50.0.6.156 Command Injection Vulnerability in Atcom A10W VoIP Phone Firmware 2.6.1a2421 Memory Object Handling Vulnerability in Microsoft Exchange Server XXE vulnerability in PHPOffice PhpSpreadsheet before 1.8.0 Azure Stack Spoofing Vulnerability Cross-Site Scripting (XSS) Vulnerability in Kiboko Hostel Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in miniOrange SAML SP Single Sign On Plugin for WordPress Stored XSS Vulnerability in pfSense 2.4.4-p3 via acme_accountkeys_edit.php Action SQL Injection Vulnerability in zzcms 2019 via daohang or img POST parameter SQL Injection Vulnerability in zzcms 2019 via /admin/dl_sendsms.php Windows Text Service Framework Elevation of Privilege Vulnerability SQL Injection Vulnerability in zzcms 2019 via dl_download.php SQL Injection Vulnerability in zzcms 2019 via Trailing Comma in id Parameter SQL Injection Vulnerability in zzcms 2019: Exploiting dl_sendmail.php SQL Injection Vulnerability in zzcms 2019: Exploiting /admin/dl_sendmail.php via id Parameter SQL Injection Vulnerability in zzcms 2019: Admin Authority SQL Injection in /admin/showbad.php SQL Injection Vulnerability in zzcms 2019: /user/dls_print.php (id parameter) SQL Injection Vulnerability in zzcms 2019: Exploiting /user/dls_download.php via id parameter SQL Injection Vulnerability in zzcms 2019: Admin Authority SQL Injection in deluser.php SQL Injection Vulnerability in zzcms 2019: Exploiting dl_sendsms.php SQL Injection Vulnerability in zzcms 2019: Admin Authority SQL Injection via id Parameter in /admin/ztliuyan_sendmail.php VBScript Object Memory Handling Remote Code Execution Vulnerability Stack-based Buffer Over-read Vulnerability in Xpdf 4.01.01 Cross-Site Scripting (XSS) Vulnerability in EmpireCMS 7.5.0 via e/member/doaction.php Cross-Site Scripting (XSS) Vulnerability in EmpireCMS 7.5.0 via HTTP Referer Header in e/member/doaction.php CSRF Vulnerability in JN-Jones MyBB-2FA Plugin Allows Unauthorized Deactivation of Two-Factor Authentication XSS and Arbitrary File Loading Vulnerability in Newton Application for Android XSS and Arbitrary File Loading Vulnerability in Nine Application for Android XSS and Arbitrary File Loading Vulnerability in BlueMail for Android XSS and Arbitrary File Loading Vulnerability in Edison Mail for Android XSS and Arbitrary File Loading Vulnerability in TypeApp for Android Chakra Scripting Engine Remote Code Execution Vulnerability XSS and Arbitrary File Loading Vulnerability in Spark Application for Android SQL Injection Vulnerability in Petraware pTransformer ADC Remote Disclosure of Administrator Passwords in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5 SQL Injection Vulnerability in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5 Open Directory Vulnerability in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5 Hard-coded Encryption Key Vulnerability in Ivanti LANDESK Management Suite Arbitrary File Upload Vulnerability in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5 Unchecked kmalloc in ip6_ra_control leading to potential denial of service Memory Leak in con_insert_unipair Function in Linux Kernel VBScript Object Memory Handling Remote Code Execution Vulnerability EFI Subsystem Memory Allocation Failure Vulnerability Unchecked kmalloc in ip_ra_control leading to potential denial of service Unchecked kstrdup in drm_load_edid_firmware leading to potential NULL pointer dereference and system crash Information Exposure Vulnerability in Tor Browser Polymorphic Deserialization Vulnerability in FasterXML Jackson-Databind 2.x SQL Injection Vulnerability in Ampache Search Engine Stored XSS in Ampache's LocalPlay add instance functionality HTTP Request Injection Vulnerability in Twisted Web ClearText Transmission Vulnerability in Anviz Access Control Devices Anviz Access Control Devices Vulnerability: Unauthorized Access to Credentials via Port TCP/5010 VBScript Object Memory Handling Remote Code Execution Vulnerability Anviz Access Control Devices Vulnerability: Unauthorized Remote Query of Private Information Insufficient Logging of Door Open Requests in Anviz Management System for Access Control Anviz Access Control Devices: Remote Command Execution without Password Vulnerability in Anviz Access Control Devices: Exploitable Replay Attacks on Open Door Requests Unverified Password Change Vulnerability in Anviz Access Control Devices Unauthenticated Access to Map Images in Webbukkit Dynmap 3.0-beta-3 or Below Cross-Site Scripting Vulnerability in Apache Ranger's Policy Import Functionality Arbitrary JavaScript Execution Vulnerability in Apache Airflow Classic UI Plaintext Secret Disclosure in Apache Kafka Connect Jet Database Engine Remote Code Execution Vulnerability Caching Mechanism Vulnerability in Apache Santuario XML Security for Java XML Resource Consumption Vulnerability in Solr Update Handler (a.k.a. Lol Bomb) Infinite Loop Denial of Service Vulnerability in Apache Commons Compress 1.15 to 1.18 Apache JSPWiki InfoContent.jsp XSS Vulnerability LDAP Authentication Bypass in Apache Traffic Control 3.0.0 and 3.0.1 Apache CXF Denial of Service Vulnerability Apache JSPWiki Plugin Link XSS Vulnerability Uninitialized Memory Bug in Apache Arrow 0.14.0 to 0.14.1 Insecure Remote JMX Monitoring in Apache Solr Jet Database Engine Remote Code Execution Vulnerability Uninitialized Memory Vulnerability in Apache Arrow Versions 0.12.0 to 0.14.1 Null Pointer Dereference Vulnerability in libapreq2 Multipart Parser Unauthorized Access to Database Metadata in Apache Incubator Superset Unauthorized Database Name Disclosure in Apache Incubator Superset before 0.32 XML External Entity (XXE) Processing Vulnerability in Apache POI up to 4.1.0 Vulnerability: Injection Attacks in DeltaSpike WindowHandler.js with ClientSideWindowStrategy Arbitrary JavaScript Execution and Local File Disclosure Vulnerability in Airflow Metadata Database Apache Tomcat JMX Remote Lifecycle Listener Man-in-the-Middle Vulnerability OpenId Connect Access Token Service Vulnerability Jet Database Engine Remote Code Execution Vulnerability Excessive Resource Consumption Vulnerability in Apache SpamAssassin Authentication Token Invalidation Vulnerability in NiFi Versions 1.0.0 to 1.9.2 Padding Attack Vulnerability in Apache Shiro's Remember Me Configuration Apache CXF OpenId Connect JWK Keys Service Exposes Private and Secret Key Credentials Apache OFBiz 17.12.01 Vulnerability: Host Header Injection Unauthenticated Access to Backend Screens via setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 Non-persistent XSS vulnerability in Zimbra Collaboration Admin Console (before 8.8.15 Patch 1) Bypassing Mandatory External Authentication Provider Sign-In Restrictions Improper Access Control in GitLab Community and Enterprise Edition Allows Unauthorized Access to Confidential Issue Details Jet Database Engine Remote Code Execution Vulnerability Remote Command Injection Vulnerability in GitLab Community and Enterprise Edition 11.11 Improper Access Control in GitLab Community and Enterprise Edition Allows Restricted Users to Access Private Milestone Metadata Information Disclosure Vulnerability in GitLab Community and Enterprise Edition Improper Input Validation in GitLab Community and Enterprise Edition: Creating Internal Projects in Private Groups Leads to Permission Issues URL Slug Guessing Vulnerability in GitLab Allows Information Disclosure Samba AD DC DNS Management Server NULL Pointer Dereference Vulnerability Samba 4.10.x: AD DC LDAP Server Denial of Service Vulnerability Incomplete CSRF Mitigation in SilverStripe GraphQL Mutations Improper Use of Temporary Directories in Bubblewrap Allows for Privilege Escalation DirectWrite Memory Disclosure Vulnerability Unauthenticated Command Injection Vulnerability in Sitecore Rocks Plugin Bypass of Protected Branches Restriction Rules in GitLab Persistent XSS Vulnerability on Child Epics in GitLab Enterprise Edition 11.7 through 11.11 Server-Side Request Forgery (SSRF) Vulnerabilities in GitLab Community and Enterprise Edition Persistent XSS Vulnerability in GitLab Wiki Pages Cross-Site Scripting (XSS) Vulnerability in GitLab Community and Enterprise Edition 8.4 through 11.11 Information Exposure through Error Message in GitLab Community and Enterprise Edition 8.3 through 11.11 Insecure File Ownership Handling in GNOME gvfs Race Conditions in GNOME gvfs Backend Admin Privilege Escalation Vulnerability in GNOME gvfs DirectWrite Memory Disclosure Vulnerability Improper File Permission Handling during Copy Operation in GNOME GLib Information Disclosure in Containous Traefik 1.7.x through 1.7.11 Stored XSS Vulnerability in MicroStrategy Web (before 10.1 patch 10) due to Missing Input Validation in FLTB Parameter Potential vulnerability in wcd9335_codec_enable_dec in Linux kernel through 5.1.5 Unchecked kstrndup in sunxi_divs_clk_setup leading to potential denial of service Double Fetch Vulnerability in Linux Kernel's MPT3COMMAND Case Directory Listing Vulnerability in FileRun 2019.05.21 Directory Listing Vulnerability in FileRun 2019.05.21 Directory Listing Vulnerability in FileRun 2019.05.21 Jet Database Engine Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Web Port 1.19.1 via /access/setup Type Parameter Cross-Site Scripting (XSS) Vulnerability in Web Port 1.19.1 via /log Type Parameter LibreNMS 1.50.1 Multiple Graphing Vulnerabilities Local File Inclusion Vulnerability in LibreNMS 1.50.1 SQL Injection Vulnerability in LibreNMS 1.50.1 CSRF Vulnerability in Wikimedia MediaWiki 1.32.1 MediaWiki Incorrect Access Control Vulnerability in Special:ChangeEmail Bypassing Re-authentication Vulnerability in Wikimedia MediaWiki 1.27.0 through 1.32.1 Incorrect Access Control in MediaWiki through 1.32.1: Exposed Suppressed Username or Log in Special:EditTags Jet Database Engine Remote Code Execution Vulnerability Incorrect Access Control in Wikimedia MediaWiki through 1.32.1: Exposed Suppressed Log in RevisionDelete Page XSS Vulnerability in Wikimedia MediaWiki 1.30.0 through 1.32.1 Bypassing IP Range Blocks via API in Wikimedia MediaWiki Title: Denial of Service Vulnerability in Wikimedia MediaWiki 1.27.0 through 1.32.1 Information Leak in Wikimedia MediaWiki 1.23.0 through 1.32.1 Stored XSS Vulnerability in MicroStrategy Web 10.4.6 and earlier versions Authentication Bypass Vulnerability in Zoho ManageEngine ADSelfService Plus Remote File Inclusion Vulnerability in Supra Smart Cloud TV's openLiveURL Function Path Traversal Vulnerability in 20|20 Storage LocalStorageProvider Jet Database Engine Remote Code Execution Vulnerability Denial of Service Vulnerability in BACnet Protocol Stack through 0.8.6 NULL Pointer Dereference in GPAC 0.7.1: GetESD Function Vulnerability NULL Pointer Dereference in GPAC 0.7.1: gf_isom_get_original_format_type Vulnerability Heap-based Buffer Overflow in GPAC 0.7.1 Command Injection Vulnerability in Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 Devices Jet Database Engine Remote Code Execution Vulnerability Reverse Tabnabbing Vulnerability in Simple Machines Forum (SMF) Arbitrary Command Execution with Root Privileges in OnApp for XEN/KVM Hypervisors Arbitrary Event Creation and Information Disclosure Vulnerability in Gallagher Command Centre Stack-based Buffer Over-read Vulnerability in Xpdf 4.01.01 Improper Access Control in Gardener Seed Clusters Allows Information Disclosure Out-of-Bounds Write Vulnerability in Tiny C Compiler 0.9.27 Default Skipping of Root CA Certificate Verification in Gobot MQTT Subsystem Information Disclosure Vulnerability in OTRS Customer Frontend Unauthenticated REST API Access Vulnerability in WP Live Chat Support Plugin Firejail before 0.9.60 Vulnerability: Binary Truncation Jet Database Engine Remote Code Execution Vulnerability Bluetooth Low Energy Command Spoofing Vulnerability in Xiaomi M365 Scooter CSRF Vulnerability in MOBOTIX S14 MX-V4.2.1.61 Cameras Allows Unauthorized Account Creation Keystroke Injection Vulnerability in Inateck BCST-60 Wireless Barcode Scanner Keystroke Injection Vulnerability in Inateck WP2002 Wireless Presenter Unencrypted and Unauthenticated Data Communication Vulnerability in Inateck WP1001 v1.3C Wireless Presenter Keystroke Injection Vulnerability in Logitech R700 Laser Presentation Remote R-R0010 XSS Vulnerability in PHPRelativePath 1.0.2 via RelativePath.Example1.php Path Parameter DirectWrite Memory Disclosure Vulnerability Authentication Bypass Vulnerability in NETGEAR Nighthawk X10-R900's NETGEAR Genie SOAP API Arbitrary Command Execution Vulnerability in NETGEAR Nighthawk X10-R9000 Stored XSS Vulnerability in NETGEAR Nighthawk X10-R900 (CVE-2021-XXXX) Stored XSS Vulnerability in NETGEAR Nighthawk X10-R900 (CVE-2021-XXXX) Out-of-Bounds Read Vulnerability in Xpdf 4.01.01's FlateStream::getChar() Function SQL Injection Vulnerability in Slickquiz Plugin for WordPress Unauthenticated Cross-Site Scripting (XSS) Vulnerability in SlickQuiz WordPress Plugin Buffer Overflow Vulnerability in Anviz CrossChex Access Control Management Software 4.3.8.0 and 4.3.12 Stack Buffer Overflow in Squid's ESIExpression::Evaluate Windows GDI Memory Disclosure Vulnerability Vulnerability: Username Delimitation in Squid Caching Proxy Heap Overflow Vulnerability in Squid ESI Parsing Privilege Escalation Vulnerability in Squid Bypassing Access Controls in Squid URN Handling URL Encoding Bypass Vulnerability in Squid Squid Digest Authentication Header Parsing Vulnerability Heap-based Buffer Overflow in Squid URN Response Handling Heap-based Buffer Overflow in Squid HTTP Proxy Server FTP Server Triggered Heap Memory Disclosure in Squid Squid Proxy Server Basic Authentication Header Parsing Vulnerability Windows AppX Deployment Server Junction Handling Elevation of Privilege Vulnerability Vulnerability: Incorrect Access Control in stdonato Dashboard Plugin for GLPI Insyde Software Tools Access Control Vulnerability XSS Vulnerability in Zoho ManageEngine AssetExplorer's SearchN.do Search Field XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 SiteLookup.do Search Field XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus Purchase Component Uninitialized Memory Disclosure in Windows Hyper-V XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 10.5 via WorkOrder.do Search Field XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 via SearchN.do UserConfigID Parameter XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 via PurchaseRequest.do serviceRequestId Parameter Remote Code Execution in Bludit 3.9.0 via Logo Upload Vulnerability Hardcoded Private Keys in WAGO 852-303, 852-1305, and 852-1505 Devices File Handling Vulnerability in Microsoft Defender Leads to Denial of Service Hardcoded User and Password Vulnerability in WAGO 852-303, 852-1305, and 852-1505 Devices Arbitrary Memory Overwrite Vulnerability in SweetScape 010 Editor 9.0.1 Integer Overflow Vulnerability in SweetScape 010 Editor 9.0.1: Potential Denial of Service Arbitrary Memory Overwrite Vulnerability in SweetScape 010 Editor 9.0.1 Denial of Service Vulnerability in SweetScape 010 Editor 9.0.1 Denial of Service Vulnerability in SweetScape 010 Editor 9.0.1 Win32k Object Handling Elevation of Privilege Vulnerability Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0: Remote Code Execution with Admin Privileges Database Backup File Disclosure Vulnerability in DouCo DouPHP v1.5 Release 20190516 Stored XSS Vulnerability in WP Statistics Plugin for WordPress Stack-based Overflow Vulnerability in logMess Function in Open TFTP Server MT 1.65 and Earlier Stack-based Overflow Vulnerability in logMess Function in Open TFTP Server SP 1.66 and Earlier Arbitrary Command Execution Vulnerability in Viber Desktop (Windows) Microsoft SharePoint Remote Code Execution Vulnerability SQL Injection Vulnerability in Xpert Solution Server Status by Hostname/IP Plugin 4.6 for WordPress Arbitrary File Overwrite Vulnerability in London Trust Media Private Internet Access (PIA) VPN Client for macOS Arbitrary Code Execution Vulnerability in PIA VPN Client for Windows Privilege Escalation Vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS DLL Injection Vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows Privilege Escalation Vulnerability in PIA VPN Client v82 for Linux Privilege Escalation Vulnerability in PIA VPN Client for macOS Privilege Escalation Vulnerability in PIA VPN Client for macOS Privilege Escalation via OpenVPN's --route-pre-down Parameter Privilege Escalation Vulnerability in PIA VPN Client for Linux and macOS Azure Active Directory Authentication Library On-Behalf-Of Flow Elevation of Privilege Vulnerability Reflective Cross-site scripting (XSS) vulnerability in Zyxel ZyWall, USG, and UAG devices via err_msg parameter in free_time_failed.cgi Unrestricted Guest Account Generation in Zyxel UAG, USG, and ZyWall Devices Cross-Site Scripting (XSS) Vulnerability in Apcupsd 0.3.91_5 Arbitrary Command Execution in Apcupsd_status.php Denial of Service Vulnerability in Espressif ESP-IDF and ESP8266_NONOS_SDK Zero Pairwise Master Key (PMK) Installation Vulnerability in Espressif ESP-IDF and ESP8266_NONOS_SDK Denial of Service Vulnerability in Espressif ESP8266_NONOS_SDK Writable Seccomp Filters in Firejail: Bypassing Intended Restrictions Microsoft SharePoint Cross-Site Request Forgery (CSRF) Vulnerability Command Injection Vulnerability in NETGEAR Insight Cloud Firmware Evernote Web Clipper Extension UXSS Vulnerability Local File Inclusion Vulnerability in IceWarp Mail Server through 10.4.4 via Webmail/Calendar/Minimizer/Index.php Vulnerability: Incorrect Access Control in DOSBox 0.74-2 XSS Vulnerability in Zoho ManageEngine AssetExplorer via RCSettings.do rdsName Parameter XSS Vulnerability in Zoho ManageEngine AssetExplorer via SoftwareListView.do XSS Vulnerability in Zoho ManageEngine AssetExplorer via ResourcesAttachments.jsp SQL Injection Vulnerability in SuiteCRM 7.8.x - 7.11.x (Issue 1 of 3) SQL Injection Vulnerability in SuiteCRM 7.10.x and 7.11.x SharePoint Elevation of Privilege Vulnerability SQL Injection Vulnerability in SuiteCRM 7.8.x, 7.10.x, and 7.11.x (Issue 2 of 3) SQL Injection Vulnerability in SuiteCRM 7.8.x, 7.10.x, and 7.11.x Microsoft SharePoint Cross-Site Request Forgery (CSRF) Vulnerability Memory Allocation Vulnerability in Bitdefender BOX Firmware Arbitrary Code Execution Vulnerability in Bitdefender BOX Firmware Unchecked kstrdup in dlpar_parse_cc_property can lead to NULL pointer dereference and system crash Unchecked kstrdup_const in get_vdev_port_node_info can lead to NULL pointer dereference and system crash CSRF Vulnerability in phpMyAdmin Allows Remote Code Execution Access Escalation through Permission Cache Pollution in SilverStripe CMS Incorrect Access Control via the exec driver in HashiCorp Nomad 0.9.0 through 0.9.1 SQL Injection Vulnerability in Cisco SD-WAN Solution vManage Microsoft Office SharePoint XSS Vulnerability Arbitrary Value Injection Vulnerability in Cisco HyperFlex Software Statistics Collection Service Title: Cisco HyperFlex Software Vulnerability: Insufficient Key Management Enables Man-in-the-Middle Attacks Privilege Escalation Vulnerability in Cisco RoomOS Software File Enumeration Vulnerability in Cisco NFVIS Web Server Title: Cisco IOS XE NGWC Web Management Interface CSRF Vulnerability Zip Bomb Denial of Service Vulnerability in ClamAV Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Contact Center Express (Unified CCX) Web-Based Management Interface Unauthorized Read Access Vulnerability in Cisco Firepower Threat Defense (FTD) Software Arbitrary Command Execution Vulnerability in Cisco SD-WAN Solution's WebUI Memory Disclosure Vulnerability in Microsoft Excel Java Deserialization Vulnerability in Cisco Security Manager Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Guest Portal Cisco Finesse Server-Side Request Forgery (SSRF) Vulnerability Cisco Unified Contact Center Express Vulnerability: Server-Side Request Forgery (SSRF) Bypass Unauthenticated Remote DoS Vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Unauthorized Access to Email Quarantine in Cisco Content Security Management Appliance (SMA) Software Cross-Site Request Forgery Vulnerability in Cisco Small Business Smart and Managed Switches Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Microsoft Office Input Handling Security Feature Bypass Vulnerability Cisco IOS XE Software REST API Authentication Bypass Vulnerability Cisco Identity Services Engine (ISE) Software: Cross-Site Scripting (XSS) Vulnerability in Web-Based Management Interface Title: Arbitrary Code Execution Vulnerability in Cisco Jabber Client Framework for Mac Software Cisco IOS XE Software NAT SIP ALG Vulnerability Cisco IOS and IOS XE Software Ident Protocol Handler Denial of Service Vulnerability Vulnerability: Unauthorized Access to Guest OS in Cisco IOx Application Environment Cisco IOS XE Software Image Verification Bypass Vulnerability Intune Policy Bypass Vulnerability in Microsoft Yammer App for Android Command Execution Vulnerabilities in Cisco IOS XE Software Web UI Command Execution Vulnerabilities in Cisco IOS XE Software Web UI Denial of Service Vulnerability in Cisco Catalyst 4000 Series Switches Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability Cisco IOS and IOS XE Software SIP Library Denial of Service Vulnerability Buffer Overflow Vulnerability in Cisco IOS XE Software FTP ALG Cisco IOx Application Environment Denial of Service Vulnerability Denial of Service (DoS) Vulnerability in Cisco IOS XE Software with Unified Threat Defense (UTD) Cisco IOS XE Software Filesystem Resource Exhaustion Vulnerability Cisco IOS XE Software HTTP Server Crash Vulnerability Outlook Web App (OWA) Spoofing Vulnerability in Microsoft Exchange Server Memory Write Vulnerability in Cisco IOS XE CLI Arbitrary Command Execution Vulnerability in Cisco IOS XE Software Vulnerability: Bypassing Signature Verification in Cisco NX-OS and Cisco IOS XE Software Cisco TrustSec (CTS) PAC Provisioning Module Denial of Service Vulnerability Vulnerability in Dialer Interface Feature for ISDN Connections in Cisco IOS XE Software Unauthenticated Remote Attackers Can Read and Modify Data in Cisco IOS and IOS XE Software Directory Traversal Vulnerability in Cisco IOS XE Software's Guest Shell Stored Cross-Site Scripting (XSS) Vulnerability in Cisco IOS XE Software Stored Cross-Site Scripting (XSS) Vulnerability in Cisco IOS and Cisco IOS XE Software Cisco TrustSec RADIUS CoA Code Denial of Service Vulnerability Symbolic Link and Hard Link Vulnerability in Microsoft Compatibility Appraiser Insufficient File Permissions Vulnerability in Cisco IOS XE Software Shell Access Vulnerability in Cisco IOS XE Software Arbitrary Code Execution Vulnerability in Cisco IOS XE Software Cisco ASA and FTD Software FTP Inspection Engine Denial of Service Vulnerability Privilege Escalation Vulnerabilities in Cisco Firepower Threat Defense (FTD) Software Privilege Escalation Vulnerabilities in Cisco Firepower Threat Defense (FTD) Software OSPF Implementation Denial of Service Vulnerability in Cisco ASA and FTD Software Cisco ASA Software SSL VPN Denial of Service Vulnerability Cisco ASA and FTD Software SIP Inspection Module Denial of Service Vulnerability Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Winlogon File Path Handling Vulnerability Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Web UI Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Web UI Arbitrary Code Execution Vulnerability in Cisco Firepower Management Center (FMC) Software Windows ALPC Elevation of Privilege Vulnerability Arbitrary Command Injection Vulnerability in Cisco Firepower Management Center (FMC) Web UI Directory Traversal Vulnerability in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco ASA Software's Secure Copy (SCP) Feature Cisco Firepower Threat Defense (FTD) Software CLI Command Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco ASA and FTD WebVPN Portal Bypass of Malware and File Policies for RTF and RAR Files in Cisco Firepower System Software Detection Engine Bypass of Malware and File Policies for RTF and RAR Files in Cisco Firepower System Software Detection Engine WebVPN CPU Utilization Vulnerability in Cisco ASA and FTD Software Command Execution Vulnerabilities in Cisco FXOS and FTD Software Windows Store Installer Symbolic Link Attack Vulnerability Denial of Service Vulnerability in Cisco Firepower Software Unauthenticated Remote Bypass of File and Malware Inspection Policies in Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability in Cisco SPA100 Series Analog Telephone Adapters (ATAs) Web Interface Cross-Site Scripting Vulnerability in Cisco SPA122 ATA with Router Devices Arbitrary File Disclosure Vulnerability in Cisco SPA100 Series Analog Telephone Adapters (ATAs) Cross-Site Scripting (XSS) Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Cisco Email Security Appliance SPF Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Products Cisco SPA100 Series ATA Web Management Interface Information Disclosure Vulnerability Arbitrary Command Execution Vulnerability in Cisco ASR 9000 Series Routers Windows Media Elevation of Privilege Vulnerability in hdAudio.sys SQL Injection Vulnerability in Cisco Unified Communications Manager and Session Management Edition XML Entity Injection Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure Web Interface Cisco IC3000 Industrial Compute Gateway Web Management Interface Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Session Management Edition Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Cross-Site Scripting (XSS) Vulnerability in Cisco Small Business Smart and Managed Switches Incorrect Access Control Vulnerability in Picture_Manage_mvc.aspx Allows Unauthenticated File Upload Windows ALPC Elevation of Privilege Vulnerability SQL Injection Vulnerability in AUO SunVeillance Monitoring System SQL Injection Vulnerability in Teclib Fields Plugin for GLPI Stored XSS Vulnerability in Teclib News Plugin for GLPI Remote Command Execution Vulnerability in Zeroshell 3.9.0 Ubiquiti airCam 3.1.4 RTSP Service Denial of Service Vulnerability Cleartext HTTP Resolution Vulnerability in Grails before 3.3.10 Active Directory Federation Services XSS Vulnerability Uninitialized Variable Vulnerability in FFmpeg's aa_read_header Function Insecure Implementation Vulnerability in Snapview Mikogo for Windows XSS Vulnerability in Chartkick Gem (Ruby) Remote Code Execution Vulnerability in SiteVision 4 SiteVision 4 Vulnerability: Incorrect Access Control Arbitrary OS Command Execution via Modeline in Vim and Neovim Command Injection Vulnerability in JetBrains Ktor Framework before 1.2.0-rc Predictable Salt Vulnerability in UserHashedTableAuth Remote Code Execution via RAR Filename in Nextcloud ExtractionController Memory Address Initialization Vulnerability in Windows Kernel Cross-Site Scripting (XSS) Vulnerability in HAPI FHIR Testpage Overlay Module Insecure Direct Object Reference vulnerability in Bludit prior to 3.9.1 allows unauthorized password changes User Account Enumeration Vulnerability in HumHub Social Network Kit Enterprise v1.3.13 SeedDMS before 5.1.11 Unvalidated File Upload Remote Command Execution Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in SeedDMS before 5.1.11 via name field in out/out.UsrMgr.php Session ID Disclosure Vulnerability in OTRS Community Edition 5.0.x - 6.0.x Deserialization of Untrusted Data in TYPO3 8.x and 9.x Cross-Site Scripting (XSS) Vulnerability in TYPO3 8.3.0 - 8.7.26 and 9.0.0 - 9.5.7 Cookie Spoofing Vulnerability in DBusServer Privilege Escalation Vulnerability in Symantec Endpoint Protection Privilege Escalation Vulnerability in Symantec Messaging Gateway (prior to 10.7.1) Tamper Protection Bypass Vulnerability in Symantec SONAR Component Information Disclosure Vulnerability in Symantec Reporter Web UI 10.3: Unauthorized Password Access Cross-Site Scripting (XSS) Vulnerability in Symantec My VIP Portal Unintentional Information Disclosure Vulnerability in Norton Password Manager Password Protection Bypass Vulnerability in Symantec Endpoint Protection (SEP) Prior to 14.2 RU2 Privilege Escalation Vulnerability in Symantec Endpoint Protection Unsigned Code Execution Vulnerability in Symantec Endpoint Protection Privilege Escalation Vulnerability in Symantec Endpoint Protection Manager and Symantec Mail Security for MS Exchange Deserialization Vulnerability in Parso: Arbitrary Code Execution via Cache Grammar Parsing Code Injection Vulnerability in PyXDG Menu XML Parsing Ghost Touch Vulnerability: Exploiting Touchscreen Anomalies in Xiaomi Mi 5s Plus Devices Insecure Storage of Recorded Video in Security Camera CZ Android App Vulnerability: Unauthorized Manipulation of Joomla! Update Server URL CSV Injection Vulnerability in Joomla! before 3.9.7 XSS Vulnerability in Joomla! Subform Fieldtype Arbitrary Command Execution Vulnerability in D-Link DAP-1650 Devices Authentication Bypass Vulnerability in D-Link DAP-1650 Devices Cross-Site Request Forgery Vulnerability in SolarWinds Serv-U Managed File Transfer (MFT) Web Client Windows Audio Service Elevation of Privilege Vulnerability Command Injection Vulnerability in ThinStation 6.1.1 via Shell Metacharacters Arbitrary Content Embedding Vulnerability in Verint Impact 360 15.1 Stored XSS Vulnerabilities in ENTTEC Datagate Mk2 70044_update_05032019-482 High-privileged root access vulnerability in ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 Hard-coded SSH Backdoor Vulnerability in ENTTEC Devices Insecure Directory Permissions on ENTTEC Devices with Firmware 70044_update_05032019-482 Arbitrary File Overwrite Vulnerability in libqb before 1.0.5 Windows Unistore.dll Elevation of Privilege Vulnerability Command Injection Vulnerability in Belkin Wemo Enabled Crock-Pot via SetSmartDevInfo Action Insecure HTTP to HTTPS Redirection Vulnerability in Django Authorization Bypass Vulnerability in Pinboard Updates in ThoughtSpot Open Redirect Vulnerability in Verint Impact 360 15.1 Cross-Site Request Forgery (CSRF) Vulnerability in Verint Impact 360 15.1 Command Injection Vulnerability in D-Link DIR-818LW Devices Command Injection Vulnerability in D-Link DIR-818LW Devices Buffer Overflow Vulnerability in Photodex ProShow Producer v9.0.3797 Root Privilege Escalation and Permanent Device Modification Vulnerability in Actiontec T2200H T2200H-31.128L.08 Heap-based Buffer Over-read in r_egg_lang_parsechar Function of radare2 Vulnerability: Directory Traversal in Vesta Control Panel v-list-user Script Command Injection Vulnerability in Vesta Control Panel 0.9.8-24: Remote Root Privilege Escalation Vulnerability: Unauthorized Credential Reset by Organization Admins in MISP 2.4.108 Privilege Escalation via Unauthenticated D-Bus Method Calls in gvfsd Hardcoded PIN in ELM327 OBD2 Bluetooth Device Allows Arbitrary Commands to Vehicle OBD-II Bus MuJS 1.0.5 - Regular Expression Program Size Overflow Vulnerability Arbitrary Deserialization Remote Code Execution in Shopware through 5.6.x LNK Remote Code Execution Vulnerability in Microsoft Windows Stored XSS Vulnerability in SeedDMS 5.1.11 via GROUP Name in out/out.GroupMgr.php Denial of Service and Memory Access Vulnerability in radare2 through 3.5.1 Unrestricted File Upload and Remote Code Execution in Hunesion i-oneNet Lack of Update File Integrity Checking in Hunesion i-oneNet Allows for Malicious Update Exploitation Arbitrary Command Execution via NCSOFT Game Launcher Custom Protocol Handler Stack-Based Buffer Overflow Vulnerability in UniSign 2.0.4.0 and Earlier Versions Stack-based Buffer Overflow Vulnerability in Alzip 10.83 and Earlier Versions Local Privilege Escalation Vulnerability in ALTOOLS Update Service 18.1 and Earlier Versions Arbitrary File Download and Execution Vulnerability in Yes24ViewerX ActiveX Control ALSee v5.3 ~ v8.39 .PSD Parsing Out of Bounds Write Vulnerability Arbitrary Command Execution via ActiveX Control ShellOpen Method in MyBuilder Arbitrary Command Execution via Crafted Configuration File in MyBuilder Viewer Cleartext Key and Salt Vulnerability in Digital Persona U.are.U 4500 Fingerprint Reader v24 Polymorphic Typing Vulnerability in FasterXML jackson-databind 2.x through 2.9.9 Arbitrary File Copy Vulnerability in ProFTPD Mod_Copy: Remote Code Execution and Information Disclosure Arbitrary Code Execution via Crafted Module Name in ZNC Unrestricted Virtual Memory Access in PowerPC Linux Kernel NULL pointer dereference vulnerability in nfc_llcp_build_tlv function Use-after-free vulnerability in __mdiobus_register() function in Linux kernel before 5.0 allows denial of service Windows Common Log File System Driver Sandbox Bypass Vulnerability Unencrypted HTTP Communication Vulnerability in Shenzhen Jisiwei i3 Robot Vacuum Cleaner App 2.0 Predictable QR-code vulnerability in Shenzhen Jisiwei i3 Robot Vacuum Cleaner App 2.0 HTTP Header Parsing Vulnerability in Embedthis GoAhead XML Feed XSS Vulnerability in Craft CMS before 3.1.31 Unauthorized Access to Docker Registries in GitLab Enterprise 12.0.0-pre Cross-Site Request Forgery (CSRF) Vulnerability in 2by2host Widget Logic Plugin for WordPress Buffer Overflow Vulnerability in res_pjsip_messaging in Digium Asterisk Versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0, and Earlier Remote Code Execution via Origin URI Scheme Injection Buffer Overflow Vulnerability in radare2 RParse API Memory Object Disclosure Vulnerability in Microsoft Graphics Components Nested Video MyCode Persistent XSS Vulnerability in MyBB before 1.8.21 MyBB Theme Import Stylesheet Name Remote Code Execution Vulnerability DOM Injection Vulnerability in HT2 Labs Learning Locker 3.15.1 Out-of-Bounds Write Vulnerability in xml_memory_writer::write in Leanify 0.4.3 URL/Link Forgery Vulnerability in Bobronix JEditor for Jira Information Disclosure Vulnerability in Java API of accesuniversitat.gencat.cat 1.7.5 SQL Injection Vulnerability in SchedMD Slurm 17.11.x, 18.08.0-18.08.7, and 19.05.0 Arbitrary Command Execution Vulnerability in OrangeHRM 4.3.1 and Earlier DirectX Memory Handling Vulnerability Arbitrary Command Execution with Root Privileges in Webmin Package Updates Module ZIP Extraction Vulnerability in JetBrains TeamCity Reflected XSS Vulnerability Patched in JetBrains TeamCity 2018.2.2 Stored JavaScript Injection Vulnerability in JetBrains TeamCity 2018.2.3 Stored JavaScript Injection Vulnerability in JetBrains TeamCity 2018.2.3 Unencrypted Connection Vulnerability in JetBrains TeamCity 2018.2.3 Unauthorized Access to JetBrains TeamCity Settings in Versions Prior to 2018.2.2 Cleartext Password Exposure in JetBrains Hub SMTPSettings Audit Events Win32k Object Handling Elevation of Privilege Vulnerability Query Injection Vulnerability Patched in JetBrains YouTrack 2018.4.49168 CSRF Vulnerability in JetBrains YouTrack Admin Endpoint SSRF Vulnerability Patched in JetBrains YouTrack 2018.4.49168 Squid cachemgr.cgi Denial of Service Vulnerability Unverified Certificate Vulnerability in Twisted XMPP Support Windows GDI Memory Disclosure Vulnerability Stored HTML Injection in SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) via Web Console Settings SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) Information Leakage Vulnerability Double Free Vulnerability in cmd_mount of radare2 through 3.5.1 Insecure Direct Object Reference and Authorization Bypass in JetBrains YouTrack (Fixed in 2018.4.49168) Privilege Escalation Vulnerability in JetBrains YouTrack Issue Attachments Remote Command Execution in MISP 2.4.109 via Super Administrator Privileges Vulnerability: Out-Of-Bounds Read, Information Disclosure, and Remote Code Execution in PHOENIX CONTACT PC Worx and Config+ Windows Network Connectivity Assistant Elevation of Privilege Vulnerability Uninitialized Pointer Vulnerability in PHOENIX CONTACT PC Worx and Config+ Use-After-Free and Remote Code Execution Vulnerability in PHOENIX CONTACT PC Worx and Config+ SQL Injection Vulnerability in dotCMS before 5.1.6 via view_unpushed_bundles.jsp Double Free Vulnerability in VLC Media Player's Matroska Demuxer Unprivileged Member Package Injection Vulnerability in Alpine Linux abuild Insecure Permissions in Zoho ManageEngine Suite: Privilege Escalation Vulnerability Clickjacking Vulnerability in BCN Quark Quarking Password Manager 3.1.84: Allowing * within web_accessible_resources NULL pointer dereference vulnerability in i915_gem_userptr_get_pages in Linux kernel 4.15.0 on Ubuntu 18.04.2 Incorrect Access Control in KeyIdentity LinOTP before 2.10.5.3 Unauthenticated Privilege Escalation in SailPoint Desktop Password Reset 7.2 Windows Update Delivery Optimization Elevation of Privilege Vulnerability Unauthenticated Database Operations in RedwoodHQ 2.5.5 User Mode Write AV Vulnerability in Alternate Pic View 2.600 Read Access Violation Vulnerability in Alternate Pic View 2.600 Corrupted Exception Handler Chain Vulnerability in Alternate Pic View 2.600 Heap Corruption Vulnerability in Edraw Max 7.9.3 Read Access Violation Vulnerability in Edraw Max 7.9.3 User Mode Write AV Vulnerability in Delta Electronics DeviceNet Builder 2.04 User Mode Write AV Vulnerability in Delta Electronics DeviceNet Builder 2.04 Windows Remote Desktop Client Remote Code Execution Vulnerability Out-of-Bounds Write Vulnerability in BZ2_decompress in bzip2 Directory Traversal Vulnerability in Pydio Cells before 1.5.0 Allows Privilege Escalation Incomplete Cleanup of User Data Allows Data Restoration by New User Sensitive Information Exposure in Pydio Cells before 1.5.0 via Unicode Name Field Flush-and-Reload Side-Channel Vulnerability in Libgcrypt 1.8.4 AES C Implementation XSS Vulnerability in FileRun 2019.05.21 Windows Remote Desktop Client Remote Code Execution Vulnerability Authentication Token Extraction Vulnerability in Redbrick Shift through 3.4.3 Email Extraction Vulnerability in Redbrick Shift through 3.4.3 Email Extraction Vulnerability in Redbrick Shift through 3.4.3 Authentication Token Extraction Vulnerability in Redbrick Shift through 3.4.3 Reflected XSS Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 SQL Injection Vulnerability in Quest KACE Systems Management Appliance Server Center version 9.1.317 Unauthenticated Access to Video Archive on Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 Devices Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Hardcoded Root Password Vulnerability in Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 Devices Arbitrary File Read Vulnerability in GraphicsMagick before 1.3.32 CSRF Vulnerability in phpMyAdmin 4.9.0.1 Allows Unauthorized Server Deletion CSRF Bypass Vulnerability in MailEnable Enterprise Premium 10.23 XML External Entity Injection (XXE) Vulnerability in MailEnable Enterprise Premium 10.23 Directory Traversal Vulnerabilities in MailEnable Enterprise Premium 10.23 Inadequate Access Control Vulnerability in MailEnable Enterprise Premium 10.23 Stored and Reflected Cross-Site Scripting (XSS) Vulnerability in MailEnable Enterprise Premium 10.23 QEMU QMP Command Injection Vulnerability QEMU 4.0.0 and Earlier: QMP Guest_Exec Command OS Command Injection Vulnerability Windows SMB Client Driver Memory Object Disclosure Vulnerability Arbitrary Web Script Injection Vulnerability in WIKINDX MENU.php Stored XSS Vulnerability in SeedDMS 5.1.11: Autocomplete Search Form Escaping Issue Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability in wp-code-highlightjs Plugin XSS Vulnerability in Shopware Backend Login DNS Rebinding Vulnerability in BlueStacks App Player 2, 3, and 4 Buffer Overflow in gsudo Allows Local Privilege Escalation via DISPLAY Environment Variable Ineffective .htaccess Protection in Roundcube Component of Analogic Poste.io 2.1.6 Allows Unauthorized Access to Logs SQL Injection Vulnerability in LiveZilla Server before 8.0.1.1 via p_ext_rse parameter in server.php Windows Secure Boot Security Feature Bypass Vulnerability Denial of Service Vulnerability in LiveZilla Server 8.0.1.1: Memory Consumption in knowledgebase.php Vulnerability: Brute-Force and Dictionary Attack on AutoPi Wi-Fi/NB and 4G/LTE Devices TTLock Vulnerability: Unrestricted Guest Access in Offline Cloud Connection Scenarios TTLock Devices: Password-Reset Vulnerability and Sensitive Information Disclosure Vulnerability: Unrestricted Guest Access in Glue Smart Lock 2.7.8 Devices SQL Injection Vulnerability in Elcom CMS before 10.7 via EventSearchByState.aspx and EventSearchAdv.aspx Polycom UC Software: Remote Code Execution and DoS Vulnerability Arbitrary Code Execution via XSS in pfSense 2.4.4-p2 and 2.4.4-p3 Unsafe Data Input Vulnerability in Microsoft SharePoint Cross-Site Scripting (XSS) Vulnerability in TeamPass 2.1.27.35 via Crafted CSV File Import Critical Heap-Based Buffer Overflow in Mongoose's parse_mqtt() Function Inconsistent Failure Delay Vulnerability in Dropbear 2011.54 through 2018.76 SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) Authenticated XSS Vulnerability via Crafted onerror Attribute in ALERT Action Buffer Over-read Vulnerability in Xpdf 4.01.01's FoFiType1C::convertToType1 Function Heap-Based Buffer Over-Read Vulnerability in Xpdf 4.01.01 SSRF Vulnerability in Zoho ManageEngine AssetExplorer 6.2.0 and Earlier Unsafe Data Input Vulnerability in Microsoft SharePoint SQL Injection Vulnerability in LiveZilla Server before 8.0.1.1 via p_dt_s_d Parameter CSV Injection Vulnerability in LiveZilla Server Export Function XSS Vulnerability in LiveZilla Server 8.0.1.1 and Earlier via Accept-Language Header XSS Vulnerability in LiveZilla Server's chat.php Create Ticket Action XSS Vulnerability in LiveZilla Server Ticket.php Subject Field Arbitrary Code Execution Vulnerability in FeHelper (CVE-2019-XXXX) Incorrect Access Control in Stephan Mooltipass Moolticute through 0.42.1 Vulnerability in Sonic Robo Blast 2 (SRB2) Plugin Allows Remote Crash in Doomseeker Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in SquirrelMail 1.4.22 and 1.5.x Unrestricted File Upload Vulnerability in BKS EBK Ethernet-Buskoppler Pro before 3.01 Heap-based Buffer Over-read in GNU Binutils 2.32 Excessive Iteration Denial of Service Vulnerability in OpenJPEG 2.3.1 NULL Pointer Dereference Vulnerability in ImageMagick 7.0.8-34 Memory Leak Vulnerability in ImageMagick 7.0.8-34's WriteDPXImage Function Memory Leak in ImageMagick's ReadPCLImage Function Uninitialized Value Vulnerability in ImageMagick 7.0.8-34 WriteJP2Image Function Uninitialized Value Vulnerability in ImageMagick 7.0.8-34's ReadPANGOImage Function Uninitialized Value Vulnerability in ImageMagick 7.0.8-34's SyncImageSettings Function Chakra Scripting Engine Remote Code Execution Vulnerability Integer Overflow in SWFInput_readSBits Function in Ming 0.4.8 Fill Overflow Vulnerability in Ming (libming) 0.4.8 Heap Buffer Overflow and Underflow in libming 0.4.8's decompileCAST Function in util/decompile.c NULL Pointer Dereference Vulnerability in Linux Kernel NFC Netlink Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 1 of 6) Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 2 of 6) Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 3 of 6) Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 4 of 6) SQL Injection Vulnerability in Citrix SD-WAN and NetScaler SD-WAN Edge HTML Information Disclosure Vulnerability Directory Traversal Vulnerability in Citrix SD-WAN and NetScaler SD-WAN Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 5 of 6) Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 6 of 6) SSRF Vulnerability in Zoho ManageEngine AssetExplorer 6.2.0 via AJaxServlet Access Token Mishandling in Istio 1.2.2: Exploitable Segmentation Fault in jwt_authenticator.cc XML Import Mappings Vulnerability: Unsafe DOCTYPE Declarations in Mendix 7.23.5 and Earlier Privilege Escalation via Environment Variable Injection in Loopchain C-Lightning Vulnerability: Incorrect Access Control Leads to Fund Loss Incorrect Access Control in Lightning Network Daemon (lnd) before 0.7 leads to fund loss vulnerability. Chakra Scripting Engine Remote Code Execution Vulnerability Eclair 0.3 Vulnerability: Loss of Funds Due to Incorrect Access Control Unauthorized Comment Addition in GitLab Snippets Unauthorized Access to Pipeline Information in GitLab Community and Enterprise Edition 11.10 through 12.0.2 GitLab CI Vulnerability: Uncontrolled Resource Consumption in Parser Improper Handling of Encoded Characters Leads to Comments Section Inaccessibility (Issue 1 of 2) Unauthorized Disclosure of Restricted User, Group, and Repository Metadata in GitLab Incorrect Access Control Allows Unauthorized Access to Merge Request Information Uncontrolled Resource Consumption in GitLab Community and Enterprise Edition 11.11 through 12.0.2 Improper Permission Settings in GitLab Community and Enterprise Edition Allows Unauthorized Access to Uploaded Files .NET Core Denial of Service Vulnerability GitLab Enterprise Edition 8.3 through 12.0.2 Color Codes Decoder Resource Depletion Vulnerability Excessive Algorithmic Complexity in GitLab Merge Requests Template Names Enumeration Insecure Directory and File Permissions in GNOME GLib (glib2.0) Local Privilege Escalation Vulnerability in Little Snitch Versions 4.3.0 to 4.3.2 Vulnerability in Little Snitch Privileged Helper Tool Allows Persistence ASP.NET Core Elevation of Privilege Vulnerability Tightrope Media Carousel before 7.1.3 Vulnerability: SSRF in CarouselAPI/v0/fetch?url= Unprotected Storage of Administrative Passwords in Bond JetSelect Vulnerability: Privilege Escalation in Bond JetSelect through Password Reversal HTML Password Field Obfuscation Vulnerability in Bond JetSelect Arbitrary Command Execution in Centreon Monitoring System Improper Input Validation in Compal CH7465LG Cable Modem Allows Remote Command Execution SQL Injection Vulnerability in OXID eShop 6.0.x and 6.1.x SQL Injection Vulnerability in Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 Remote Code Execution and File Deletion Vulnerability in eID Client Web Server Stored Cross-site scripting (XSS) vulnerabilities in REDCap 8 and 9 before 8.10.20 and 9.1.2 Windows AppX Deployment Server Junction Handling Elevation of Privilege Vulnerability Uncontrolled Admin Access and Information Disclosure in eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' XML External Entity (XXE) Vulnerability in LemonLDAP::NG Notification Server NULL Pointer Dereference Vulnerability in FlightCrew Library License Key Exposure during Data Upload in CISOfy Lynis Local Privilege Escalation in Artica Pandora FMS 7.0 NG before 735 Open Redirect Vulnerability in mod_auth_mellon through 0.14.2 via login?ReturnTo= substring Use After Free Vulnerability in Irssi with SASL Login Insecure LD_LIBRARY_PATH Handling in ToaruOS Linker Arbitrary Kernel Page Mapping Vulnerability in ToaruOS Denial of Service Vulnerability in ToaruOS Kernel/sys/syscall.c Arbitrary Kernel Page Mapping Vulnerability in ToaruOS 1.10.10 Team Foundation Server Cross-site Scripting Vulnerability Persistent Denial of Service Vulnerability in SKS Keyserver Network Command Injection Vulnerability in Pi-Hole 4.3 Live Decryption Vulnerability in Logitech Unifying Devices: Exploiting Sniffed Pairing for Keyboard Receiver Logitech Unifying Devices Vulnerability: Keystroke Injection and Encryption Bypass Logitech R500 Presentation Clicker Vulnerability: AES Key Disclosure and Keystroke Injection Logitech Unifying Devices Vulnerability: Live Decryption of RF Transmissions via AES Key Dumping CSRF Vulnerability in CyberPanel Allows Unauthorized Modification of Administrator Credentials OpenLDAP Server Privilege Escalation Vulnerability Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability File Disclosure and Remote File Inclusion Vulnerability in Sahi Pro 8.0.0 Reflected XSS Vulnerability in Sahi Pro 8.0.0 Script Manager Arena Buffer Over-read Vulnerability in njs through 0.3.3 HTML Injection in Panel Drilldown Links in Grafana before 6.2.5 Local Privilege Escalation to SYSTEM via Insecure ProgramData Folder in extenua SilverSHielD 6.x Chakra Scripting Engine Remote Code Execution Vulnerability Stored XSS Vulnerability in CyberPower PowerPanel Business Edition 3.4.0 Agent/Center Component CSRF Vulnerability in CyberPower PowerPanel Business Edition 3.4.0 Agent/Center Component Stored XSS vulnerability in ZoneMinder 1.32.3 Filters Page (Name Field) Memory Exhaustion Vulnerability in MikroTik Router FTP Daemon Tor Browser Information Exposure Vulnerability SQL Injection Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 XSS Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 SQL Injection Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 SQL Injection Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 Chakra Scripting Engine Remote Code Execution Vulnerability XSS Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 XSS Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 Remote Code Execution in Chamilo LMS 1.11.8 and 2.x through Unauthenticated File Upload XnView Classic 2.48 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in XnView Classic 2.48 User Mode Write AV Vulnerability in XnView Classic 2.48 SQL Injection Vulnerability in CSZ CMS 1.2.2: Bypassing CSRF Protection in member/login/check Endpoint Windows Hyper-V Network Switch Privilege Escalation Vulnerability Insecure Storage of User Wallet Keystore in TronLink Wallet 2.2.0 Insecure Input Verification in Cat Runner Decorate Home API Insecure Password Logging in TronLink Wallet 2.2.0 Insecure Storage of Confidential Information in Momo Application 2.1.9 for Android Windows Hyper-V Network Switch Privilege Escalation Vulnerability Insecure Storage of Confidential Information in Send Anywhere Android App Unauthenticated Access and Data Modification Vulnerability in D-Link DIR-600M Devices Infinite Recursion Vulnerability in Das U-Boot Versions through 2019.07-rc4 Stack Overflow Vulnerability in Das U-Boot Versions 2016.11-rc1 through 2019.07-rc4 Double-Free Vulnerability in Das U-Boot Versions 2019.07-rc1 through 2019.07-rc4 Stack Buffer Overflow in Das U-Boot Versions 2016.09 through 2019.07-rc4 Multiple Integer Overflows in MATIO Library (Versions < 1.5.16) Integer Overflow Denial of Service Vulnerability in Exiv2 Integer Overflow Vulnerability in Exiv2: Denial of Service via Crafted PNG Image Windows Imaging API Remote Code Execution Vulnerability Integer Overflow and Out-of-Bounds Read Vulnerability in Exiv2 (CVE-2020-13139) WebPImage::decodeChunks Integer Overflow Vulnerability Uncontrolled Memory Allocation Vulnerability in Exiv2 through 0.27.1 Denial of Service Vulnerability in Exiv2 through 0.27.1 via Invalid Data Location in CRW Image File Denial of Service Vulnerability in Exiv2 HTTP Module Integer Overflow in libssh2's kex_method_diffie_hellman_group_exchange_sha256_key_exchange Java Deserialization Vulnerability in MuleSoft Mule Community Edition Runtime Engine before 3.8 Uninitialized Read Vulnerability in xsl:number Format Strings in libxslt 1.1.33 Stack Data Read Vulnerability in libxslt 1.1.33 Arbitrary Memory Leakage Vulnerability in Amazon FreeRTOS MQTT Message Handling SSRF Vulnerability in GitLab Enterprise Edition: Incorrect Access Control in GitHub Project Integration Cross Site Scripting (XSS) Vulnerability in Patchwork v1.1 through v2.1.x Uncontrolled Recursion Vulnerability in Foxit Reader 9.6.0.25114 and Earlier Uncontrolled Recursion Vulnerabilities in Foxit Reader 9.6.0.25114 and Earlier PIE Compilation Vulnerability in Tencent Habo Allows Evasion of Dynamic Malware Analysis Integer Overflow Vulnerability in NATS Server 2.0.2 and Earlier XSS Vulnerability in mxGraph Plugin for draw.io Diagrams Command Injection Vulnerability in D-Link DIR-823G Firmware 1.02B03 Stack Consumption Vulnerability in Motorola Router CX2L MWR04L 1.01 scopd via TCP and UDP Ports 8010 and 8080 SQL Server Management Studio Information Disclosure Vulnerability Remote Command Execution in Super Micro SuperDoctor 5 via NRPE Stack Overflow Vulnerability in ZeroMQ libzmq Memory Leak Vulnerability in ImageMagick's ReadBMPImage Function Memory Leak Vulnerability in ImageMagick's ReadVIFFImage Function Uninitialized Value Vulnerability in ImageMagick's ReadCUTImage Function Integer Overflow Vulnerability in ImageMagick's TIFFSeekCustomStream Function Memory Leak Vulnerability in ImageMagick's ReadPSImage Function Command Injection in Docker Build Process via Remote Git URLs Cortana Lock Screen File Access Vulnerability in Windows 10 Mobile JUCI ACL Misconfiguration in Inteno EG200 Routers Allows Extraction of 3DES Key Elevation of Privilege Vulnerability in Razer Surround 1.1.63.0 Vulnerability: Unauthenticated Ownership Takeover in Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3 CSV Injection Vulnerability in myTinyTodo 1.3.3 through 1.4.3 Unvalidated Input Vulnerability in field_test Gem 0.3.0 for Ruby NULL Pointer Dereference Vulnerability in Audio File Library 0.3.6 Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Windows Error Reporting Manager Hard Link Elevation of Privilege Vulnerability Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Stack-Based Buffer Overflow in NDrive(1.2.2).sys in Naver Cloud Explorer Arbitrary File Overwrite Vulnerability in Naver Vaccine 2.1.4 Windows Setup Privilege Escalation Vulnerability Denial of Service Vulnerability in Asterisk Open Source through 16.4.0 Fujitsu TLS Library Man-in-the-Middle Vulnerability QEMU Network Interface Name ACL Bypass Vulnerability Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 IPP Service Account Lockout Vulnerability in Xerox Phaser 3320 V53.006.16.000 Printers Multiple Stored XSS Vulnerabilities in Xerox Web Application: Session Hijacking and Unwanted Actions Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 IPP Service Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 Printers Windows Hard Link Handling Vulnerability Xerox Phaser 3320 V53.006.16.000 Printer CSRF Vulnerability Stack-based Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 Printer's Google Cloud Print Implementation Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 Printers' Authentication Cookie Arbitrary File Overwrite Vulnerability in fstream.DirWriter() Function Open Redirect Vulnerability in Read the Docs (Versions before 3.5.1) XXE Vulnerability in 3CX Phone System Management Console Static String Misuse in Verification Process of Django REST Registration Library Race Condition in LUKS Encryption Keyfile Creation and Permission Setting in Calamares versions 3.1 through 3.2.10 Insecure Keyfile Copying in Calamares Versions 3.1 through 3.2.10 TLS Session Spoofing Vulnerability CSV Injection Vulnerability in SolarWinds Serv-U FTP Server v15.1.7 Web UI Stored XSS Vulnerability in SolarWinds Serv-U FTP Server 15.1.7 Web UI CSRF Vulnerability in Flarum before 0.1.0-beta.9 Allows Unauthorized Admin Settings Modification Stored XSS vulnerability in MiniCMS V1.10 via tags box leading to cookie theft Unauthenticated Arbitrary File Upload Vulnerability in Symphony CMS Rich Text Formatter Extension Unauthenticated User Access Control Bypass in Knowage through 6.1.1 XSS Vulnerability in Knowage through 6.1.1 via start_url or user_id Field in ChangePwdServlet Page Windows Error Reporting File Execution Elevation of Privilege Vulnerability CAPTCHA Bypass Vulnerability in Knowage through 6.1.1 Signup Page SQL Injection Vulnerability in IntraMaps MapControl 8 via /ApplicationEngine/Search/Refine/Set Page Heap Buffer Overflow Vulnerability in Brother Printers' IPP Service Stack Buffer Overflow Vulnerability in Brother HL-L8360CDW v1.20 Printer Web Server Information Disclosure Vulnerabilities in Brother HL-L8360CDW v1.20 Printer Path Traversal Vulnerability in Kyocera Printer Web Application Buffer Overflow Vulnerability in Kyocera Printers: Remote Code Execution and Denial of Service Exploit Buffer Overflow Vulnerability in Kyocera ECOSYS M5526cdw Printer Stored XSS Vulnerability in Kyocera Printer Web Application CSRF Vulnerability in Kyocera Printers Allows Local Account Takeover Windows Authentication Handling Elevation of Privilege Vulnerability Reflected XSS Vulnerability in Kyocera Printer Web Application Allows Session Hijacking and Unwanted Actions Buffer Overflow Vulnerability in Kyocera ECOSYS M5526cdw LPD Service Buffer Overflow Vulnerability in Kyocera ECOSYS M5526cdw Printers Kyocera Printer Integer Overflow Vulnerability: Remote Code Execution and Denial of Service Multiple Buffer Overflow Vulnerabilities in Kyocera ECOSYS M5526cdw IPP Service Unauthenticated Access to Sensitive Configuration Files in Kyocera Printers Buffer Overflow Vulnerability in Kyocera Printers: Document Boxes Functionality Stack-based Buffer Overflow in dname_concatenate() function in NSD 4.2.0 Privilege Escalation via WavesSysSvc in Waves MAXX Audio Rancher 2 through 2.2.4 Cross-Site Websocket Hijacking Vulnerability Windows CloudStore File DACL Elevation of Privilege Vulnerability Heap Buffer Overflow in stb_vorbis: Arbitrary Code Execution via Crafted Ogg Vorbis File Division by Zero Vulnerability in stb_vorbis: Denial of Service via Crafted Ogg Vorbis File NULL Pointer Dereference Vulnerability in stb_vorbis: Denial of Service via Crafted Ogg Vorbis File Windows Authentication Handling Elevation of Privilege Vulnerability Uninitialized Stack Variables Vulnerability in stb_vorbis: Denial of Service and Information Disclosure Stack Buffer Overflow in stb_vorbis: Denial of Service and Arbitrary Code Execution Out-of-Bounds Read Vulnerability in stb_vorbis Allows Denial of Service and Information Disclosure Denial of Service Vulnerability in stb_vorbis through 2019-03-04 Use-After-Free Vulnerability in Oniguruma 6.9.2 Allows Information Disclosure, Denial of Service, and Possible Code Execution NULL Pointer Dereference Vulnerability in Oniguruma 6.9.2 Race condition vulnerability in deepin-clone allows for arbitrary file system mounting and denial of unmount Symlink Attack Vulnerability in deepin-clone Privilege Escalation via Symlink Attack in deepin-clone Symlink Attack Vulnerability in deepin-clone Windows Update Client Privilege Escalation Vulnerability Denial of Service Vulnerability in Info-ZIP UnZip 6.0: The 'Better Zip Bomb' Issue Race Condition Vulnerability in Linux Kernel Allows Use-After-Free Access to LDT Entry XSS Vulnerability in Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5 Search Engine XSS Vulnerability in Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5 Login Form Multiple Reflected and Stored XSS Vulnerabilities in Alkacon OpenCms 10.5.4 and 10.5.5 Management Interface Multiple Local File Inclusion Vulnerabilities in Alkacon OpenCms 10.5.4 and 10.5.5 Memory Allocation Failure in Bento4 1.5.1.0 Leads to Crashes Cross-Site Scripting (XSS) Vulnerability in User Picture of GLPI before 9.4.3 IPv6 Flowlabel Information Disclosure Vulnerability Password Reset Vulnerability in GLPI Directory Traversal Vulnerability in FlightCrew v0.9.2 and Older IrfanView 4.52 User Mode Write AV Vulnerability IrfanView 4.52 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in FastStone Image Viewer 7.0 User Mode Write AV Vulnerability in FastStone Image Viewer 7.0 User Mode Write AV Vulnerability in FastStone Image Viewer 7.0 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability User Mode Write AV Vulnerability in ACDSee Free 1.1.21 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 XnView Classic 2.48 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in XnView Classic 2.48 User Mode Write AV Vulnerability in XnView Classic 2.48 User Mode Write AV Vulnerability in XnView Classic 2.48 XnView Classic 2.48 User Mode Write AV Vulnerability XnView Classic 2.48 User Mode Write AV Vulnerability XnView Classic 2.48 User Mode Write AV Vulnerability Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability XnView Classic 2.48 User Mode Write AV Vulnerability XnView Classic 2.48 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in XnView Classic 2.48 Insufficient Compartmentalization in D-link DIR-825AC G1 Devices Allows Cross-Router Data Encoding via DHCP Transaction ID Field Insufficient Compartmentalization in D-link DIR-825AC G1 Devices: Exploiting IGMP Protocol for Unauthorized Data Transfer ARP Forwarding Vulnerability in D-link DIR-825AC G1 Devices Allows Covert Channel Communication Insufficient Compartmentalization in TP-Link Archer C3200 V1 and Archer C2 V1 Devices: Cross-Router Data Encoding Vulnerability Insufficient Compartmentalization in TP-Link Archer C3200 V1 and Archer C2 V1 Devices: Unauthorized Data Transfer via IGMP Protocol Insufficient Compartmentalization and ARP Forwarding Vulnerability in TP-Link Archer C3200 V1 and Archer C2 V1 Devices Insufficient Compartmentalization in Edimax BR-6208AC V1 Devices Allows Cross-Router Data Encoding via DHCP Transaction ID Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-XXXX) Insufficient Compartmentalization in Edimax BR-6208AC V1 Devices Allows Unauthorized Data Transfer between Host and Guest Networks Insufficient Compartmentalization in Edimax BR-6208AC V1 Devices: ARP Forwarding Covert Channel Vulnerability Privilege Escalation via ptrace_link in Linux Kernel Buffer Overflow Vulnerability in Xymon CSVInfo CGI Script XSS Vulnerability in Xymon CSVInfo CGI Script Unauthenticated Blind SQL Injection in VeronaLabs wp-statistics Plugin Stack-based Buffer Overflow in TRENDnet TEW-827DRU Firmware 2.04B03 Unauthenticated Remote Setup Wizard Execution Vulnerability in TRENDnet TEW-827DRU Firmware up to 2.04B03 Multiple Command Injections in TRENDnet TEW-827DRU Firmware 2.04B03 Multiple Stack-Based Buffer Overflows in TRENDnet TEW-827DRU Firmware 2.04B03 Microsoft SharePoint Spoofing Vulnerability Stack-based Buffer Overflow in TRENDnet TEW-827DRU Firmware 2.04B03: Remote Code Execution Heap-based Buffer Overflow in Xpdf 4.01.01's DCTStream::decodeImage() Function Heap-based Buffer Over-read Vulnerability in Xpdf 4.01.01 Heap-based Buffer Over-read in Xpdf 4.01.01's FoFiType1::parse Function Host Header Injection Vulnerability in CoSoSys Endpoint Protector 5.1.0.2 Heap-based Buffer Over-read in Xpdf 4.01.01's JBIG2Stream::readTextRegionSeg() Function Out-of-Bounds Read Vulnerability in Xpdf 4.01.01's SplashXPath::strokeAdjust() Function Infinite Recursion DoS Vulnerability in Xpdf 4.01.01 Use-after-free vulnerability in Xpdf 4.01.01's JBIG2Stream::close() function Microsoft SharePoint Server Elevation of Privilege Vulnerability Heap-based Buffer Overflow in Artifex MuPDF 1.15.0's fz_append_display_node Function Heap-based Buffer Over-read Vulnerability in Xpdf 4.01.01's DCTStream::readScan() Function SQL Injection Vulnerability in webERP 4.15 Payments.php Command Execution Vulnerability in AROX School-ERP Pro: Unauthenticated User Command Execution Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Direct Memory Leaks in ImageMagick 7.0.8-50 Q16: Vulnerability in AcquireMagickMemory Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Heap-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Exploiting SetPixelViaPixelInfo in MagickCore/pixel-accessor.h Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Microsoft SharePoint Elevation of Privilege Vulnerability Heap-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Mishandling of Columns in EvaluateImages Memory Leaks in ImageMagick 7.0.8-50 Q16: Exploiting AnnotateImage Error Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Stack-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Misplaced Assignment in WritePNMImage Stack-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Misplaced strncpy and Off-by-One Error in WritePNMImage Stack-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Exploiting Off-by-One Errors in WritePNMImage Heap-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: EvaluateImages Vulnerability Heap-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16's ComplexImage Function Memory Leaks in ImageMagick 7.0.8-50 Q16: Vulnerability in AcquireMagickMemory Microsoft Excel Remote Code Execution Vulnerability Memory Leaks in ImageMagick 7.0.8-50 Q16: Vulnerability in MagickWand/mogrify.c Memory Leaks in ImageMagick 7.0.8-50 Q16: AcquireMagickMemory Vulnerability Heap-Based Buffer Over-Read in block_cmp() Function in FFmpeg 4.1.3 Local Privilege Escalation: Credentials Exposure via libosinfo 1.5.0 Process Listing Local Privilege Escalation: Root Password Disclosure in virt-bootstrap 1.1.0 Remote Code Execution Vulnerability in Foxit Reader 9.5.0.20723 (ZDI-CAN-8656) Remote Code Execution Vulnerability in Foxit PhantomPDF 9.5.0.20723 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.5.0.20723 Remote Code Execution Vulnerability in Foxit Reader 9.5.0.20723 via util.printf Method Arbitrary Code Execution via XFA Forms Processing in Foxit Reader 9.5.0.20723 Microsoft SQL Server Reporting Services XSS Vulnerability Arbitrary Code Execution Vulnerability in Foxit Reader 9.5.0.20723 Captive Portal HTML Response Remote Code Execution Vulnerability in Xiaomi Browser Arbitrary Code Execution via Xiaomi Browser Prior to 10.4.0 Arbitrary Code Execution via TIF File Handling in Foxit Studio Photo 3.6.6.909 Arbitrary Code Execution via TIFF File Handling in Foxit Studio Photo 3.6.6.909 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.909 via EPS File Handling (ZDI-CAN-8922) Arbitrary Code Execution Vulnerability in Foxit Reader 9.5.0.20723 Arbitrary Code Execution Vulnerability in Foxit Reader 9.5.0.20723 Arbitrary Code Execution Vulnerability in Foxit Reader 9.5.0.20723 Arbitrary Code Execution via Type Confusion in Foxit Reader 9.5 Critical Remote Code Execution Vulnerability in Windows Remote Desktop Client Arbitrary Code Execution via Type Confusion in Foxit Reader 9.5.0.20723 Arbitrary Code Execution via JPG Parsing in Foxit Reader 9.5.0.20723 Arbitrary Code Execution via XFA Form Template Processing in Foxit Reader 9.6.0.25114 Arbitrary Code Execution via DXF to PDF Conversion in Foxit PhantomPDF 9.5.0.20723 Arbitrary Code Execution via DXF to PDF Conversion in Foxit PhantomPDF 9.5.0.20723 SSRF Vulnerability in SalesAgility SuiteCRM 7.10.x and 7.11.x Remote Command Execution Vulnerability in dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 Bypassing Site-Wide Basic Authentication in WESEEK GROWI Password Hash Retrieval through Unauthorized API Calls in WESEEK GROWI Stored XSS Vulnerability in MiniCMS V1.10 Allows Cookie Theft Windows Kernel Object Memory Handling Vulnerability Stored XSS vulnerability in MiniCMS V1.10 via mc-admin/post-edit.php content box Stored XSS Vulnerability in MiniCMS V1.10 Allows Cookie Theft via mc-admin/conf.php Comment Box Pre-Authentication Path Traversal Arbitrary File Download in Butor Portal Authentication Bypass Vulnerability in CRUDLab WP Like Button Plugin XSS Vulnerability in Squid's cachemgr.cgi Web Module Cross-Site Scripting (XSS) Vulnerability in MyT 1.5.1 User[username] Parameter SAML Single Sign On Plugin Account Reactivation Vulnerability Cleartext Data Source Credentials Exposure in Knowage through 6.1.1 User Password Hashes Exposed in Knowage through 6.1.1 Chakra Scripting Engine Remote Code Execution Vulnerability Double File Descriptor Close Vulnerability in libjack in JACK2 1.9.1 through 1.9.12 Static, Hard-Coded Cryptographic Secret in WolfVision Cynap Allows Remote Password Reset Code-execution backdoor vulnerability in strong_password gem 0.0.7 for Ruby Insecure Access Control in Total Defense Anti-virus 9.0.0.773 Allows Privilege Escalation Insecure Access Control in Total Defense Anti-virus 9.0.0.773 Allows Privilege Escalation Local Privilege Escalation Vulnerability in Total Defense Anti-virus 9.0.0.773 XXE vulnerability in OpenCats allows remote file read access via uploaded docx or odt files Privilege Escalation Vulnerability in CentOS Web Panel 0.9.8.836 Windows Update Client Privilege Escalation Vulnerability Authentication Bypass Vulnerability in CentOS Web Panel 0.9.8.836 Insecure Permissions Vulnerability in Smanos W100 1.0.0 Devices Stack-Based Buffer Overflow in Codedoc v3.2's add_variable Function Cross-Site Scripting (XSS) Vulnerability in Piwigo 2.9.5 via admin.php?page=notification_by_mail Cross-Site Scripting (XSS) Vulnerability in admin.php?page=account_billing in Piwigo 2.9.5 Windows Update Client Memory Handling Vulnerability CSRF Vulnerability in Ignited CMS Allows Unauthorized Administrator Addition Arbitrary PHP Code Execution via Username Field in D-Link Central WiFi Manager CWM(100) Arbitrary SQL Execution Vulnerability in D-Link Central WiFi Manager CWM(100) Cross-Site Scripting (XSS) Vulnerability in D-Link Central WiFi Manager CWM(100) Unauthenticated SQL Injection in D-Link Central WiFi Manager CWM(100) CSRF Token Hijacking and Stored XSS in phpBB 3.2.7 Remote Avatar Feature Side-Channel Vulnerability in SAE and EAP-pwd Implementations Privilege Escalation via Default Credentials on AVTECH Room Alert 3E Devices NTLMv2 Security Feature Bypass Vulnerability XSS Vulnerability in KEYNTO Team Password Manager 1.5.0 Arbitrary File Symbolic Link Vulnerability in SnagIT 2019.1.2 Username Enumeration Vulnerability in CentOS Web Panel 0.9.8.846 File and Directory Information Exposure in CentOS Web Panel 0.9.8.840 Filemanager Hidden action=9 feature in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846 allows for remote command execution Reflected XSS Vulnerability in CentOS Web Panel 0.9.8.846's filemanager2.php (fm_current_dir Parameter) Lack of XSS Protection Mechanisms in RainLoop Webmail before 1.13.0 Windows Error Reporting Manager Hard Link Elevation of Privilege Vulnerability Division by Zero Vulnerability in FFmpeg 4.1.3 Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Reflected Cross-Site Scripting (XSS) Vulnerability in MindPalette NateMail 3.0.15 Default Passphrase Vulnerability in Voo Branded NETGEAR CG3700b Custom Firmware V2.02.03 Clear Text HTTP Basic Authentication Vulnerability in Voo Branded NETGEAR CG3700b Custom Firmware V2.02.03 Vulnerability: CSRF Exploit in Voo branded NETGEAR CG3700b Custom Firmware V2.02.03 Directory Traversal and Local File Inclusion Vulnerability in FlightPath 4.x and 5.0-x Unauthenticated Stored XSS in osTicket 1.10.1: Remote Code Injection via Support Ticket Creation Remote Code Execution in Dynacolor FCM-MB40 v1.2.0.0 Devices via CGI Script Injection Hard-coded SSL/TLS Key Vulnerability in Dynacolor FCM-MB40 v1.2.0.0 Devices Windows AppX Deployment Server File Creation Elevation of Privilege Vulnerability Cleartext Storage of Administrative Web-Interface Credentials in Dynacolor FCM-MB40 v1.2.0.0 CSRF Vulnerability in Dynacolor FCM-MB40 v1.2.0.0 Devices Incomplete Factory-Reset Process Allows Persistence of Backdoor on Dynacolor FCM-MB40 v1.2.0.0 Devices Broken Access Control Vulnerability in Temenos CWX Version 8.9 Allows Unauthorized User Information Viewing Default Directory Vulnerability in Python MSI Installer Insecure ADB Service Exploit: Unauthorized Access and Device Compromise Arbitrary APK Installation Vulnerability in Advan VD-1 Firmware Reflected XSS Vulnerability in Advan VD-1 Firmware Versions up to 230 Relative Path Traversal Vulnerability in Advan VD-1 Firmware (Up to Version 230) Allows Unauthorized File Downloads Union-Based SQL Injection Vulnerability in TOPMeeting 8.8 (2019/08/19) Windows Power Service Registry Restore Key Elevation of Privilege Vulnerability Exposure of Attendees' Account and Password in TOPMeeting (before version 8.8) HiNet GPON Firmware < I040GWR190731: Arbitrary Command Execution via Port 3097 Arbitrary File Read Vulnerability in HiNet GPON Firmware (CVE-2021-XXXX) SQL Injection Vulnerability in Rencontre Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Rencontre Plugin for WordPress Unauthorized Data Access Vulnerability in Search Guard Versions Prior to 24.3 with Cross Cluster Search (CCS) Enabled Authentication Bypass Vulnerability in Search Guard Versions Before 24.3 with Cross Cluster Search (CCS) Enabled Field Name Leakage in Search Guard Versions Before 24.0 Improper Anonymization of String Arrays in Search Guard Versions Before 24.0 Clear Text Value Leakage in Search Guard Versions Before 23.1 Windows Error Reporting Manager Elevation of Privilege Vulnerability Timing Side Channel Vulnerability in Search Guard Versions Before 21.0 User Password Hash Retrieval Vulnerability in Search Guard Versions Before 23.1 Kibana Plugin Redirect Vulnerability Authentication Bypass Vulnerability in Search Guard Kibana Plugin Windows Object Memory Handling Denial of Service Vulnerability Memory Object Disclosure Vulnerability in Windows Code Integrity Module Integer Overflow in parseOptions() Function in ROS Communications Packages SQL Injection Vulnerability in Sertek Xpare 3.67 Login Form Unsanitized Input Data in Sertek Xpare 3.67 Login Form Allows XSS Exploitation Zoom Client Denial of Service Vulnerability via Invalid Launch Requests Windows Kernel Object Memory Handling Vulnerability Remote Camera Activation Vulnerability in Zoom Client and RingCentral on macOS Buffer Overflow Vulnerability in Xymon through 4.3.28's history.c Buffer Overflow Vulnerability in Xymon reportlog.c Denial of Service Vulnerability in Zipios before 0.1.7 Division by Zero Vulnerability in ImageMagick 7.0.8-54 Q16's RemoveDuplicateLayers Function Stack-based Buffer Overflow Vulnerability in Xymon Alert Acknowledgment CGI Tool EAP-pwd Password Recovery Vulnerability in FreeRADIUS 3.0 through 3.0.19 Information Disclosure Vulnerability in OTRS 7.0.x through 7.0.8 Information Disclosure Vulnerability in OTRS Notification Tags Windows Object Memory Handling Denial of Service Vulnerability Insecure Direct Object Reference vulnerability in PrestaShop before 1.7.6.0 RC2 (PrestaShop bug #14444) allows for customer information leakage during checkout. Unauthenticated SQL Injection in Lansweeper before 7.1.117.4 XSS Vulnerability in Simple Link Directory Plugin for WordPress Bypassing PHP Script Uploads Rules with X.Filename in OWASP ModSecurity CRS 3.0.2 Denial of Service Vulnerability in ROS Communications Package Incorrect Access Control in Western Digital and SanDisk SSD Dashboards Arbitrary File Substitution Vulnerability in Western Digital and SanDisk SSD Dashboard Windows Object Memory Handling Denial of Service Vulnerability Out-of-Bounds Read Vulnerability in MatrixSSL before 4.2.1 XSS Vulnerabilities in PHPWind 9.1.0's index.php File Parameters Undocumented TELNET Service in BusyBox Subsystem Allows Root Access in TELESTAR and Imperial Devices Insufficient Access Control Vulnerability in TELESTAR DAB Radios MobaXterm 11.1 URI Handler Argument Injection Vulnerability XSS Vulnerability in CentOS Web Panel 0.9.8.837 Allows Low-Privilege User to Gain Root Access CSRF Vulnerability in CentOS Web Panel 0.9.8.837 Allows Unauthorized Password Change for Root Account Unfiltered HTML Vulnerability in Yoast SEO Plugin for WordPress Arbitrary Path Overwrite Vulnerability in Git's fast-import Command Injection Vulnerability in D-Link DIR-818LW Firmware 2.06betab01 Command Injection Vulnerability in D-Link DIR-818LW Firmware 2.06betab01 JWT Signature Validation Bypass in Auth0 Passport-SharePoint Buffer Overflow Vulnerability in Xymon Status-Log Viewer CGI Stack-based Buffer Overflow Vulnerability in Xymon History Viewer Stack-based Buffer Overflow in Xymon Status-Log Viewer Component Cross-Site Scripting (XSS) Vulnerability in Trape's trape.js Allows Arbitrary Code Injection SQL Injection Vulnerability in Trape (2019-05-08) via data[2] Variable in core/db.py Git for Visual Studio Remote Code Execution Vulnerability Persistent XSS Vulnerability in Sitecore 9.0 rev 171002 Media Library and File Manager Stack-based Buffer Overflow in Castle Rock SNMPc Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Zyxel XGS2210-52HP Firmware Version 4.50 OTP Bypass Vulnerability in One Identity Cloud Access Manager CSRF Vulnerability in One Identity Cloud Access Manager Missing HTTP Strict Transport Security (HSTS) in One Identity Cloud Access Manager 8.1.3 allows for MITM attacks Git for Visual Studio Remote Code Execution Vulnerability Heap-Based Buffer Over-Read in mq_parse_http function of Mongoose 6.15 Out-of-Bounds Read Vulnerability in Exiv2::MrwImage::readMetadata XSS Vulnerability in Appointment Hour Booking Plugin 1.1.44 for WordPress via E-mail Field (email_1) XSS Vulnerability in @nuxt/devalue before 1.2.3 SQL Injection Vulnerability in hidea.com AZ Admin 1.0 news_det.php?cod= Buffer Overflow Vulnerability in FreeTDS 1.1.11 Potential Information Leakage in Docker Engine Debug Mode Virtual drive path tampering vulnerability in Git for Visual Studio USE AFTER FREE vulnerability in Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier Information Exposure in Rockwell Automation Arena Simulation Software Out-of-Bounds Read Vulnerability in Fuji Electric FRENIC Loader 3.5.0.0 and Prior Multiple Out-of-Bounds Read Vulnerabilities in Delta Industrial Automation DOPSoft Use-after-free vulnerability in Delta Industrial Automation DOPSoft allows for remote code execution and information disclosure Sensitive Information Disclosure in OSIsoft PI Web API 2018 and earlier versions Cross-Site Request Forgery Protection Bypass in OSIsoft PI Web API Access Privilege Expiration Vulnerability in Pyxis ES and Pyxis Enterprise Server Buffer Overflow Vulnerability in EZ Touch Editor Versions 2.1.0 and Prior Vulnerability in Rockwell Automation Arena Simulation Software version 16.00.00 and earlier allows limited information exposure Git for Visual Studio Remote Code Execution Vulnerability Alpha5 Smart Loader Multiple Buffer Overflow Vulnerabilities Vulnerability in Rockwell Automation Arena Simulation Software version 16.00.00 and earlier allows limited information exposure Memory Corruption and Code Execution Vulnerability in EZ PLC Editor Versions 1.8.41 and Prior Unauthenticated Remote Access to Web Configuration Data in Honeywell Performance IP Cameras and NVRs Denial-of-Service Vulnerability in GE PACSystems RX3i and CPE Series Unauthenticated Remote Access to Web Configuration Data in IP-AK2 Access Control Panel Authentication Bypass Vulnerability in Datalogic AV7000 Linear Barcode Scanner (Versions < 4.6.0.0) Uninitialized Pointer Vulnerability in Rockwell Automation Arena Simulation Software Privilege Escalation Vulnerability in Niagara AX and Niagara 4 Remote Code Execution Vulnerability in Sunny WebBox Firmware Version 1.6 and Prior Vulnerability: NTFS Protections Bypass in Git on Windows Subsystem for Linux (WSL) Vulnerability: Unauthorized Firmware Upload via FTP in Philips IntelliVue WLAN Patient Monitors RFID Authentication Bypass Vulnerability in Medtronic Valleylab Energy Platforms CODESYS V3 Web Server Directory Traversal Vulnerability Vulnerability: Replay Attack on Omron PLC CJ and CS Series Remote Code Execution Vulnerability in Philips IntelliVue WLAN Patient Monitors RFID Security Read Access Vulnerability in Medtronic Valleylab FT10 and Valleylab LS10 Energy Platforms Remote Code Execution Vulnerabilities in Delta Electronics TPEditor Versions 1.94 and Prior Buffer Overflow Vulnerability in IEC870IP Driver for Vijeo Citect and Power SCADA Operation CODESYS V3 Library Manager Content Display Vulnerability Insecure Password Hashing in Medtronic Valleylab Exchange Client and Energy Platforms Git for Visual Studio Remote Code Execution Vulnerability Remote Code Execution Vulnerabilities in Delta Electronics TPEditor Versions 1.94 and Prior Improper Input Validation Vulnerability in Horner Automation Cscape 9.90 and Prior NULL Pointer Dereference Vulnerability in CODESYS V3 OPC UA Server Hard-coded Credentials Vulnerability in Medtronic Valleylab Exchange Client and Energy Platforms Remote Code Execution Vulnerabilities in Delta Electronics TPEditor Versions 1.94 and Prior Buffer Overflow Vulnerability in Horner Automation Cscape 9.90 and Prior Escalation of Privileges Vulnerability in IntelliSpace Perinatal Application Environment Unauthenticated Access Vulnerability in Advantech WISE-PaaS/RMM Stack Overflow and Remote Code Execution Vulnerability in CODESYS V3 Web Server Insufficient Authentication Mechanism Allows Unauthorized Configuration Changes in Rittal Chiller SK 3232-Series Improper Authorization Vulnerability in WebAccess Versions 8.4.1 and Prior Remote Code Execution via Path Traversal in Advantech WISE-PaaS/RMM Multiple Command Injection Vulnerabilities in WebAccess Versions 8.4.1 and Prior Hard-coded Credentials Vulnerability in Rittal Chiller SK 3232-Series Web Interface Unsecured Telnet Protocol in GE Mark VIe Controller Allows Unauthorized Access Denial-of-Service Vulnerability in Mitsubishi Electric MELSEC-Q and MELSEC-L Series CPUs Stack-based Buffer Overflow Vulnerabilities in WebAccess Versions 8.4.1 and Prior Information Exposure Vulnerability in Tasy EMR WebPortal Versions 3.02.1757 and Prior Remote Code Execution Vulnerability in WebAccess Versions 8.4.1 and Prior Pre-configured Hard-Coded Credentials in GE Mark VIe Controller Allow Root-User Access Edge HTML Information Disclosure Vulnerability D-Link DIR-655 C Devices Vulnerability: Remote Attackers Can Force Blank Password Arbitrary Command Execution in D-Link DIR-655 C Devices Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-655 C Devices CSRF Vulnerability in D-Link DIR-655 C Devices Cross-Site Scripting (XSS) Vulnerability in Ping Identity Agentless Integration Kit before 1.5 OpenLDAP SASL Authentication Bypass Vulnerability Buffer Overflow Vulnerability in ROS Communications Packages Remote Code Execution via ZoomOpener Daemon on macOS Heap-Based Buffer Overflow in CImg.h: Malformed BMP Image Allocation Vulnerability Icegram Email Subscribers & Newsletters Plugin SQL Injection Vulnerability Microsoft Browser Cookie Spoofing Vulnerability AJdG AdRotate Plugin for WordPress 5.3 and Earlier: SQL Injection Vulnerability SQL Injection Vulnerability in Vsourz Digital Advanced CF7 DB Plugin for WordPress SQL Injection Vulnerability in Adenion Blog2Social Plugin for WordPress SQL Injection Vulnerability in FolioVision FV Flowplayer Video Player Plugin for WordPress Remote Command Execution Vulnerability in MiniMagick Image Processing Library SQL Injection Vulnerability in WPEverest Everest Forms Plugin for WordPress Unauthenticated Remote Buffer Overflow in MAPLE WBT SNMP Administrator v2.0.195.15 via SNMP CE Remote Feature SQL Injection Vulnerability in Impress GiveWP Give Plugin for WordPress Jet Database Engine Remote Code Execution Vulnerability Heap-based Buffer Overflow in Marvell 88W8688 Wi-Fi Firmware Allows Remote Code Execution Stack Overflow Vulnerability in Marvell 88W8688 Wi-Fi Firmware Directory Traversal Vulnerability in FANUC Robotics Virtual Robot Controller 8.23 Remote Admin Webserver Buffer Overflow Vulnerability in FANUC Robotics Virtual Robot Controller 8.23's Remote Admin Webserver Arbitrary Web Script Injection Vulnerability in WIKINDX getPagingStart() Function Code-execution backdoor vulnerability in paranoid2 gem 1.1.6 for Ruby Jet Database Engine Remote Code Execution Vulnerability Integer Overflow and NULL Pointer Dereference in SoX 14.4.2 CSRF Protection Bypass in Mirumee Saleor 2.7.0 Arbitrary Command Execution via Sahi Pro 8.0.0 Player_setScriptFile Vulnerability Remote Command Execution in Vera Edge Home Controller 1.7.4452 via LuaUPnP Username Enumeration Vulnerability in CentOS Web Panel 0.9.8.848 Integer Underflow Vulnerability in VLC Media Player Weak Encryption of Fingerprint Images in HID Global DigitalPersona U.are.U 4500 Fingerprint Reader Brute-Force Vulnerability in HID Global DigitalPersona U.are.U 4500 Fingerprint Reader v24 Allows Key Recovery and Biometric Information Leak Authentication Bypass Vulnerability in CentOS Web Panel 0.9.8.838 to 0.9.8.846 Opera Mini iOS UXSS Vulnerability via javascript: URL Navigation XXE Vulnerability in Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) Memory Object Disclosure Vulnerability in Microsoft Graphics Components Cross-Site WebSocket Hijacking (CSWSH) Vulnerability in python-engineio Vulnerability: Inconsistent SpamAssassin Checks for Large Email Messages in MDaemon Email Server Stack-based Buffer Overflow in TP-Link Wireless Router Archer Router Version 1.0.0 Build 20180502 rel.45702 (EU) and Earlier Stack-based Buffer Overflow in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and Earlier Heap-based Buffer Over-read in libebml's FindNextElement Heap-based Buffer Over-read Vulnerability in SDL (Simple DirectMedia Layer) Heap-Based Buffer Over-Read Vulnerability in njs through 0.3.3 Heap-based Buffer Over-read in GPAC before 0.8.0 Buffer Overflow Vulnerability in Wireshark ASN.1 BER Dissector Win32k Elevation of Privilege Vulnerability in Windows Kernel-Mode Driver Path Traversal Vulnerability in NSA Ghidra Allows Arbitrary File Overwrite Command Injection Vulnerability in ONOS 1.15.0 YangWebResource.java XXE (XML External Entity) Vulnerability in NSA Ghidra 9.0.1 and earlier Heap-Based Buffer Over-read in SDL 2.x through 2.0.9 ECDSA Timing Attack in libgcrypt20 Cryptographic Library Timing Side Channel Vulnerability in wolfSSL and wolfCrypt 4.0.0 and Earlier Timing Side Channel Vulnerability in MatrixSSL 4.2.1 and Earlier: Private Key Leakage in ECDSA Signature Generation Windows GDI Object Memory Information Disclosure Vulnerability Out-of-Bounds Write Vulnerability in Linux Kernel HID Report Generation Blind/Persistent XSS Vulnerability in Blinger.io v.1.0.2519 Directory Traversal Vulnerability in WP Fastest Cache Plugin Symlink Mishandling Vulnerability in GNU Patch Arbitrary Command Execution via Unsafe Search Paths in LogMeIn join.me OS Shell Command Injection in GNU Patch through 2.7.6 via Crafted Patch File Win32k Elevation of Privilege Vulnerability in Windows Kernel-Mode Driver Command Injection Vulnerability in qBittorrent before 4.1.7 Stored XSS vulnerability in EspoCRM before 5.6.4 allows remote code execution and injection Stored XSS Vulnerability in Firefly III Budget Name Stored XSS Vulnerability in Firefly III before 4.7.17.3 via Image File Names Firefly III before 4.7.17.3 Reflected XSS Vulnerability in Search Query Stored XSS Vulnerability in Firefly III before 4.7.17.3 via Unfiltered Image File Content Denial of Service Vulnerability in Linux Kernel on PowerPC Platform ExternalPort OS Command Injection in TP-Link M7350 Devices Microsoft IIS Server Elevation of Privilege Vulnerability InternalPort OS Command Injection Vulnerability in TP-Link M7350 Devices TP-Link M7350 PortMappingProtocol OS Command Injection Vulnerability TP-Link M7350 Devices OS Command Injection Vulnerability TriggerPort OS Command Injection in TP-Link M7350 Devices (Issue 5 of 5) Denial of Service Vulnerability in Imgix through 2019-06-19 Remote Code Execution Vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 Default Credential Vulnerability in CA Performance Management Default Credential Vulnerability in CA Network Flow Analysis 9.x and 10.0.x IDN Homograph Spoofing Vulnerability in Google Chrome Chakra Scripting Engine Remote Code Execution Vulnerability Chromium UI Spoofing Vulnerability: Remote Notification Spoofing in Google Chrome Chromium UI Spoofing Vulnerability: Remote Notification Spoofing in Google Chrome Bypassing Content Security Policy in Google Chrome prior to 77.0.3865.75 IDN Homograph Spoofing Vulnerability in Google Chrome Bypassing Content Security Policy in Blink in Google Chrome (CVE-2019-13699) Bypassing Multiple File Download Protection in Google Chrome (CVE-2019-13699) Cross-Origin Information Leak in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on iOS Cross-Origin Data Leakage Vulnerability in Google Chrome Developer Tools Omnibox Spoofing Vulnerability in Google Chrome (prior to 77.0.3865.75) Internet Explorer Scripting Engine Memory Corruption Vulnerability Heap Corruption Vulnerability in Google Chrome (prior to 77.0.3865.75) via Crafted HTML Page Remote Security UI Spoofing Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on iOS Cross-Origin Data Leakage Vulnerability in Google Chrome Developer Tools IDN Homograph Spoofing Vulnerability in Google Chrome Remote Code Execution Vulnerability in Google Chrome Extensions Domain Spoofing Vulnerability in Google Chrome Bypassing Site Isolation in Google Chrome: Insufficient Policy Enforcement Vulnerability Domain Spoofing Vulnerability in Google Chrome (prior to 77.0.3865.75) via Incorrect Data Validation in Downloads Remote Code Execution via Crafted PDF File Windows Secure Boot Security Feature Bypass Vulnerability TLS Vulnerability: Remote IP Address Spoofing in Google Chrome (CVE-2019-5869) Bypassing Download Restrictions in Google Chrome (CVE-2019-13699) Bypassing Same Origin Policy via Insufficient Policy Enforcement in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome Developer Tools Cross-Origin Data Leakage Vulnerability in Google Chrome (prior to 72.0.3626.81) Remote Code Execution Vulnerability in Google Chrome Prior to 77.0.3865.90 Use After Free Vulnerability in Google Chrome: Remote Heap Corruption Exploit via Crafted HTML Page Remote Code Execution Vulnerability in Google Chrome Prior to 77.0.3865.90 Remote Code Execution Vulnerability in Google Chrome Prior to 77.0.3865.90 Arbitrary Read/Write Vulnerability in Google Chrome on ChromeOS Memory Object Handling Vulnerability in Open Enclave SDK OS-level privilege escalation vulnerability in Google Chrome on ChromeOS prior to 75.0.3770.80 Omnibox Spoofing Vulnerability in Google Chrome (prior to 77.0.3865.75) Bypassing Site Isolation in Google Chrome Reader Mode Use After Free Vulnerability in IndexedDB in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome Remote Code Execution Vulnerability in Google Chrome for Android (CVE-2019-13699) Use After Free Vulnerability in Google Chrome (prior to 77.0.3865.120) Allows Remote Code Execution via Crafted HTML Page Cross-Origin Data Leakage in Google Chrome Performance APIs Heap Corruption Vulnerability in Google Chrome (prior to 73.0.3683.103) via Crafted HTML Page Remote Code Execution via Use After Free in Google Chrome Media (CVE-2019-13720) Memory Object Handling Vulnerability in Open Enclave SDK Gamepad API Out of Bounds Memory Access Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Privilege Escalation Vulnerability in Google Chrome Installer on Windows Omnibox Spoofing Vulnerability in Google Chrome on Android Bypassing Content Security Policy in Google Chrome prior to 78.0.3904.70 Cross-Origin Data Leakage via Malicious Chrome Extension PDFium Heap Corruption Vulnerability File Leakage Vulnerability in Google Chrome on Android (prior to 78.0.3904.70) via Insufficient Validation of Intents Omnibox Spoofing Vulnerability in Google Chrome on iOS Bypassing Download Restrictions in Google Chrome Prior to 78.0.3904.70 Internet Explorer Remote Code Execution Vulnerability Bypassing Download Restrictions via Crafted HTML Page in Google Chrome (CVE-2019-13720) Cross-Origin Data Leakage Vulnerability in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome CSS Injection Vulnerability in Color Enhancer Extension in Google Chrome Domain Spoofing Vulnerability in Google Chrome (CVE-2019-13720) Bypassing Navigation Restrictions in Google Chrome Service Workers Full Screen Mode Security UI Vulnerability in Google Chrome Domain Spoofing Vulnerability in Google Chrome (CVE-2019-13720) Full Screen Mode Security UI Vulnerability in Google Chrome Azure App Service Remote Code Execution Vulnerability WebAudio Use After Free Vulnerability in Google Chrome Heap Corruption Vulnerability in PDFium in Google Chrome Heap Corruption Vulnerability in WebRTC in Google Chrome (CVE-2019-13720) WebBluetooth Use After Free Vulnerability in Google Chrome (CVE-2019-13720) Out of Bounds Memory Access Vulnerability in WebBluetooth in Google Chrome Remote Code Execution Vulnerability in Bluetooth in Google Chrome Buffer Overflow Vulnerability in Google Chrome Password Manager Bypassing Same Origin Policy in WebSockets in Google Chrome (CVE-2019-13720) Heap Corruption Vulnerability in Google Chrome (prior to 79.0.3945.79) via Crafted HTML Page WebSockets Use-After-Free Vulnerability in Google Chrome PowerShell Deserialization Remote Code Execution in Microsoft Exchange Type Confusion Vulnerability in Google Chrome (prior to 79.0.3945.79) Allows Remote Heap Corruption WebAudio Use-After-Free Vulnerability in Google Chrome Remote Code Execution Vulnerability in SQLite in Google Chrome Arbitrary Code Execution via Out of Bounds Write in Google Chrome (CVE-2019-13720) PDFium Integer Overflow Vulnerability in Google Chrome Information Disclosure Vulnerability in Google Chrome Autocomplete Bypassing Site Isolation in Google Chrome: Insufficient Policy Enforcement in Navigation Domain Spoofing Vulnerability in Google Chrome Windows Error Reporting (WER) Object Memory Disclosure Vulnerability Domain Spoofing Vulnerability in Google Chrome Bypassing Same Origin Policy via Crafted Clipboard Content in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on iOS Remote Security UI Spoofing Vulnerability in Google Chrome Cross-Origin Data Leakage via Insufficient Cookie Policy Enforcement in Google Chrome Cross-Origin Data Leakage in Google Chrome Prior to 79.0.3945.79 Omnibox Spoofing Vulnerability in Google Chrome Heap Corruption Vulnerability in Google Chrome on Android (Versions prior to 79.0.3945.79) Local Information Disclosure Vulnerability in Google Chrome Developer Tools Omnibox Spoofing Vulnerability in Google Chrome on iOS Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Insufficient Data Validation in SQLite in Google Chrome: Bypassing Defense-in-Depth Measures via Crafted HTML Page Uninitialized Data Vulnerability in SQLite in Google Chrome Remote Information Disclosure Vulnerability in SQLite in Google Chrome Remote Information Disclosure Vulnerability in SQLite in Google Chrome Bypassing Navigation Restrictions in Google Chrome Extensions Remote Code Execution via Extension Disabling in Google Chrome Domain Spoofing Vulnerability in Google Chrome Prior to Version 79.0.3945.79 Domain Spoofing Vulnerability in Google Chrome Omnibox Bypassing Navigation Restrictions in Google Chrome on Android (CVE-2019-13720) Domain Spoofing Vulnerability in Google Chrome SQL Server Management Studio Information Disclosure Vulnerability Domain Spoofing Vulnerability in Google Chrome Omnibox Local Code Spoofing Vulnerability in Google Chrome on Windows Cross-Origin Data Leakage in Google Chrome Prior to 79.0.3945.79 Type Confusion Vulnerability in Google Chrome (prior to 79.0.3945.79) Allows Remote Heap Corruption Remote Code Execution Vulnerability in Google Chrome Content Delivery Manager Remote Code Execution via Use-After-Free Vulnerability in Google Chrome's Accessibility Remote Code Execution via Use After Free in Google Chrome Media Picker Sandbox Escape via Use After Free Vulnerability in Google Chrome FileAPI Windows 10 Update Assistant Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Splwow64.exe Local Elevation of Privilege Vulnerability Windows Servicing Stack Information Disclosure Vulnerability ActiveX Installer Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability NETLOGON Message Session Key Retrieval Vulnerability Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Vulnerability in Git Recursive Clones Allows Remote Code Execution Windows Certificate Dialog Elevation of Privilege Vulnerability Windows Hyper-V Remote Code Execution Vulnerability VBScript Engine Memory Object Handling Remote Code Execution Vulnerability Windows Object Memory Handling Denial of Service Vulnerability Arbitrary File Access Vulnerability in b3log Wide before 1.6.0 Heap Buffer Overflow in WICED Studio 6.2 CYW20735B1 and CYW20819A1 Remote Code Execution in Exim 4.85 through 4.92 (fixed in 4.92.1) via ${sort } Expansion SINEMA Remote Connect Server (All versions < V2.0 SP1) Password Guessing Vulnerability Privilege Escalation Vulnerability in SINEMA Remote Connect Server (All versions < V2.0 SP1) Memory Object Handling Vulnerability in Windows Kernel Vulnerability in SINEMA Remote Connect Server (All versions < V2.0 SP1) Allows CSRF Attacks Denial-of-Service Vulnerability in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1) SINEMA Remote Connect Server Vulnerability: Password Hash Disclosure Cross-Site Scripting (XSS) Vulnerability in IE/WSN-PA Link WirelessHART Gateway Clickjacking Vulnerability in SCALANCE Network Switches and Routers Denial-of-Service Vulnerability in SCALANCE S602, S612, S623, and S627-2M Denial-of-Service Vulnerability in SCALANCE S602, S612, S623, and S627-2M Denial of Service Vulnerability in Desigo PX Automation Controllers Vulnerability in SIMATIC IT UADM Allows Password Recovery and Unauthorized Access Win32k Memory Object Handling Elevation of Privilege Vulnerability XHQ Web Interface Cross-Site Request Forgery (CSRF) Vulnerability Vulnerability in XHQ Web Interface Allows Unexpected Behavior and Content Modification Unauthenticated Script Injection Vulnerability in XHQ (All versions < V6.0.0.2) Vulnerability in SCALANCE X-Series Network Devices Allows Unauthorized Access Reflected Cross-Site Scripting (XSS) Vulnerability in Siemens AG Polarion Webclient Reflected Cross-Site Scripting (XSS) Vulnerability in Siemens AG Polarion Webclient Persistent Cross-Site Scripting Vulnerability in Siemens AG Polarion Webclient IP Address Spoofing Vulnerability in APOGEE, Desigo, Nucleus, SIMOTICS, TALON, and VSTAR Devices Win32k Memory Object Handling Elevation of Privilege Vulnerability Denial of Service Vulnerability in SIMATIC Industrial Control Systems Predictable Path Names Vulnerability in OZW672 and OZW772 Web Servers Title: Buffer Overflow Vulnerability in EN100 Ethernet Modules Leads to Denial-of-Service Condition Title: Cross-Site Scripting (XSS) Vulnerability in EN100 Ethernet Modules Vulnerability in EN100 Ethernet Modules: Unauthorized Information Disclosure UART Interface Physical Access Vulnerability Profinet-IO (PNIO) Stack Denial of Service Vulnerability Clear Text Password Transmission Vulnerability in Control Center Server (CCS) Stored XSS vulnerability in SyGuestBook A5 Version 1.2 CSRF Vulnerability in SyGuestBook A5 Version 1.2 Win32k Memory Object Handling Elevation of Privilege Vulnerability Stored XSS Vulnerability in SyGuestBook A5 Version 1.2 via Comment Reply Stack-based Buffer Overflow in set_ipv4() Function in gdnsd 3.x Stack-based Buffer Overflow in set_ipv6() Function in gdnsd Bluetooth Low Energy (BLE) Authentication Bypass Vulnerability in YI M1 Mirrorless Camera V3.2-cn Memory Exhaustion Vulnerability in Mikrotik RouterOS Stack Exhaustion Vulnerability in Mikrotik RouterOS Arbitrary PHP Code Execution in Discuz!ML 3.2 through 3.4 via Modified Language Cookie SQL Injection Vulnerability in Umbraco 7.3.8 via nodeName Parameter in PageWApproveApi/GetInpectSearch Method Memory Copy into NULL Pointer Vulnerability in Bento4 1.5.1-627 Win32k Memory Object Handling Elevation of Privilege Vulnerability Denial of Service Vulnerability in libjpeg-turbo 2.0.2 CSRF Vulnerability in flatCore Allows Arbitrary .php File Upload Heap-based Buffer Over-read in lavc_CopyPicture in VideoLAN VLC media player Multiple Reflective and Stored XSS Vulnerabilities in iTop through 2.6.0 XSS Vulnerability in iTop Dashboard XML Fields Denial of Service Vulnerability in iTop Community Version SQL Injection Vulnerability in Metinfo 6.x via id Parameter in admin/index.php Windows Hyper-V Remote Code Execution Vulnerability Self-XSS in AntSword Database Configuration Allows Code Execution XSS Vulnerability in OTCMS 3.81 via mode Parameter in apiRun.php?mudi=autoRun Request XSS Vulnerability in LayerBB 1.1.3 via pm_title Variable in application/commands/new.php Arbitrary File Upload Vulnerability in LayerBB 1.1.3 CSRF Vulnerability in LayerBB 1.1.3's conversations.php/cmd/new eGain Chat 15.0.3 HTML Injection Vulnerability Unrestricted File Upload Vulnerability in eGain Chat 15.0.3 Cross-Site Scripting (XSS) Vulnerabilities in Ovidentia 8.4.3 SQL Injection Vulnerability in Ovidentia 8.4.3 via id Parameter in index.php?tg=delegat&idx=mem Request Remote Code Execution via Unblocked PHP File Upload in Directus 7 API Windows Hyper-V Remote Code Execution Vulnerability Remote Code Execution via PHP File Upload in Directus 7 API Unauthenticated Remote File Read Vulnerability in Directus 7 API Markdown Injection Vulnerability in Directus 7 Application before 7.7.0 Insufficient Anti-Automation in Directus 7 API (CVE-2021-12345) Unauthenticated Access to Uploaded Files in Directus 7 API Log File Disclosure Vulnerability in Sierra Wireless MGOS Stack-based Buffer Overflow in wfloat() function in dpic 2019.06.20 Windows Hyper-V Privileged User Input Validation Vulnerability XXE Vulnerability in Terracotta Quartz Scheduler's initDocumentParser Method Laser-Induced LED Photosensitivity Vulnerability in Pre-Rev3 Arduino Embedded Systems Out of Bound Memory Access Vulnerability in Snapdragon Platforms Memory Corruption and Information Leakage Vulnerability in Snapdragon Platforms Integer Overflow Vulnerability in Snapdragon Processors: Potential Memory Corruption and Information Leakage Memory Corruption and Information Leakage Vulnerability in Snapdragon Platforms Integer Overflow Vulnerability in Multiple Snapdragon Platforms Microsoft Access Memory Object Handling Vulnerability Memory Corruption and Information Leakage Vulnerability in Multiple Snapdragon Platforms Insecure Public Key Usage in Multiple Snapdragon Platforms Unauthorized Access to Call Status in Snapdragon Devices Null Pointer Exception Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Chipsets Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Title: Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Timing Side Channel Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking Null Pointer Dereference Vulnerability in Location Assistance Data Processing in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130 Improper Input Validation Leading to Out-of-Bounds Memory Access in Snapdragon Processors Buffer Map Vulnerability in Snapdragon Devices Multiple Read Overflows in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables: Improper Length Check Vulnerability Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables in Multiple Chipsets Vulnerability: Invalid Super Index Table Parsing in Snapdragon Processors Buffer Overflow Vulnerability in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130 Stack-based buffer overflow vulnerability in initialization of identification stage in multiple Snapdragon platforms Integer overflow vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple chipsets Heap Buffer Overflow Vulnerability in Snapdragon Platforms Potential Out-of-Bound Array Access Vulnerability in Snapdragon Platforms Multiple Read Overflows Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Memory Object Handling Vulnerability in Microsoft Office Multiple Read Overflows in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, and Wearables Processors Buffer overrun vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables in multiple Qualcomm chipsets Vulnerability: Lack of Length Check in IPv6 Header Extraction in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables Unvalidated User Input in String Copy Vulnerability in Multiple Snapdragon Platforms Stack-Use-After-Scope Vulnerability in NFC Card Emulation on Snapdragon Platforms Session Object Vulnerability in Multiple Snapdragon Platforms Potential Buffer Overflow Vulnerability in WLAN WMI Handler in Multiple Snapdragon and QCA Chipsets Unbounded Channel Length Vulnerability in Multiple Snapdragon Platforms Buffer Overwrite Vulnerability in Multiple Snapdragon Platforms Use-after-free vulnerability in graphics module in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wired Infrastructure and Networking in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wired Infrastructure and Networking in various Qualcomm chipsets Memory Use After Free Vulnerability in Snapdragon Processors Multiple Read Overflows in Snapdragon Processors: Vulnerability in Decoding Tau Reject/Accept Requests Use After Free Vulnerability in Snapdragon Processors: EEPROM Query Mutex Unlocking Issue Buffer Overflow Vulnerability in Snapdragon Processors Use-After-Free Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Buffer Over-read Vulnerability in ADSP Parse Function in Snapdragon Processors Out of Bound Read Vulnerability in Snapdragon Platforms Memory Use After Free Vulnerability in Multiple Snapdragon Platforms Buffer Overrun Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Critical Out of Bound Read Vulnerability in Snapdragon Platforms Out of Bound Read Vulnerability in Fingerprint Application in Multiple Snapdragon Platforms Uninitialized Memory Access Vulnerability in Snapdragon Consumer IOT and Snapdragon Mobile Devices Critical Buffer Overflow Vulnerability in Snapdragon Auto, Consumer IoT, and Mobile Processors Improper Validation of Array Parameters Leading to Out-of-Bound Access in Snapdragon Platforms Lack of Input Validation in IPA Driver Process Route Add Rule IOCTL Out of Bound Memory Access Vulnerability in Snapdragon Platforms Stage-2 Fault Vulnerability in Snapdragon Platforms Windows UPnP Service Elevation of Privilege Vulnerability Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Integer Overflow and Buffer Overflow Vulnerability in Snapdragon Industrial IOT (MDM9206, MDM9607) Uninitialized Data Structure Vulnerability in Multiple Snapdragon Platforms Stack Out-of-Bounds Read Vulnerability in XFRM Policy Creation in Multiple Snapdragon Platforms Vulnerability: Unauthorized Code and Data Update and RAM Dump Diversion in Snapdragon Platforms Dangling Pointer Vulnerability in Snapdragon Processors Integer Overflow Vulnerability in Snapdragon Platforms Buffer Over-read Vulnerability in Snapdragon Platforms Jet Database Engine Remote Code Execution Vulnerability Uninitialized Stack Data Vulnerability in Snapdragon and Other Qualcomm Products Null-pointer dereference vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Kernel Failure Vulnerability in Multiple Snapdragon Platforms Pointer Double Free Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking Integer Overflow Vulnerability in Feature ID Retrieval in Snapdragon Platforms Timing side channel vulnerability in non-time-constant functions in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in multiple Qualcomm chipsets Out of Bound Access Vulnerability in Multiple Snapdragon Platforms Windows Graphics Component Elevation of Privilege Vulnerability Race condition vulnerability in PCM volume controls in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, Wired Infrastructure and Networking in various Qualcomm chipsets Vulnerability: Compromised Reset Handler Allows Bypass of Access Control in Multiple Snapdragon Platforms Race condition vulnerability leading to unhandled paging request in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in various Qualcomm chipsets RTCP Message Buffer Overflow Vulnerability Heap Overflow Vulnerability in Diag Command Handler in Snapdragon Processors Null pointer dereference vulnerability in radio interface layer of Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605, Rennell, Saipan, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR2130 Buffer Overflow Vulnerability in Multiple Snapdragon Processors Out of Bound Memory Access Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking in Multiple Qualcomm Chipsets Unvalidated Response Buffer Length Vulnerability in Snapdragon Processors Uninitialized Variable Vulnerability in Snapdragon Processors Win32k Memory Object Handling Elevation of Privilege Vulnerability Out of Bound Write Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables Buffer Over-read Vulnerability in WLAN Module for SAR Limits Enforcement in Snapdragon Processors Buffer Over-read Vulnerability in Snapdragon Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Wired Infrastructure, and Networking in Multiple Qualcomm Chipsets Integer Underflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wired Infrastructure and Networking in Multiple Qualcomm Chipsets Potential Integer Underflow Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, and Snapdragon in QCN7605, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130 Integer Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 Buffer Overflow Vulnerability in Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, QCS605 Critical Use After Free Vulnerability in Snapdragon Devices Re-provisioning Vulnerability in Keymaster Attestation Key and Device IDs after Data Erase or Factory Reset Windows Remote Procedure Call Memory Initialization Vulnerability Double Free Vulnerability in Snapdragon Processors Critical Vulnerability: Unauthorized Service Exports in Snapdragon Industrial IOT and Mobile Devices Array Out of Bounds Access Vulnerability in Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, and Wearables in various Qualcomm chipsets Integer Overflow Vulnerability in Diag Command Handler Buffer Overflow Vulnerability in Snapdragon Processors Potential Buffer Overflow Vulnerability in WLAN Parser in Multiple Snapdragon Platforms Potential Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wired Infrastructure and Networking in various Qualcomm chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Vulnerability: Disabled Register Write via Debugfs in Multiple Snapdragon Platforms Out of Bounds Read Vulnerability in Diag Event Set Mask Command Handler in Snapdragon Processors Invalid Context Pointer Vulnerability in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile (APQ8053, SC8180X, SDX55, SM8150) Memory Overflow Vulnerability in Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SM8150 DirectWrite Memory Disclosure Vulnerability Buffer Overflow Vulnerability in WLAN Firmware in Multiple Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Mobile, Voice & Music, Wired Infrastructure and Networking in IPQ6018, IPQ8074, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, Rennell, SC7180, SC8180X, SM6150, SM7150, SM8150, SXR2130 Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Buffer overflow vulnerability in WLAN firmware during CCMP cipher suite unwrapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in various Qualcomm chipsets. Buffer Overflow Vulnerability in WLAN Firmware Information Disclosure Vulnerability in Multiple Snapdragon Platforms Vulnerability: Privilege Escalation via Altered Debug Policy Image in Snapdragon Platforms Use After Free Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 TOCTOU Race Condition and Memory Corruption Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking Windows Adobe Type Manager Font Driver (ATMFD.dll) OpenType Font Driver Information Disclosure Vulnerability Memory Padding Vulnerability in Snapdragon Auto and Snapdragon Mobile Devices Critical Vulnerability: Missing Bounds Checks in Widevine HLOS Client Across Multiple Snapdragon Platforms Memory Failure in Content Protection Module: A Critical Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 Buffer Overflow Vulnerability in Snapdragon Processors Extension Request Handling Security Bypass in Microsoft Edge Memory Corruption Vulnerability in Snapdragon Processors: Impact on Trusted Applications Out of Bound Write Vulnerability in Radio Measurement Request in Snapdragon Platforms Memory Corruption Vulnerability in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150 Out of Bound Access Vulnerability in WLAN Handler: Potential Security Risk in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking Integer overflow to buffer overflow vulnerability in WLAN parsing nonstandard NAN IE messages in multiple Snapdragon platforms and products Visual Studio Code Debug Listener Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Race Condition Vulnerability in Windows Subsystem for Linux Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Modules Installer Service File Information Disclosure Vulnerability OpenType Font Parsing Remote Code Execution Vulnerability Unbounded memcpy Vulnerability in Das U-Boot Unbounded memcpy Vulnerability in Das U-Boot (2019.07) Unbounded memcpy Vulnerability in Das U-Boot through 2019.07 Unbounded memcpy Vulnerability in Das U-Boot through 2019.07 Unbounded memcpy Vulnerability in Das U-Boot through 2019.07 Out-of-Bounds Data Read Vulnerability in Das U-Boot Unbounded memcpy Vulnerability in Das U-Boot through 2019.07 Unbounded memcpy Vulnerability in Das U-Boot Windows Elevation of Privilege Vulnerability in dssvc.dll Stack-based Buffer Overflow in nfs_handler: rpc_lookup_reply Stack-based Buffer Overflow in nfs_lookup_reply Function in Das U-Boot Stack-based Buffer Overflow in nfs_readlink_reply Function in Das U-Boot Stack-based Buffer Overflow in nfs_mount_reply Function in Das U-Boot Stack-based Buffer Overflow in nfs_umountall_reply Function Local File Inclusion Vulnerability in Nevma Adaptive Images Plugin for WordPress Arbitrary File Deletion Vulnerability in Nevma Adaptive Images Plugin for WordPress Endless Loop Crash Vulnerability in Foxit PhantomPDF NULL Pointer Dereference Vulnerability in Foxit PhantomPDF Heap Corruption Vulnerability in Foxit PhantomPDF Memory Corruption Vulnerability in Foxit PhantomPDF JavaScript Object Validation Vulnerability in Foxit PhantomPDF NULL Pointer Dereference in Foxit PhantomPDF Crash Vulnerability in Foxit PhantomPDF 8.3.11 JavaScript Denial of Service Vulnerability in Foxit PhantomPDF Crash Vulnerability in Foxit PhantomPDF 8.3.11 Arbitrary PHP File Upload Vulnerability in WP SVG Icons Plugin Windows Elevation of Privilege Vulnerability in iphlpsvc.dll Arbitrary File Read Vulnerability in BlueStacks Cross-Site Scripting (XSS) Vulnerability in 1CRM On-Premise Software 8.5.7 Default Private Key Vulnerability in Alfresco Community Edition Open Redirect Vulnerability in Alfresco Share Application Remote Code Execution via Deserialization in Alfresco Community Edition 5.2 201707 SSRF Vulnerability in OX App Suite 7.10.1 and 7.10.2 Insecure Permissions in OX App Suite through 7.10.2 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.1 and 7.10.2 Reflected POST-based XSS and CSRF Vulnerability in Xavier PHP Management Panel 3.0 Windows StartTileData.dll File Creation Elevation of Privilege Vulnerability SQL Injection Vulnerability in Viral Quiz Maker - OnionBuzz Plugin for WordPress SQL Injection Vulnerability in Viral Quiz Maker - OnionBuzz Plugin for WordPress Catastrophic Backtracking Vulnerability in Django's Truncator Slow Evaluation of Certain Inputs in Django's HTMLParser SQL Injection in JSONField and HStoreField Key Lookups Memory Exhaustion Vulnerability in Django's uri_to_iri Function Defeating Proprietary Code Read Out Protection (PCROP) on STMicroelectronics STM32 devices through CPU register observation and code execution analysis Defeating Flash Access Controls (FAC) on NXP Kinetis KV1x, KV3x, and K8x Devices through CPU Register Observation and Code Execution Analysis Defeating Proprietary Code Read Out Protection (PCROP) on STMicroelectronics STM32F7 devices via the Instruction Tightly Coupled Memory (ITCM) bus using a debug probe Defeating Flash Access Controls (FAC) on NXP Kinetis Devices: Leveraging Load Instructions to Expose Protected Code NetLogon Secure Communications Channel Bypass Vulnerability CSRF Vulnerability in WCMS v0.3.2 Allows Directory Traversal and Index.html Modification Denial of Service Vulnerability in HAProxy 2.0.2 via htx_manage_client_side_cookies Local Code Injection Vulnerability in Bitdefender Products for Windows Denial of Service in mastercactapus proxyprotocol before 0.0.2 Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Database Deletion Insecure Object Reference in CentOS Web Panel 0.9.8.851 Allows Unauthorized Access to phpMyAdmin Passwords Out-of-Bounds Write Vulnerability in mpg321 0.3.2 NULL Pointer Dereference Vulnerability in libnasm.a in NASM 2.14.xx Denial of Service Vulnerability in libdwarf: Division by Zero in dwarf_elf_load_headers.c Visual Studio Hardlink Validation Elevation of Privilege Vulnerability Heap-based Buffer Overflow in GNU libiberty's simple_object_elf_match Arbitrary File Access Vulnerability in T24 TEMENOS Channels R15.01 Arbitrary PHP Code Injection in Publisure 2.1.2 Secure Portal Authentication Bypass Vulnerability in Publisure 2.1.2 ServletController Multiple SQL Injections in Publisure 2.1.2 Secure Portal Go-Camo SSRF Vulnerability in Versions up to 1.1.4 Allows Remote Attackers to Access Internal Endpoints ZEN-31765: Local Privilege Escalation Vulnerability in Zenoss 2.5.3 XML-RPC Subsystem in Zenoss 2.5.3: Unauthenticated Information Disclosure via XXE Attacks on Port 9988 Command Injection Vulnerability in Polycom Obihai Obi1022 VoIP Phone Firmware 5.1.11 Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Command Injection Vulnerability in Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP Phone Insufficient Jamming Detection Allows Reactive Jamming Attack on ABUS Secvest FUAA50000 3.01.01 Devices Stack Consumption Vulnerability in MetadataExtractor 2.1.0 SQL Injection in OpenSNS v6.1.0 via index.php?s=/ucenter/Config/ uid parameter Buffer Overflow Vulnerability in PDFResurrect 0.15 via Crafted PDF File Cleartext Password Exposure in Octopus Deploy Versions 3.0.19 to 2019.7.2 Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Sandbox Escape Vulnerability in Comodo Antivirus, Firewall, and Internet Security Code Injection Vulnerability in Docker 19.03.x Linked Against GNU C Library XSS Vulnerability in SilverStripe asset-admin 4.0: File Title Injection via CMS Broken Access Control in SilverStripe Assets 4.0 Heap-Based Buffer Overflow in MCPP 2.7.2's do_msg() Function in support.c Stack-Based Buffer Overflow in Xfig fig2dev 3.2.7a's calc_arrow Function in bound.c XXE Vulnerability in WUSTL XNAT 1.7.5.3 via POST Request Body Unauthenticated Blind XML Injection and XXE in Axway SecureTransport REST API Unauthenticated User Enumeration Vulnerability in Knowage through 6.1.1 Scripting Engine Memory Corruption Vulnerability in Microsoft Edge EXIF Data Exposure Vulnerability in Craft CMS 2.x and 3.x Code-Execution Backdoor Found in Datagrid Gem 1.0.6 Code-execution backdoor vulnerability in simple_captcha2 gem 0.2.3 Integer Overflow and Out-of-Bounds Read in Linux Kernel Floppy Disk Driver Denial of Service Vulnerability in Linux Kernel Floppy Driver Stored XSS Vulnerability in MISP 2.4.111 Event-Graph View Vulnerability: Bypassing Policy Blacklists and Session PAM Modules in Sudo before 1.8.28 Integer Overflow in Xpdf's JBIG2Bitmap::combine Function Integer Overflow in Xpdf's JBIG2Bitmap::combine Function Internet Explorer Scripting Engine Memory Corruption Vulnerability Out of Bounds Read Vulnerability in Xpdf 4.01.01 Out of Bounds Read Vulnerability in Xpdf 4.01.01 Out of Bounds Read Vulnerability in Xpdf 4.01.01 Out of Bounds Read Vulnerability in Xpdf 4.01.01 Use-after-free vulnerability in Xpdf 4.01.01: Out-of-bounds read in JPXStream::fillReadBuf Integer Overflow in getElfSections Function in UPX 3.95 Allows Remote Denial of Service Denial of Service and Buffer Overflow Vulnerability in UPX 3.95 Cross-Site Scripting (XSS) Vulnerability in Veeam ONE Reporter 9.5.0.3201 via Add/Edit Widget Cross-Site Scripting (XSS) Vulnerability in Veeam ONE Reporter 9.5.0.3201 Ricoh SP C250DN 1.05 Authentication Method Vulnerable to Brute Force Attacks Windows Media Foundation QuickTime Media Parsing Remote Code Execution Vulnerability Multiple Buffer Overflows in Ricoh Printers' HTTP Cookie Parsing Incorrect Access Control in Ricoh SP C250DN 1.06 Devices Debug Port Vulnerability on Ricoh SP C250DN 1.06 Devices Denial of Service Vulnerability in Ricoh SP C250DN 1.05 Devices CSRF Vulnerability in Ricoh SP C250DN 1.06 Devices Multiple Buffer Overflows in Ricoh Printers' HTTP Parameter Settings Incorrect Access Control Vulnerability in Ricoh SP C250DN 1.06 Devices Multiple Buffer Overflows in Ricoh Printers' HTTP Parameter Settings Parsing Buffer Overflow Vulnerabilities in Ricoh Printers' LPD Service Hardcoded FTP Credentials in Ricoh SP C250DN 1.05 Devices Denial of Service Vulnerability in Ricoh SP C250DN 1.05 Devices via Crafted IPP Packets Local File Inclusion Vulnerability in Aptana Jaxer 1.0.3.4547's Wikilite Source Code Viewer SQL Injection Vulnerability in 10Web Photo Gallery Plugin for WordPress SQL Injection Vulnerability in Imagely NextGEN Gallery Plugin for WordPress Arbitrary Web Script Injection in SunHater KCFinder 3.20-test1 and Earlier DSA Nonce Bias Vulnerability in wolfSSL and wolfCrypt 4.1.0 and Earlier Timing Side Channel Vulnerability in ECDSA Signature Generation Unencrypted Transmission of Private Data in TikTok (formerly Musical.ly) Application DirectWrite Memory Disclosure Vulnerability Windows Pathname Drive Name Mishandling in Pallets Werkzeug before 0.15.5 Stack-Based Buffer Overflow in SSDP Responder 1.x through 1.5 Privilege Escalation Vulnerability in AndyOS Andy Versions up to 46.11.113 CSRF Vulnerability in Custom Simple Rss Plugin 2.0.6 for WordPress Allows Unauthorized Settings Modification CSRF Vulnerability in Simple Membership Plugin's Bulk Operation Section Stored XSS Vulnerability in EspoCRM Create Task Windows Graphics Component Elevation of Privilege Vulnerability Stored XSS Vulnerability in EspoCRM Create Case Stored XSS Vulnerability in EspoCRM Create User Weak SSH Ciphers Vulnerability on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Pre-Authenticated Denial of Service Vulnerability in D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Insecure SSL Certificate and RSA Private Key Extraction Vulnerability Post-Authenticated Denial of Service Vulnerability in D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Post-Authenticated Config File Dump Vulnerability in D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Command Injection Vulnerability in D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Post-Authentication XSS Vulnerability on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 Android App ContentProvider Data Access Vulnerability Win32k Elevation of Privilege Vulnerability Stored XSS Vulnerability in TemaTres 3.0 via value parameter in vocab/admin.php?vocabulario_id=list URI Reflected XSS vulnerability in TemaTres 3.0 via vocab/admin.php?doAdmin=bulkReplace URI Remote Privilege Escalation in TemaTres 3.0: Unauthorized Creation of Administrator Account CSRF Vulnerability in Schben Adive 2.0.7 Allows Unauthorized Password Change Arbitrary Administrator Account Creation in Schben Adive 2.0.7 SQL Injection Vulnerability in BearDev JoomSport Plugin 3.3 for WordPress Stored XSS Vulnerability in EspoCRM 5.6.4 via Unfiltered User-Supplied Data in api/v1/Document Functionality Windows Graphics Component Elevation of Privilege Vulnerability Stored XSS Vulnerability in EspoCRM 5.6.4 Knowledge Base User Password Hash Enumeration Vulnerability in EspoCRM 5.6.4 CSV Injection Vulnerability in Joget Workflow 6.0.20 Side Channel Vulnerability in Trezor One Devices: Power Consumption Analysis of Row-Based OLED Display Side Channel Vulnerability: Power Consumption Analysis of OLED Display on Ledger Nano S and Nano X Devices Side Channel Vulnerability in ShapeShift KeepKey Devices: Exploiting Power Consumption of Row-Based OLED Display Side Channel Vulnerability in Coldcard MK1 and MK2 Devices: Power Consumption Analysis of Row-Based OLED Display Side Channel Vulnerability in Mooltipass Mini Devices Allows PIN Recovery via Power Consumption Measurements Side Channel Vulnerability in Archos Safe-T Devices: Exploiting Row-Based OLED Display Power Consumption Side Channel Vulnerability in BC Vault Devices: Exploiting Power Consumption of Row-Based SSD1309 OLED Display Win32k Kernel Information Disclosure Vulnerability Side Channel Vulnerability in Hyundai Pay Kasse HK-1000 Devices Allows Secret Data Recovery via USB Power Consumption Measurements Directory Traversal Vulnerability in Openbravo ERP before 3.0PR19Q1.3 Remote Code Execution Vulnerability in NETGEAR WNDR3400v3 Routers XSS Vulnerability in Email Subscribers & Newsletters Plugin 4.1.6 for WordPress WordPress Intercom Plugin Exposes Slack Access Token, Enabling Unauthorized Access Slack Access Token Leakage in WP SlackSync Plugin for WordPress Slack-Chat through 1.5.5 Vulnerability: Access Token Leak Exposes Sensitive Slack Information Heap-Based Buffer Over-Read Vulnerability in Exiv2 0.27.99.0 Exiv2 0.27.99.0 Denial of Service Vulnerability in PngImage::readMetadata() Windows Graphics Component Elevation of Privilege Vulnerability Out-of-Bounds Read Vulnerability in Exiv2::MrwImage::readMetadata() in mrwimage.cpp Infinite Loop Vulnerability in Libav 12.3's mov_probe Function Infinite Loop Vulnerability in Libav 12.3's wv_read_block_header() Function Heap-based Buffer Over-read in libpng via Crafted FLIF File Heap-Based Buffer Overflow in libslirp 4.0.0: Mishandling of First Fragment in ip_reass Remote Code Execution Vulnerability in FasterXML jackson-databind before 2.9.9.2 with ehcache Windows Graphics Component Elevation of Privilege Vulnerability Out-of-Bounds Read Vulnerability in libopenmpt Allows Crash During Playback NULL Pointer Dereference Vulnerability in libopenmpt before 0.4.3 Assertion Failure in libopenmpt: Debug STLs File Parsing Vulnerability Assertion Failure Vulnerability in libopenmpt before 0.4.2 with Debug STLs Stored XSS Vulnerability in cPanel WHM Tomcat Manager Interface (SEC-504) Self XSS vulnerability in cPanel and webmail master templates (SEC-506) Unauthenticated File Creation Vulnerability in cPanel (SEC-507) Local Privilege Escalation Vulnerability in cPanel (SEC-510) Windows GDI Memory Disclosure Vulnerability Stored XSS Vulnerability in cPanel WHM Modify Account Interface (SEC-512) Inadequate Reseller Package Creation ACL Enforcement in cPanel (SEC-514) Remote Code Execution Vulnerability in cPanel (SEC-501) Insecure cpphp Execution in cPanel Allows Local Code Execution (SEC-486) Root Account Privilege Escalation via fetch_ssl_certificates_for_fqdns API in cPanel (SEC-489) World-readable permissions for Queueprocd log in cPanel before 80.0.5 (SEC-494) Spoofed Log Data Insertion Vulnerability in cPanel API Analytics (SEC-495) Arbitrary File Modification Vulnerability in cPanel (SEC-496) Arbitrary Code Execution Vulnerability in cPanel (SEC-498) Insecure File Operations in cPanel SSL Certificate-Storage Feature (SEC-477) Win32k Kernel Information Disclosure Vulnerability Local Privilege Escalation in cPanel (SEC-479) Remote Code Execution Vulnerability in cPanel API1 addforward (SEC-480) Insecure Terminal Capability Determination in cPanel (SEC-481) Open Mail Relay Vulnerability in cPanel (SEC-483) Root Account File-Read Vulnerability in cPanel (SEC-484) cPanel Demo Account Code Execution Vulnerability (SEC-487) Stored XSS in cPanel BoxTrapper Queue Listing (SEC-493) cPanel Vulnerability: Information Disclosure to OpenID Providers (SEC-415) OpenID Provider Linking Vulnerability in cPanel (SEC-460) Arbitrary File-Read Vulnerability in cPanel (SEC-466) Win32k Graphics Remote Code Execution Vulnerability Format-String Injection Vulnerability in cPanel Email store_filter UAPI (SEC-472) Insecure File Writing Vulnerability in cPanel (SEC-473) Format-String Injection Vulnerability in cPanel's DCV Check_Domains_Via_DNS UAPI (SEC-474) Vulnerability: File-Write Operations as Shared Users during Connection Resets in cPanel (SEC-476) Userdata Cache Conflict Vulnerability in cPanel (SEC-478) Persistent Cross-Site Scripting (XSS) Vulnerability in Veritas Resiliency Platform (VRP) Allows Injection of Malicious Script Arbitrary Command Execution Vulnerability in Veritas Resiliency Platform (VRP) Arbitrary Command Execution Vulnerability in Veritas Resiliency Platform (VRP) Directory Traversal Vulnerability in Veritas Resiliency Platform (VRP) Allows Unauthorized File Overwrite URL Validation Bypass Vulnerability in Microsoft Office TortoiseSVN 1.12.1 Excel Workbook Remote Code Execution Vulnerability Remote Code Execution (RCE) Vulnerability in CUx-Daemon Addon for eQ-3 Homematic CCU-Firmware Local File Inclusion (LFI) Vulnerability in CUx-Daemon 1.11a of eQ-3 Homematic CCU-Firmware 2.35.16 - 2.45.6 Cross-Site Scripting (XSS) Vulnerability in WEB STUDIO Ultimate Loan Manager 2.0 Microsoft SharePoint SMB Hash Disclosure Vulnerability SQL Injection Vulnerability in YouPHPTube Plugin AuditTable.php Heap-based Buffer Overflow in MatrixSSL DTLS Server WebSocket Authentication Bypass Vulnerability in Loom Desktop for Mac up to 0.16.0 Information Leakage in OpenStack Nova API Response Heap-based Buffer Over-read in VLC Media Player 3.0.7.1 via Crafted .ogg File Heap-Based Buffer Over-Read Vulnerability in VLC Media Player 3.0.7.1 Polymorphic Typing Issue in FasterXML jackson-databind 2.x Remote Denial of Service Vulnerability in Libav 12.3 Denial of Service Vulnerability in Libav 12.3: avio_seek Infinite Loop Division by Zero Vulnerability in Libav 12.3 Integer Overflow in apply_relocations in readelf.c in GNU Binutils 2.32 Cross Site Scripting (XSS) Vulnerability in Cloudera Manager Office Online Cross-Origin Communication Spoofing Vulnerability Directory Traversal Vulnerability in Repetier-Server 0.8 through 0.91 Allows Remote Code Execution Remote Code Execution via XML Data Structure Validation Bypass in Repetier-Server 0.8 through 0.91 Directory Traversal Vulnerability in Sigil before 0.9.16 Privilege Escalation via Modified Domus and Logged Fields in Comelit App lejos de casa (web) 2.8.0 Vertical Privilege Escalation in SuiteCRM 7.11.x and 7.10.x Stored XSS Vulnerability in Opengear Console Server Firmware Releases Prior to 4.5.0 Stack-based Buffer Overflow in VIVOTEK IP Camera Devices with Firmware Before 0x20x via Crafted HTTP Header Denial of Service Vulnerability in VIVOTEK IP Camera Devices Integer Overflow Vulnerability in nfdump 1.6.17 and Earlier: Remote Denial of Service Memory Disclosure Vulnerability in Microsoft Excel Out-of-Bounds Read Vulnerability in libmodbus (VD-1302) Out-of-Bounds Read Vulnerability in libmodbus (VD-1301) Heap-Based Buffer Overflow in XMFile::read in MilkyTracker 1.02.00 Heap-Based Buffer Overflow in fmt_mtm_load_song() Function in Schism Tracker 20190722 Vulnerability: PHP Object Injection in GOsa_Filter_Settings Cookie Remote Code Execution Vulnerability in Social Photo Gallery Plugin for WordPress Buffer Overflow Vulnerability in GnuCOBOL 2.2 via Crafted COBOL Source Code Stored Cross-Site Scripting (XSS) Vulnerability in Nexus Repository Manager before 3.18.0 Office Online Cross-Origin Communication Spoofing Vulnerability XSS Vulnerability in UserPro Plugin for WordPress via Instagram PHP API XSS Vulnerability in TestLink 1.9.19 via error.php message parameter XSS Vulnerability in Zurmo 3.2.7-2 via app/index.php/zurmo/default PATH_INFO Authentication Bypass and Privilege Escalation Vulnerability in eQ-3 Homematic CCU2 and CCU3 Denial of Service Vulnerability in eQ-3 Homematic CCU3 3.47.15 and Prior Authentication Bypass and Unauthorized Access in eQ-3 Homematic CCU2 and CCU3 Server-Side Request Forgery (SSRF) Vulnerability in AdRem NetCrunch 10.6.0.4587: Unauthorized SMB Requests Improper Credential Storage in AdRem NetCrunch 10.6.0.4587 Stored Cross-Site Scripting (XSS) Vulnerability in AdRem NetCrunch 10.6.0.4587 Web Client Remote Code Execution Vulnerability in AdRem NetCrunch 10.6.0.4587 Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Improper Session Handling in AdRem NetCrunch 10.6.0.4587 Web Client: Authentication Bypass and Privilege Escalation Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in AdRem NetCrunch 10.6.0.4587 Web Client Allows Account Takeover Hardcoded SSL Private Key Vulnerability in AdRem NetCrunch 10.6.0.4587 Credentials Disclosure in AdRem NetCrunch 10.6.0.4587 Buffer Overflow Vulnerability in GnuCOBOL 2.2 via Crafted COBOL Source Code Microsoft Office ClickToRun Security Feature Bypass Vulnerability Out of Bounds Read Vulnerability in OpenCV's cv::predictOrdered<cv::HaarEvaluator> Function Out of Bounds Read/Write Vulnerability in OpenCV's HaarEvaluator::OptFeature::calc Function NULL pointer dereference in cv::XMLParser::parse function Divide-by-Zero Error in SplashOutputDev::tilingPatternFill Out-of-Bounds Write Vulnerability in 3proxy WebAdmin Interface Stack-Based Buffer Overflow in LoaderXM::load in MilkyTracker 1.02.00 Heap-Based Buffer Overflow in ModuleEditor::convertInstrument in MilkyTracker 1.02.00 Divide-by-Zero Vulnerability in VLC Media Player 3.0.7.1 Vulnerability: Privilege Escalation via LAN Cache Feature in Kaseya VSA RMM Default Configuration of Sphinx Technologies Sphinx 3.1.1 Exposes Unauthenticated Access Cross-Site Scripting (XSS) Vulnerability in LimeSurvey 3.17.7+190627 Improper Bounds Checking in Dnsmasq Allows Remote Code Execution Arbitrary Command Execution Vulnerability in Microvirt MEmu Lack of SSL Certificate Validation in mAadhaar Android App 1.2.7 Allows Man-in-the-Middle Attacks on FAQs and Help Requests XSS Vulnerability in pandao Editor.md 1.5.0 via Javas&#99;ript: String Cross-Site Scripting (XSS) Vulnerability in Evolution CMS 2.0.x via Description and New Category Location in Template Path Traversal Vulnerability in EMCA Energy Logserver 6.1.2 Logo File Upload Feature Integer Underflow in Amiga Oktalyzer Parser of Schism Tracker Heap-based Buffer Overflow in Schism Tracker through 20190722 via Large Number of Song Patterns in fmt_mtm_load_song Sensitive Value Exposure in Octopus Deploy Cross-Site Request Forgery Token Bypass Vulnerability in NETGEAR Nighthawk M1 (MR1100) Devices Command Execution Vulnerability on NETGEAR Nighthawk M1 (MR1100) Devices Heap-Based Buffer Overflow in GnuCOBOL 2.2's read_literal Function SQL Injection Vulnerability in OpenEMR before 5.0.2 in save.php Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Arbitrary File Download and Potential File Deletion in OpenEMR Out of Bounds Read Vulnerability in The Sleuth Kit (TSK) 4.6.6 Off-by-one Underflow Vulnerability in The Sleuth Kit (TSK) 4.6.6 Use-After-Free Vulnerability in VLC Media Player's Control Function NULL Pointer Dereference Vulnerability in VideoLAN VLC Media Player 3.0.7.1 Divide-by-Zero Vulnerability in VideoLAN VLC Media Player 3.0.7.1 Type Juggling Vulnerability in YOURLS API Component Allows Login Bypass Symlink Exploitation in Windows User Profile Service: Elevation of Privilege Vulnerability Polymorphic Typing Vulnerability in FasterXML jackson-databind Stack-Based Buffer Overflow in GnuCOBOL 2.2's cb_encode_program_id Lack of Permission Checks in Gogs 0.11.86 API Routes Stored XSS Vulnerability in EspoCRM Allows for Cookie Theft Stored XSS via Malicious Filename in EspoCRM Attachment Stored XSS Vulnerability in EspoCRM Allows for Cookie Theft Stored XSS in Title and Breadcrumb of EspoCRM Entities Stored XSS Vulnerability in EspoCRM Edit Dashboard Feature Arbitrary Code Execution via Cross-Origin /install Request in Das Q (before 2019-08-02) EDK II Vulnerability: Privileged User Information Disclosure via Network Access BIOS Firmware Vulnerability in Intel Processors: Local Denial of Service Exploit Critical Buffer Overflow Vulnerability in Intel BIOS Firmware for 8th-10th Generation Processors BIOS Firmware Vulnerability: Denial of Service via Adjacent Access in Intel Processors Unauthenticated Denial of Service Vulnerability in EDK II OpenType Font Parsing Remote Code Execution Vulnerability DxeImageVerificationHandler() Integer Overflow Vulnerability Integer Truncation Vulnerability in EDK II: Local Privilege Escalation Vulnerability in Intel(R) SGX SDK Allows Information Disclosure and Privilege Escalation Intel(R) SGX SDK Multiple Versions Local Access Vulnerability Privilege Escalation Vulnerability in Intel(R) RST (before version 17.7.0.1006) Vulnerability: Pointer Corruption in Intel(R) NUC System Firmware Excel Macro Security Bypass Vulnerability Intel(R) NUC System Firmware Memory Corruption Vulnerability Denial of Service Vulnerability in Intel Graphics Driver Subsystem Potential Privilege Escalation Vulnerability in DxeImageVerificationHandler() for EDK II Win32k Elevation of Privilege Vulnerability Null Pointer Dereference Vulnerability in Tianocore EDK2 EDK II Use After Free Vulnerability: Potential for Privilege Escalation, Information Disclosure, and Denial of Service Denial of Service Vulnerability in EDK II via Adjacent Access Improper Access Control in Intel Graphics Driver API: Potential Information Disclosure Denial of Service Vulnerability in Intel(R) Graphics Driver API Improper Access Control in Intel Chipset Device Software INF Utility Installer: Potential Denial of Service Vulnerability Authentication Bypass Vulnerability in Intel(R) CSME Subsystem Unquoted Service Path Vulnerability in Control Center-I Version 2.1.0.0 and Earlier Outlook for Android Email Spoofing Vulnerability Uncontrolled Search Path Element Vulnerability in Intel(R) SNMP Subagent Stand-Alone Installer Privilege Escalation Vulnerability in Intel(R) RWC 3 Installer Privilege Escalation Vulnerability in Nuvoton CIR Driver Installer Privilege Escalation Vulnerability in Intel® Quartus® Prime Pro Edition License Server Installer FPGA Kernel Driver Null Pointer Dereference Vulnerability Privilege Escalation Vulnerability in Intel(R) SCS Platform Discovery Utility Installer Vulnerability: Improper Conditions Check in Multiple Intel® Processors Buffer Overflow Vulnerability in Intel(R) NUC(R) Firmware Allows Privilege Escalation Privilege Escalation Vulnerability in Intel(R) NUC(R) Firmware Memory Object Handling Vulnerability in Microsoft Word Firmware Vulnerability in Intel(R) NUC(R) Allows Local Privilege Escalation Firmware Integer Overflow Vulnerability in Intel(R) NUC(R) Enables Local Privilege Escalation Escalation of Privilege Vulnerability in Intel(R) NUC(R) Firmware Privilege Escalation Vulnerability in Intel(R) VTune(TM) Amplifier for Windows* Intel Processor Graphics: Insufficient Control Flow Vulnerability PowerPoint Object Memory Handling Remote Code Execution Vulnerability Denial of Service Vulnerability in Intel(R) Wireless Bluetooth(R) Products Improper Access Control in On-Card Storage of Intel® FPGA Programmable Acceleration Card N3000: Potential Denial of Service Vulnerability Improper Access Control in Intel® FPGA Programmable Acceleration Card N3000 PCIe Function Improper Permissions in Intel(R) DAAL: Potential Information Disclosure via Local Access Microsoft Access Memory Object Handling Vulnerability Unauthenticated Information Disclosure Vulnerability in Intel(R) Thunderbolt(TM) Controllers Memory Disclosure Vulnerability in Microsoft Excel Windows GDI Memory Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in Amazon AWS JavaScript S3 Explorer XSS Vulnerability in pandao Editor.md 1.5.0 via ABBR or SUP Element Attribute Remote Code Execution Vulnerability in Joomla! 3.9.7 and 3.9.8 Vulnerability: Unauthorized Admin Access via User Account in Yealink Phones Arbitrary Code Execution and Password Replacement Vulnerability in Yealink Phones Windows GDI Memory Disclosure Vulnerability Stack-Based Buffer Overflow in Brandy 1.20.1's fileio_openout Function Stack-Based Buffer Overflow in Brandy 1.20.1's fileio_openin Function via Crafted BASIC Source Code Vulnerability: Sub-part Wrapping Attack in Enigmail Heap-Based Buffer Overflow in Brandy 1.20.1's define_array Function via Crafted BASIC Source Code Account Takeover via GLPI Autocompletion Feature Multiple Stored XSS Vulnerabilities in Firefly III 4.7.17.4 Stored XSS Vulnerability in Firefly III 4.7.17.3 Transaction Description Field Stored XSS vulnerability in Firefly III 4.7.17.3 via unfiltered user-supplied data in asset account name Windows GDI Memory Disclosure Vulnerability Stored XSS vulnerability in Firefly III 4.7.17.3 via unfiltered user input in bill name field Local File Enumeration Vulnerability in Firefly III 4.7.17.3 Stored XSS vulnerability in Firefly III 4.7.17.5 via unfiltered user input in liability name field SAS XML Mapper 9.45 XML External Entity (XXE) Vulnerability CSRF Vulnerability in ARPrice Lite Plugin 2.2 for WordPress Win32k Graphics Remote Code Execution Vulnerability CSRF Vulnerability in Admin Renamer Extended Plugin 3.2.1 for WordPress CSRF Vulnerability in Deny All Firewall Plugin for WordPress CSRF Vulnerability in ACF: Better Search Plugin for WordPress CSRF Vulnerability in Import users from CSV with meta Plugin for WordPress DLL Hijacking Vulnerability in Trend Micro Password Manager 5.0 Local Privilege Escalation Vulnerability in Trend Micro Security 2019 (v15.0) Trend Micro Security 2019 DLL Hijacking Vulnerability DLL Hijacking Vulnerability in Trend Micro Password Manager 5.0 Repackaged Trend Micro Installers Vulnerable to DLL Hijack Exploit during Initial Product Installation Kernel Information Disclosure Vulnerability in Win32k Component Heap-Based Buffer Overflow in AdPlug 2.3.1 CxadbmfPlayer::__bmf_convert_stream() Heap-Based Buffer Overflow in AdPlug 2.3.1's CdtmLoader::load() Function Heap-Based Buffer Overflow in AdPlug 2.3.1's CmkjPlayer::load() Function Zoho ManageEngine AssetExplorer 6.2.0 XML External Entity Injection (XXE) Vulnerability Use-After-Free Vulnerability in Comodo Antivirus Sandbox Container SQL Injection Vulnerability in Sygnoos Popup Builder Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Open-School 3.0 and Community Edition 2.3 via osv/index.php?r=students/guardians/create id Parameter Vulnerability: Out-of-Bounds Writes in musl libc through 1.1.23 Buffer Overflow Vulnerability in MicroDigital N-Series Cameras OS Command Injection in MicroDigital N-series Cameras: Remote Code Execution as Root Windows Hyper-V Information Disclosure Vulnerability Arbitrary File Disclosure via Path Traversal in MicroDigital N-series Cameras Path Traversal Denial of Service Vulnerability in MicroDigital N-series Cameras SQL Injection Vulnerabilities in MicroDigital N-Series Cameras: Exploiting HTTPD for Unauthorized Admin Account Creation CSRF Vulnerability Allows Unauthorized Creation of Admin Account in MicroDigital N-Series Cameras SSRF Vulnerability in MicroDigital N-Series Cameras Improper Access Control Allows Unauthorized Admin Access on MicroDigital N-Series Cameras Buffer Overflow Vulnerability in MicroDigital N-Series Cameras Insecure Firmware Update Process Allows Remote Code Execution on MicroDigital N-Series Cameras Buffer Overflow Vulnerability in MicroDigital N-Series Cameras Cleartext Password Storage Vulnerability in MicroDigital N-Series Cameras Hyper-V Remote Code Execution Vulnerability Race Condition Vulnerability in Verifone MX900 Series Pinpad Payment Terminals with OS 30251000 Bypassing Integrity and Origin Control in Verifone VerixV Pinpad Payment Terminals Vulnerability: Unsigned Package Installation in Verifone MX900 Series Pinpad Payment Terminals Undocumented Physical Access Vulnerability in Verifone Pinpad Payment Terminals Undocumented Physical Access Mode in Verifone VerixV Pinpad Payment Terminals: The VerixV Shell.out Vulnerability Buffer Overflow Vulnerability in Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 Insecure Permissions in Verifone MX900 Series Pinpad Payment Terminals: Arbitrary Command Injection and Privilege Escalation Arbitrary Command Injection Vulnerability in Verifone MX900 Series Pinpad Payment Terminals Windows Kernel Object Memory Handling Vulnerability Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Removal of Users from phpMyAdmin Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Deletion of Email Forwarding Destinations Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Deletion of E-mail Accounts Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Email Forwarding Modification Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized DNS Record Access and Deletion Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Email Password Change Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Email Forwarding Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Sub-Domain Deletion Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Domain Deletion Stored XSS Vulnerability in ZenTao 11.5.1 Allows Cookie Capture via Rich Text Box Heap-based Buffer Overflows in AdPlug 2.3.1's Ca2mLoader::load() Function Heap-Based Buffer Overflows in AdPlug 2.3.1's CradLoader::load() Function Heap-Based Buffer Overflows in AdPlug 2.3.1's CmtkLoader::load() Function Critical Security Vulnerability: Insecure Permissions in Ubisoft Uplay 92.0.0.6280 Windows Kernel Object Memory Handling Vulnerability Privilege Escalation Vulnerability in Valve Steam Client for Windows KDE Frameworks KConfig Code Execution via Malicious Desktop Files Command Injection Vulnerability in radare2 bin_symbols() Function KuaiFanCMS 5.0 - Remote Code Execution via eval Injection in install.php Stored XSS Vulnerability in DWSurvey's Survey Design Copy Functionality Persistent XSS vulnerability in osTicket file-upload functionality CSV Injection in osTicket Export Spreadsheets Stored XSS in firstname and lastname fields of osTicket setup/install.php NLTK Downloader Directory Traversal Vulnerability Cross-Site Scripting (XSS) Vulnerability in SuiteCRM 7.10.x and 7.11.x Buffer Overflow Vulnerability in SICK FX0-GPNT00000 and FX0-GENT00000 Devices (3.4.0) SQL Injection Vulnerability in Open-School 3.0 and Community Edition 2.3 via index.php?r=students/students/document id parameter Unrestricted File Upload Vulnerability in Leaf Admin 61.9.0212.10 f KaiOS Email Application HTML and JavaScript Injection Vulnerability HTML and JavaScript Injection Vulnerability in KaiOS Contacts Application HTML and JavaScript Injection Vulnerability in KaiOS File Manager Application KaiOS Radio Application HTML and JavaScript Injection Vulnerability Windows AppX Deployment Service (AppXSVC) Hard Link Elevation of Privilege Vulnerability HTML and JavaScript Injection Vulnerability in KaiOS Recorder Application HTML and JavaScript Injection Vulnerability in KaiOS Note Application Double-locking error in drivers/usb/dwc3/gadget.c leading to potential deadlock with f_hid Improper Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows unauthorized administrative access Path Traversal Vulnerability in DIMO YellowBox CRM File Browser Arbitrary File Download Vulnerability in DIMO YellowBox CRM Arbitrary File Upload and Remote Code Execution in DIMO YellowBox CRM Insufficient Output Filtering in Block Labels in Backdrop CMS Windows Printer Service File Path Validation Vulnerability Arbitrary JavaScript Execution in Backdrop CMS Administration Bar Arbitrary Code Execution through Configuration Archive Upload in Backdrop CMS XSS Vulnerability in Verdaccio before 3.12.0 Arbitrary Post Deletion Vulnerability in Woody ad snippets Plugin Cross-Site Scripting (XSS) Vulnerability in woo-variation-swatches Plugin for WordPress Heap-Based Buffer Over-Read Vulnerability in VLC Media Player 3.0.7.1 via Crafted .mkv File Use-after-free vulnerability in VLC media player 3.0.7.1's Control function in demux/mkv/mkv.cpp Use-after-free vulnerability in VLC media player 3.0.7.1's mkv::virtual_segment_c::seek method Windows COM Server Elevation of Privilege Vulnerability Session Hijacking and Password Extraction in CentOS Web Panel (CWP) 0.9.8.856-0.9.8.864 Privilege Escalation Vulnerability in Samsung FotaAgent (SVE-2019-14764) XSS Vulnerability in CP Contact Form with PayPal Plugin for WordPress XSS Vulnerability in CP Contact Form with PayPal Plugin for WordPress Vulnerability: Rank Math SEO Plugin 1.0.27 for WordPress Settings Reset via admin-post.php Parameter Cross-Site Scripting (XSS) Vulnerability in Tribulant Newsletters Plugin for WordPress Directory Traversal and Remote PHP Code Execution in Tribulant Newsletters Plugin for WordPress XSS Vulnerability in Custom 404 Pro Plugin 3.2.8 for WordPress Cross-Site Scripting (XSS) Vulnerability in Limb-Gallery Plugin 1.4.0 for WordPress XSS Vulnerability in Appointment Booking Calendar Plugin 1.3.18 for WordPress Cross-Site Scripting (XSS) Vulnerability in WP Google Maps Plugin File Deletion Vulnerability in Meta Box Plugin for WordPress File Upload Vulnerability in Meta Box Plugin for WordPress XSS Vulnerability in Toggle-The-Title WordPress Plugin 1.4 XSS Vulnerability in Woocommerce Products Price Bulk Edit Plugin for WordPress Authenticated Stored XSS Vulnerability in 10Web Photo Gallery Plugin for WordPress Authenticated Local File Inclusion Vulnerability in 10Web Photo Gallery Plugin for WordPress Email Subscription XSS Vulnerability in FV Flowplayer Video Player Plugin for WordPress Windows Media Player Memory Object Handling Vulnerability Information Disclosure Vulnerability in FV Flowplayer Video Player Plugin for WordPress SQL Injection Vulnerability in FV Flowplayer Video Player Plugin for WordPress Unintended Environment Variable Disclosure in HashiCorp Nomad Template Rendering (GHSA-6hv3-7c34-4hx8) Cross-Site Scripting (XSS) Vulnerability in UNA 10.0.0-RC1 via System Name Field in Email Template Editing Cross-Site Scripting (XSS) Vulnerability in UNA 10.0.0-RC1 via System Name Field in Sets Insufficient Debugger PIN Randomness in Pallets Werkzeug with Docker XSS Vulnerability in MobileFrontend Extension's Edit Summary Field Unencrypted Transmission of Personal Data in RENPHO iOS App Authorization Bypass Vulnerability in Go's net/url Library Windows Media Player Memory Object Handling Vulnerability Race Condition Vulnerability in EOS Label Distribution Protocol (LDP) Implementation Privilege Escalation in Ghostscript: Bypassing Security Restrictions Insecure Privileged Calls in Ghostscript Enable Script Bypass Insecure Privileged Calls in Ghostscript: Bypassing Security Restrictions Heap-based Buffer Overflow in Marvell WiFi Chip Driver in Linux Kernel Heap Overflow Vulnerability in Marvell Wifi Driver Heap-based Buffer Overflow in Marvell WiFi Chip Driver in Linux Kernel Privilege Escalation Vulnerability in Ghostscript Memory Leak and Denial of Service Vulnerability in DPDK Privilege Escalation Vulnerability in OpenShift Container Platform 3.x Keycloak Internal Adapter Endpoint Exposure Vulnerability Out-of-Bounds Access Vulnerability in Linux Kernel's KVM Hypervisor Privilege Escalation Vulnerability in ibus Implicit Trust of Root Certificate in Leaf and Chain OCSP Policy Implementation in JSS' CryptoManager Vulnerability: Unauthorized Access to Private Attributes in 389-ds-base Plugin Cleartext Password Storage Vulnerability in Katello Session Cookie Retention Vulnerability in FreeIPA 4.5.0 and Later JavaScript Injection Vulnerability in Moodle Mustache Templates User Role Assignment Vulnerability in Moodle Versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7, and Earlier Unsupported Versions Activity Creation Capabilities Bypass in Moodle Windows AppX Deployment Server Junction Handling Elevation of Privilege Vulnerability Open Redirect Vulnerability in Moodle Mobile Launch Endpoint Open Redirect Vulnerability in Moodle's Forum Subscribe Link Unauthorized User Access Vulnerability in Keycloak REST API Samba Password Complexity Check Bypass Vulnerability Memory Leak Vulnerability in dnsmasq Allows Remote DoS Buffer Overflow Vulnerability in Linux Kernel's vhost Functionality 3scale Dev Portal Login CSRF Vulnerability Domain-based Password Reset Vulnerability in Keycloak Unauthorized Modification of Server Runtime State Vulnerability Sensitive Information Disclosure in Business-Central Console Login Windows OLE Remote Code Execution Vulnerability Auto-complete Enabled in RHDM HTML Form Fields: A Potential Credential Leak Vulnerability Role Manipulation Vulnerability in RHDM Allows Unauthorized Admin Privileges Vulnerability: Arbitrary Code Execution via Structured Reply in NBD Protocol Unauthorized Access Vulnerability in Wildfly Security Manager Kerberos Client Crash Vulnerability in Fedora Versions OpenShift Builds TLS Hostname Verification Bypass Vulnerability Credential Disclosure Vulnerability in Ansible Engine Logging Denial of Service Vulnerability in Samba AD DC LDAP Server via Dirsync Unprotected User Session Cookie in 3scale Before Version 2.6 VBScript Engine Memory Object Handling Remote Code Execution Vulnerability Denial of Service Vulnerability in nbdkit 1.12.7, 1.14.1, and 1.15.1 Denial of Service Vulnerability in nbdkit Versions 1.12.7, 1.14.1, and 1.15.1 Vulnerability: TLS 1.0 Protocol Weakness in 3scale's APIcast Gateway Denial of Service Vulnerability in python-ecdsa before 0.13.3 Insecure Secret Data Exposure in OpenShift Container Platform 4 Vulnerability: SHA-1 Collision Attack Allows Forged Certificate Signatures Vulnerability in Ansible versions 2.8.6, 2.7.14, 2.6.20 allows None-based attack Open Redirect Vulnerability in mod_auth_openidc Vulnerability: Information Leakage in Ansible Engine and Ansible Tower Malleable Signature Vulnerability in python-ecdsa Visual Studio Live Share URL Redirection Vulnerability Syndesis Misconfiguration Allows for Cross-Origin Resource Sharing (CORS) Vulnerability Samba DNS Record Injection Vulnerability Unvalidated Data Delivery Vulnerability in Knockout.js Unvalidated Data Delivery Vulnerability in Angular Versions Before 1.5.0-beta.0 Sensitive Data Disclosure in Ansible Callback Plugins Grub2-set-bootflag Utility Truncation Vulnerability Insecure File Permissions in cpio TAR Archive Generation Vulnerability in IPA Server's ber_scanf() Function Allows for Remote Code Execution Remote Code Execution Vulnerability in ksh Version 20120801 Privilege Escalation Vulnerability in Ghostscript MSAL Android App Information Disclosure Vulnerability Samba AD DC S4U2Self Kerberos Delegation Vulnerability Memory Allocation Vulnerability in REENT_CHECK Macro NULL Pointer Dereference Vulnerability in _dtoa_r Function of newlib libc Library Null Pointer Dereference Bug in Balloc Function of newlib libc Library Null Pointer Dereference Bug in Balloc Function of newlib libc Library Null Pointer Dereference Bug in multiply function of newlib libc library Null Pointer Dereference Bug in Balloc Function of newlib libc Library Null Pointer Dereference Vulnerability in Balloc Function of newlib libc Library Null Pointer Dereference Bug in Balloc Function of newlib libc Library Cohort Role Assignment Vulnerability in Moodle Buffer Handling Vulnerability in Microsoft Defender Insufficient Email Address Verification in Moodle OAuth 2 Providers Blind XSS Vulnerability in Moodle 3.7 before 3.7.3 Open Redirect Vulnerability in Moodle Lesson Edit Page Token Leakage in Moodle Email Notifications Reflected XSS Vulnerability in Moodle 3.7 and Earlier Versions Vulnerability: Information Disclosure in JBoss EAP Vault System Insecure Storage of Encoded Passwords in Business-Central OpenSSL-Wildfly Connection Downgrade Vulnerability Undertow HTTP Server Denial of Service (DOS) Vulnerability Arbitrary Command Injection Vulnerability in libssh's ssh_scp_new() Function Windows Remote Desktop Protocol Information Disclosure Vulnerability Insecure Storage of Credentials in Ansible Tower License Application Memory Cgroup Containment Vulnerability in cri-o Allows Host Network Access Polymorphic Deserialization Vulnerability in Jackson-databind Arbitrary Code Execution Vulnerability in FasterXML jackson-databind Remote Code Execution Vulnerability in CloudForms Management Engine Heap-based Buffer Overflow in Marvell WiFi Chip Driver Heap-based Buffer Overflow Vulnerability in Marvell WiFi Chip Driver in Linux Kernel 2.6.32 Marvell WiFi Chip Driver Stack-Based Buffer Overflow Vulnerability Incomplete Fix for Race Condition Vulnerability in Linux Kernel (CVE-2019-11599) VPN Hijacking Vulnerability: Exploiting TCP Stream Injection Skype for Business Server Spoofing Vulnerability SQL Injection Vulnerability in Hibernate ORM Marvell WiFi Chip Driver Heap Overflow Vulnerability Samba Subtree Modification Vulnerability Arbitrary Command Execution Vulnerability in Ansible's solaris_zone Module Ansible Engine Vulnerability: OS Command Injection in nxos_file_copy Module Heap-based Buffer Overflow Vulnerability in Red Hat SDL Packages Samba Vulnerability: Remote Code Execution via NTLMSSP Authentication Exchange Keycloak 7.x User Federation LDAP Anonymous Bind Vulnerability LDAP StartTLS Vulnerability in Keycloak 7.x Reflected XSS Vulnerability in PRiSE adAS 1.7.0 OPENSSO Module Open Redirect Vulnerability in PRiSE adAS 1.7.0 Persistent XSS Vulnerability in PRiSE adAS 1.7.0 Administration Panel Arbitrary File Read and Deletion via Directory Traversal in PRiSE adAS 1.7.0 XSS Vulnerability in PRiSE adAS 1.7.0: Unescaped Certificate Data Unrestricted File Upload Vulnerability in PRiSE adAS 1.7.0 Arbitrary Code Execution via XSS in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 Vulnerability: Exposed Telnet Service with Hardcoded Credentials on Billion Smart Energy Router SG600R2 Root Privilege Escalation via Hidden Shell Feature in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 Remote Command Execution in EyesOfNetwork 5.1 via Shell Metacharacters in module/tool_all/host Field Insecure File Movement Vulnerability in GCDWebServer Insecure Permission Assignment Allows Unauthorized Access to Sensitive RTU Data Hard-coded SSH Keys Vulnerability in Mitsubishi Electric and INEA ME-RTU Devices Unauthenticated Remote Configuration Download Vulnerability in Mitsubishi Electric and INEA ME-RTU Devices Stored Cross-Site Scripting (XSS) Vulnerabilities in Mitsubishi Electric and INEA ME-RTU Devices Weak Credentials Management on Mitsubishi Electric ME-RTU and INEA ME-RTU Devices: Exposed Password Credentials Vulnerability Undocumented Hard-Coded User Passwords and Privilege Escalation Vulnerability in Mitsubishi Electric ME-RTU and INEA ME-RTU Devices Unauthenticated Remote OS Command Injection in Mitsubishi Electric ME-RTU and INEA ME-RTU Devices Remote Access to Candidates' Personal Information in Humanica Humatrix 7 Recruitment Module CSRF Vulnerability in Bagisto 0.1.5 Admin URIs Out-of-Bounds Write Vulnerability in PDFResurrect Insecure Permissions in 3CX Phone 15 on Windows: Privilege Escalation Vulnerability Easy!Appointments 1.3.2 Plugin for WordPress - Sensitive Information Disclosure (Username and Password Hash) Vulnerability Time-based SQL Injection in REDCap Edit Calendar Event Default Openness of LOAD DATA LOCAL INFILE Option in mysqljs Module for Node.js Crash Vulnerability in Storage Performance Development Kit (SPDK) vhost Target Uncontrolled Memory Allocation Vulnerability in SHAREit 4.0.6.177 Cleartext HTTP Cookie Vulnerability in GitLab Pages Hard-coded Credentials Vulnerability in GitLab Community and Enterprise Edition 12.0 through 12.1.4 Command-line Injection Vulnerability in GitLab Community and Enterprise Edition XSS Vulnerability in Ultimate Member Plugin for WordPress (Version < 2.0.54) XSS Vulnerability in Ultimate Member Plugin for WordPress (Versions before 2.0.52) XSS Vulnerability in Ultimate Member Plugin for WordPress Account Upgrade XSS Vulnerability in woocommerce-product-addon Plugin for WordPress XSS Vulnerability in wp-database-backup Plugin for WordPress (Version 5.1.2 and earlier) XSS Vulnerability in wp-live-chat-support Plugin: Exploiting the GDPR Page Incorrect Protection Mechanism in Telenav Scout GPS Link App for iOS Enables Brute-Force Attacks on Authentication Process Possible XSS Vulnerability in JetBrains YouTrack Versions Before 2019.1.52584 Possible XSS Vulnerability in JetBrains YouTrack Versions Before 2019.2.53938 via Issue Attachments in Firefox Browser Cleartext HTTP Connection Vulnerability in JetBrains IntelliJ IDEA Lack of Password Expiration and Forced Password Change in Earlier Versions of JetBrains Hub Improper Access Control in JetBrains YouTrack before 2019.2.53938 Vulnerability: Sensitive Project Data Stored in Publicly Accessible GitHub Repository Uncontrolled Memory Allocation Vulnerability in JetBrains PyCharm Cleartext HTTP Connection Vulnerability in JetBrains Toolbox Unsigned DLL File Vulnerability in JetBrains Rider XSS Vulnerability in JetBrains Upsource before 2019.1.1412 Server Side Template Injection (SSTI) Vulnerability in Frappe Framework 10-12 Authenticated SQL Injection in Frappe Framework 10-12 (before 12.0.4) Cross-Site Scripting (XSS) Vulnerability in Frappe Framework 10, 11, and 12 SQL Injection in imcat 4.9 via index.php order parameter in mod=faqs action Insecure Permissions and Impersonation Vulnerability in Netwrix Auditor Heap-based Buffer Overflow in mkv::event_thread_t in VideoLAN VLC Media Player 3.0.7.1 Integer Overflow Vulnerability in LibTIFF's _TIFFCheckMalloc and _TIFFCheckRealloc Functions Cross-Site Scripting (XSS) Vulnerability in SugarCRM Enterprise 9.0.0 Heap-Based Buffer Over-read in Artifex MuPDF XSS Vulnerability in iCMS 7.0.15 via admincp.php?app=apps and keywords parameter Parameter Tampering Vulnerability in WooCommerce PayU India Payment Gateway Plugin 2.1.1 Parameter Tampering Vulnerability in WooCommerce PayPal Checkout Payment Gateway Plugin 1.6.17 Use After Free Vulnerability in ImageMagick's UnmapBlob Function Divide-by-Zero Denial of Service Vulnerability in ImageMagick's MeanShiftImage Function Integer Overflow Vulnerability in Exiv2's WebPImage::getHeaderOffset Function Remote Code Execution in eQ-3 Homematic CCU2 and CCU3 with XML-API AddOn Remote Code Execution in eQ-3 Homematic CCU2 and CCU3 with CUxD AddOn Unauthenticated Administrative Operations in eQ-3 Homematic CCU2 and CCU3 with CUxD AddOn XSS Vulnerability in Adive Framework 2.0.7: Create New Table and Create New Navigation Link Functions Denial of Service Vulnerability in Istio's Regular Expression Handling Arbitrary Issue Viewing Vulnerability in Atlassian Jira Service Desk Information Disclosure Vulnerability in Jira's /rest/api/1.0/render Resource Cross-Site Scripting (XSS) Vulnerability in Jira FilterPickerPopup.jspa Resource Information Exposure through Caching Vulnerability in Jira AccessLogFilter CSRF Protection Bypass via Cookie Tossing in Jira CSRF Vulnerability in Atlassian Universal Plugin Manager Arbitrary File Read and Command Execution Vulnerability in Bitbucket Server and Data Center Jira Importers Plugin Template Injection Vulnerability Arbitrary Issue Viewing Vulnerability in Atlassian Jira Service Desk Arbitrary Issue Viewing Vulnerability in Atlassian Jira Service Desk Unprivileged User Email Scanning Vulnerability in Atlassian Troubleshooting and Support Tools Plugin Confluence Previews Plugin Man-in-the-Middle (MITM) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Review Resource Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Improper Authorization Vulnerability in Atlassian Fisheye and Crucible Allows Unauthorized Removal of User's Favourite Setting Remote Code Execution Vulnerability in Bitbucket Server and Bitbucket Data Center Information Disclosure Vulnerability in ListEntityLinksServlet Remote Code Execution via edit-file request in Bitbucket Server and Bitbucket Data Center Unauthenticated Remote Attackers Can Remove Configured Issue Status in Jira Zingbox Inspector Command Injection Vulnerability Hardcoded Credentials Vulnerability in Zingbox Inspector SQL Injection Vulnerability in Zingbox Inspector Management Interface Vulnerability: Hardcoded Credentials in Zingbox Inspector SSH Service Unauthenticated Binding Vulnerability in Zingbox Inspector Zingbox Inspector Software Update Image Vulnerability Command Injection Vulnerability in Zingbox Inspector Versions 1.293 and Earlier Zingbox Inspector Local Area Network Identification Vulnerability ARP Spoofing Vulnerability in Zingbox Inspector Versions 1.294 and Earlier Cleartext Password Storage Vulnerability in Zingbox Inspector Versions 1.294 and Earlier Arbitrary File Write Vulnerability in ClickHouse SQL Injection Vulnerability in Ninja Forms Plugin for WordPress Stack-Based Buffer Over-Read Vulnerability in memcached 1.5.16 Arbitrary Command Execution Vulnerability in MediaTek eMMC Subsystem for Android on MT65xx, MT66xx, and MT8163 SoC Devices Inadequate Checks in Joomla! com_contact Enable Mail Submission in Disabled Forms Arbitrary Command Execution in FusionPBX 4.4.8 via service_edit.php Facility Unavailable Exception Vulnerability in Linux Kernel on PowerPC Platform Vector Register Leakage Vulnerability in Linux Kernel on PowerPC Platform Information Disclosure in Pydio 6.0.8 via Unauthenticated Directory Uploads Authenticated SSRF in Pydio 6.0.8 Remote Link Feature Buffer Overflow in QEMU 4.0.0: Insufficient Allocation in Bochs Display Driver Confidential Server-level Data Exposure in JetBrains TeamCity 2018.2.4 Arbitrary Command Execution Vulnerability in JetBrains TeamCity 2018.2.4 Multiple XSS Vulnerabilities in JetBrains TeamCity 2018.2.4 Security Vulnerability: Lack of Security-Related HTTP Headers in JetBrains TeamCity 2018.2.4 Remote Code Execution Vulnerability in JetBrains TeamCity 2018.2.4 CSRF Vulnerability in JetBrains YouTrack Settings Page (pre-2019.1) Unbounded URL Whitelisting Vulnerability in JetBrains YouTrack Unvalidated SSL Certificate Vulnerability in JetBrains TeamCity 2018.2.4 Unauthenticated Denial of Service Vulnerability in Grafana User Enumeration Vulnerability in Zoho ManageEngine ServiceDesk Plus 10 Unauthenticated Sensitive Information Leakage in Zoho ManageEngine ServiceDesk Plus 10 before 10509 during Fail Over Service (FOS) Replication (SD-79989) Heap-based Buffer Over-read in AP4_BitReader::SkipBits function Heap-based Buffer Overflow in AP4_RtpAtom Class Heap-based Buffer Over-read in AP4_Dec3Atom Class Heap-based Buffer Over-read in AP4_AvccAtom Class Command Injection Vulnerability in Softing uaGate Firmware Credential Leakage in Gradle HTTP Client Bypassing XSS Protection in Confluence Server via HTML Include and Replace Macro Plugin Cross-Site Scripting (XSS) Vulnerabilities in Mailbird before 2.7.5.0 r Arbitrary File Deletion and Unauthorized Access in MikroTik RouterOS Heap-Based Buffer Over-Read in stb_image.h (2.23): Information Disclosure and Denial of Service Vulnerability Unauthenticated Remote Retrieval of Configuration Backup Files in Liberty lisPBX 2.0-4 Remote Code Execution Vulnerability in TP-Link TL-WR840N v4 Router CSRF Vulnerability in Dolibarr 11.0.0-alpha Allows Admin Account Takeover Unauthenticated Access Vulnerability in HiNet GPON Firmware Version I040GWR190731 Arbitrary File Read Vulnerability in HiNet GPON Firmware (CVE-XXXX-XXXX) HiNet GPON Firmware < I040GWR190731: Arbitrary Command Execution via Port 6998 Authentication Bypass Vulnerability in Smart Battery A2-25DE Firmware <= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6 Smart Battery A4 Firmware <= r1.7.9: Unauthenticated Password Reset Vulnerability Vulnerability: Authentication Bypass in Smart Battery A4 Firmware <= r1.7.9 Cross-Site Scripting (XSS) Vulnerability in MAIL2000 Versions 6.0 and 7.0 Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in MAIL2000 Login Feature Critical Open Redirect Vulnerability in MAIL2000 Versions 6.0 and 7.0: Unauthenticated Redirect to Malicious Site Stored Cross-Site Scripting (XSS) Vulnerability in MantisBT Timeline Feature Weak Random Keys in iNextrix ASTPP Case-sensitive constructor typo allows for unauthorized ownership change and free cryptocurrency acquisition in AIRDROPX BORN smart contract Typo in Smart Contract Constructor Allows Free Acquisition of EAI Tokens Smart Contract Ownership Acquisition and DoS Vulnerability in MORPH Token Stored XSS Vulnerability in OpenCart 3.x Admin Panel Source/HTML Editing Feature Reflected XSS Vulnerability in 360-product-rotation Plugin for WordPress XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 10.0 Privilege Escalation Vulnerability in Realtek Waves MaxxAudio Driver 1.6.2.0 on Dell Laptops Insecure Storage of Database Password in PRiSE adAS 1.7.0 Reflected XSS Vulnerability in PRiSE adAS 1.7.0 Remote Code Execution via Password Hashing Function Manipulation Authentication Bypass Vulnerability in PRiSE adAS 1.7.0 CSRF Vulnerability in PRiSE adAS 1.7.0 Allows Administrator Actions by Attackers Out-of-Bounds Read Vulnerability in qedi_dbg_* Functions Arbitrary File Upload Vulnerability in Artica Integria IMS 5.0.86 CSV Injection Vulnerability in WordPress Users & WooCommerce Customers Import Export Plugin Reflected XSS Vulnerability in DWSurvey through 2019-07-22 NULL pointer dereference vulnerability in ath6kl USB driver in Linux kernel through 5.2.9 NULL Pointer Dereference in ath10k USB Endpoint Descriptor Handling Remote Code Execution in Tyto Sahi Pro 6.x through 8.0.0 SQL Injection Vulnerability in Zoho ManageEngine OpManager Allows Unauthorized Server Access SQL Injection Vulnerability in Zoho ManageEngine Application Manager Authentication Bypass Vulnerability in Zoho ManageEngine OpManager Command Injection Vulnerability in Webmin <=1.920 Cross-Site Scripting (XSS) Vulnerability in WSO2 API Manager 2.6.0 XSS Vulnerability in The Events Calendar Plugin for WordPress XSS Vulnerability in wp-front-end-profile Plugin for WordPress Privilege Escalation Vulnerability in wp-front-end-profile Plugin XSS Vulnerability in wp-slimstat Plugin for WordPress (Version < 4.8.1) CSRF Vulnerability in Companion-Sitemap-Generator Plugin for WordPress CSRF Vulnerability in Formcraft-Form-Builder Plugin for WordPress CSRF Vulnerability in Peters Login Redirect Plugin for WordPress XSS Vulnerability in Easy Digital Downloads Plugin: IP Address Logging Out-of-Bounds Memory Access in parse_audio_mixer_unit in Linux Kernel Kernel Stack Exhaustion Vulnerability in sound/usb/mixer.c Insecure Permissions in cnlh nps Installation Cross-Site Scripting (XSS) Vulnerability in Kunena Extension for Joomla! Remote Code Execution Vulnerability in Viki Vera 4.9.1.26180 via Branding Module XSS Vulnerability in MobileFrontend Extension's Watchlist Feed Edit Summary Field Vulnerability: Broadcom Wi-Fi Client Devices Information Disclosure XSS Vulnerability in REDCap Data Import Tool CSRF Vulnerability in iF.SVNAdmin Allows Unauthorized User Creation Unauthenticated Access to Candidates' Photo Files in Humanica Humatrix 7 Recruitment Module Arbitrary File Upload and Remote Code Execution in Humanica Humatrix 7 Recruitment Module Arbitrary File Upload and Execution Vulnerability in Code42 Enterprise User Enumeration Vulnerability in Zabbix 4.4.0alpha1 GIFLIB Divide-by-Zero Vulnerability Memory Leak Vulnerability in RIOT TCP Implementation (gnrc_tcp) Allows Network Thread Disruption OMG DDS Security 1.1 Handshake Protocol Cleartext Capability Disclosure Vulnerability eProsima Fast RTPS Access Control Plugin Remote Participant Connection Policy Bypass Vulnerability Insecure Topic Name Matching in eProsima Fast RTPS Access Control Plugin Arbitrary File Read Vulnerability in html-pdf Package 2.2.0 for Node.js Denial-of-Service Vulnerability in ImageMagick 7.0.8-41 Q16 (CVE-2019-11473) Use-after-free vulnerability in ImageMagick 7.0.8-43 Q16 in coders/mat.c allows remote attackers to cause denial of service or other impact via crafted Matlab image file in ReadImage. Heap-based Buffer Over-read in WriteTIFFImage of ImageMagick 7.0.8-43 Q16 Heap-based Buffer Over-read Vulnerability in DjVuLibre 3.5.27 Denial-of-Service Vulnerability in DjVuLibre 3.5.27 Bitmap Reader Component Denial-of-Service Vulnerability in DjVuLibre 3.5.27 Sorting Functionality Denial-of-Service Vulnerability in DjVuLibre 3.5.27 via Corrupted JB2 Image File Handling Heap-Based Buffer Over-read Vulnerability in GoPro GPMF-parser 1.2.2 Out-of-Bounds Read and SEGV Vulnerability in GoPro GPMF-parser 1.2.2 Out-of-Bounds Write Vulnerability in GoPro GPMF-parser 1.2.2 Unidirectional-Routing Protection Bypass in Mitogen Core.py CSRF Vulnerability in OAuth2 Client Extension for MediaWiki Double Free Vulnerability in AdPlug 2.3.1's Cu6mPlayer Class XML Entity Expansion Attack in SweetXml Package Improper Length Handling in rpcapd/daemon.c in libpcap Information Disclosure in libpcap Authentication Failure Messages Denial of Service Vulnerability in libpcap's rpcapd Daemon SSRF Vulnerability in libpcap's rpcapd/daemon.c Memory Allocation Vulnerability in sf-pcapng.c in libpcap Unbounded Memory Access in lmp_print_data_link_subobjs() Function Buffer Over-read Vulnerability in VRRP Parser of tcpdump Use-after-free vulnerability in Linux kernel before 5.2.6 due to malicious USB device in v4l2-dev.c driver Double-Free Vulnerability in Linux Kernel USB Driver Use-after-free vulnerability in Linux kernel USB DVB driver Use-after-free vulnerability in Linux kernel sound subsystem Use-after-free vulnerability in Linux kernel before 5.2.6 in cpia2_usb.c driver NULL Pointer Dereference in Linux Kernel USB Driver NULL pointer dereference vulnerability in Linux kernel USB driver NULL pointer dereference vulnerability in Linux kernel USB driver NULL pointer dereference vulnerability in sisusbvga driver Use-after-free vulnerability in Linux kernel driver p54usb.c NULL pointer dereference vulnerability in Linux kernel sound/usb/line6/pcm.c driver NULL pointer dereference vulnerability in Linux kernel sound/usb/helper.c (motu_microbookii) driver NULL pointer dereference vulnerability in Linux kernel sound/usb/line6/driver.c driver Code-execution backdoor vulnerability in rest-client gem 1.6.10-1.6.13 Denial of Service Vulnerability in Envoy (CVE-2019-14993) Header Size Denial-of-Service Vulnerability in Envoy XSS Vulnerability in FlightPath 4.8.3 Admin Console: Cookie Stealing and Malicious Actions XSS Vulnerability in FUEL CMS 1.4.4 Admin Console Allows for Cookie Stealing and Malicious Actions CSRF Vulnerability in FUEL CMS 1.4.4 Admin Console's Create Blocks Section Multiple Cross-Site Scripting (XSS) Vulnerabilities in LibreNMS v1.54 Admin Console Use-After-Free Vulnerability in Live555 (CVE-2019-XXXX) XSS Vulnerability in Live:Text Box Macro in Old Street Live Input Macros App Uncontrolled Memory Allocation Vulnerability in SHAREit 4.0.6.177 Session Hijacking and Password Disclosure in CentOS Web Panel 0.9.8.864 Punycode Homograph Attack Vulnerability in Roundcube Webmail CSRF Vulnerability in cforms2 Plugin for WordPress: IP Address Field Use-after-free vulnerability in Linux kernel prior to 4.9.190 and 4.14.139 Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Stored XSS Vulnerability in Cisco DNA Center Web-Based Management Interface Cisco Identity Services Engine (ISE) Web Management Interface Authorization Bypass Vulnerability IKEv1 Denial of Service Vulnerability in Cisco ASA and FTD Software Improper Restrictions on Configuration Information in Cisco SPA100 Series Analog Telephone Adapters Cisco SPA100 Series ATA Web Management Interface Denial of Service Vulnerability Cisco Unified Contact Center Express (UCCX) Software HTTP Response Splitting Vulnerability Cisco Aironet Access Points (APs) Software Vulnerability: Unauthorized Access and Privilege Escalation Cisco Aironet Access Points (APs) PPTP VPN Denial of Service Vulnerability Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Software SSH Session Management CAPWAP Protocol Implementation Denial of Service Vulnerability in Cisco Aironet and Catalyst 9100 Access Points Cisco Aironet Access Points (APs) BPDU Forwarding DoS Vulnerability Directory Traversal Vulnerability in Cisco Wireless LAN Controller (WLC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Web Interface Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Web Interface Arbitrary Command Execution Vulnerability in Cisco Small Business RV Series Routers Unauthorized Access Vulnerability in Cisco Unified Communications Manager and Session Management Edition Arbitrary File Overwrite Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software Command Injection Vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software Arbitrary Command Execution Vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software Denial of Service Vulnerability in Cisco Wireless LAN Controller Software Root Privilege Execution Vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software Cisco Finesse Web Management Interface Authorization Bypass Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Software Stored XSS Vulnerability in Cisco Identity Services Engine (ISE) Software Cisco Identity Services Engine (ISE) Software: Unauthenticated Remote Read Access to tcpdump Files Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Privilege Escalation Vulnerability in Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software Denial of Service Vulnerabilities in Cisco TelePresence Collaboration Endpoint and RoomOS Software NULL Pointer Dereference Vulnerability in Linux Kernel's flexcop-usb.c Driver Use-after-free vulnerability in atalk_proc_exit in the Linux kernel before 5.0.9 User Mode Write AV Vulnerability in ACDSee Photo Studio Standard 22.1 Build 1159 Clear-text logging of custom service account credentials in Gallagher Command Centre Untrusted Search Path Vulnerability in Bitdefender Antivirus Free 2020 Buffer Overflow Vulnerability in FAAD2 2.8.8 NULL session media object dereference vulnerability in res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 Authenticated Command Injection in Centreon Web Authentication Bypass Vulnerability in Centreon Web Authenticated SQL Injection in Centreon Web through 19.04.3 Arbitrary SQL Command Execution in Terrasoft Bpm'online CRM-System SDK 7.13 Remote Code Execution Vulnerability in XWiki Labs CryptPad Default Password Vulnerability in Lierda Grill Temperature Monitor V1.00_50006 WAN Remote Code Execution and AWS Key Retrieval Vulnerability in Linkplay Firmware Zolo Halo LAN Remote Code Execution via GoAhead Web Server Zolo Halo DNS Rebinding Attack Vulnerability Non-persistent XSS vulnerability in Zimbra Collaboration before 8.8.15 Patch 1 Arbitrary JavaScript Code Execution via File Upload in Tiki 18.4 Privilege Escalation Vulnerability in Valve Steam Client for Windows Privilege Escalation Vulnerability in Valve Steam Client for Windows XSS Vulnerability in Give Plugin (WordPress) Prior to 2.4.7 via Donor Name Code Injection Vulnerability in yikes-inc-easy-mailchimp-extender Plugin for WordPress Object Injection Vulnerability in Option-Tree Plugin for WordPress (CVE-2021-12345) Object Injection Vulnerability in Option-Tree Plugin for WordPress Object Injection Vulnerability in Option-Tree Plugin for WordPress (<=2.7.3) Vulnerability Alert: Local File Inclusion in Shortcode-Factory Plugin for WordPress Path Traversal Vulnerability in Ad-Inserter Plugin for WordPress Critical Remote Code Execution Vulnerability in Ad-Inserter Plugin for WordPress Misleading Vulnerability: Disabled CONFIG_SECURITY_YAMA with Misconfigured /etc/sysctl.d/10-ptrace.conf Directory Traversal Vulnerability in Import Users from CSV with Meta Plugin XSS Vulnerability in import-users-from-csv-with-meta Plugin for WordPress XSS Vulnerability in Import Users from CSV with Meta Plugin for WordPress CSRF Vulnerability in Import Users from CSV with Meta Plugin for WordPress Insufficient Protection Against Arbitrary File Reading in webp-express Plugin for WordPress HTML Injection Vulnerability in wp-support-plus-responsive-ticket-system Plugin Unrestricted Wi-Fi Control Vulnerability in Lava Z61 Android Device Unsecured Wi-Fi Control Vulnerability on Lava Flair Z1 Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Iris 88 Go Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Z92 Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Z61 Turbo Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Z81 Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Iris 88 Lite Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Z60s Android Device Pre-installed App Vulnerability: Unauthorized Control of Connectivity Features Vulnerability: Privilege Escalation via LovelyFont App Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Vulnerability: Arbitrary Command Execution and MITM Attack on Tecno Camon iClick Android Device Vulnerability: Privilege Escalation via com.lovelyfont.defcontainer Vulnerability: Privilege Escalation via com.lovelyfont.defcontainer Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Vulnerability: Privilege Escalation via LovelyFont Android App Vulnerability: Privilege Escalation via LovelyFont Android App Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Unsecured System Property Modification Vulnerability in Coolpad 1851 Android Device Unsecured System Property Modification Vulnerability in Coolpad N3C Android Device Unsecured System Property Modification Vulnerability in Ulefone Armor 5 Android Device Unsecured System Property Modification Vulnerability in Tecno Camon iClick Android Device Unsecured System Property Modification Vulnerability in Lava Flair Z1 Android Device Unsecured System Property Modification Vulnerability in Advan i6A Android Device Unsecured System Property Modification Vulnerability in Dexp Z250 Android Device Unsecured System Property Modification Vulnerability in Haier A6 Android Device Unauthenticated System Property Modification Vulnerability in Hisense U965 Android Device Insecure System Property Modification Vulnerability in Infinix Note 5 Android Device Unauthenticated System Property Modification Vulnerability in Lava Iris 88 Go Android Device Unsecured System Property Modification Vulnerability in Leagoo Power 5 Android Device Unsecured System Property Modification Vulnerability in Dexp BL250 Android Device Unsecured System Property Modification Vulnerability in Lava Z92 Android Device Insecure System Property Modification Vulnerability in Infinix Note 5 Android Device Unsecured System Property Modification Vulnerability in Haier P10 Android Device Unsecured System Property Modification Vulnerability in Coolpad 1851 Android Device Unsecured System Property Modification Vulnerability in Lava Z61 Turbo Android Device Unsecured System Property Modification Vulnerability in Haier G8 Android Device Unsecured System Property Modification Vulnerability on Symphony G100 Android Device Unsecured System Property Modification Vulnerability in Hisense F17 Android Device Unsecured System Property Modification Vulnerability in Symphony i95 Lite Android Device Unauthenticated System Property Modification Vulnerability in Lava Iris 88 Lite Android Device Unsecured System Property Modification Vulnerability in Haier G8 Android Device Unauthenticated System Property Modification Vulnerability in Panasonic Eluga Ray 530 Unauthenticated System Property Modification Vulnerability in Cherry Flare S7 Android Device Unauthenticated System Property Modification Vulnerability in Panasonic Eluga Ray 600 System Property Modification Vulnerability in Walton Primo G3 Android Device System Property Modification Vulnerability on Fly Photo Pro Android Device Unauthenticated System Property Modification Vulnerability in BQ 5515L Android Device Unsecured System Property Modification Vulnerability in Cubot Nova Android Device Unauthenticated System Property Modification Vulnerability in Allview X5 Android Device Unsecured System Property Modification Vulnerability in Elephone A4 Android Device Insecure System Property Modification Vulnerability in Infinix Note 5 Android Device Unsecured System Property Modification Vulnerability in Lava Z60s Android Device Vulnerability: Unrestricted Wi-Fi Control via com.roco.autogen App Arbitrary Command Execution and Man-in-the-Middle Vulnerability in Coolpad 1851 Android Device Vulnerability: Arbitrary Command Execution and MITM Attack on Haier A6 Android Device Unsecured System Property Modification Vulnerability in Haier G8 Android Device Vulnerability: Unauthorized System Property Modification in Asus ZenFone 4 Selfie Android Device Vulnerability: Unauthorized System Property Modification in Asus ZenFone 4 Selfie Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Asus ZenFone Live Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Asus ZenFone 5 Selfie Android Device Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3s Max Vulnerability: Command Execution via Asus ZenFone 3 Pre-installed App Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone Max 4 Vulnerability: Command Execution via Asus ZenFone 4 Selfie Pre-installed App Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 5Q Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3 Ultra Vulnerability: Command Execution via Pre-installed App Component in Asus ASUS_A002 Android Device Vulnerability: Command Execution via Pre-installed App Component in Asus ASUS_A002_2 Android Device Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3s Max Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone Max 4 Vulnerability: Command Execution via Pre-installed App Component in Asus ASUS_X00K_1 Android Device Vulnerability: Command Execution via Pre-installed App Component Vulnerability: Command Execution via Pre-installed App Component in Asus ASUS_X015_1 Android Device Vulnerability: Command Execution via Asus ZenFone 5 Lite Pre-installed App Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 5Q Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 5Q Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3 Laser Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 4 Selfie Android Device Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3 Ultra Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone AR Pre-installed App Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Redmi 5 Vulnerability: Unauthorized App Installation via Pre-installed App Component Pre-installed App on Tecno Spark Pro Android Device Allows Unauthorized Dynamic Code Loading via Confused Deputy Attack Vulnerability: Unauthorized Command Execution via Confused Deputy Attack in com.lovelyfont.defcontainer app Pre-installed App on Asus ASUS_X015_1 Android Device Allows Unauthorized Command Execution via Confused Deputy Attack Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Blackview BV9000Pro-F Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Blackview BV7000_Pro Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Doogee Mix Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Bluboo_S1 Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Doogee BL5000 Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Kata M4s Android Device Vulnerability in Xiaomi 5S Plus Android Device Allows Unauthorized Wireless Settings Modification Vulnerability in Xiaomi Mi Mix Android Device Allows Unauthorized Wireless Settings Modification Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Mi Note 2 Vulnerability: Unauthorized At Command Access via Confused Deputy Attack on Panasonic ELUGA_I9 Android Device OpenSSL ChaCha20-Poly1305 Nonce Length Vulnerability Vulnerability: System Properties Modification via com.qiku.cleaner App Component Pre-installed App Component Vulnerability in Evercoss U50A Android Device Vulnerability: System Properties Modification via Pre-installed App Component Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Unauthorized App Installation via Pre-installed App Component Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Installation via Accessible App Component on Samsung J5 Android Device Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: App Installation via Pre-installed App Component Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Installation via Accessible App Component in Samsung J5 Android Device Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation on Samsung J7 Neo Android Device Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Pre-installed App Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Redmi 6 Pro Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Mi Mix 2S Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Mi A2 Lite Android Device Vulnerability: Pre-installed App Allows Unauthorized Microphone Audio Recording Vulnerability: Key Recovery in ECDSA Signature Operation with Explicit Parameters Vulnerability: Pre-installed App Allows Unauthorized Microphone Audio Recording Vulnerability: Pre-installed App Allows Unauthorized Microphone Audio Recording Pre-installed App Vulnerability: Unauthorized Microphone Audio Recording via Confused Deputy Attack Pre-installed App Vulnerability: Unauthorized Microphone Audio Recording via Confused Deputy Attack Xiaomi Cepheus Android Device Vulnerability: Unauthorized Microphone Audio Recording via Confused Deputy Attack Vulnerability: Unauthorized Microphone Audio Recording via Confused Deputy Attack on Xiaomi Mi A3 Android Device XSS Vulnerability in Former before 4.2.1 via Checkbox Value XSS Vulnerability in Jooby before 1.6.4 via Default Error Handler Reflected XSS Vulnerability in Status Board 1.1.81 via logic.ts Reflected XSS Vulnerability in Status Board 1.1.81 via dashboard.ts XSS Vulnerability in Domoticz 4.10717 via item.Name XSS Vulnerability in Kimai v2 before 1.1 via Timesheet Description Cross-Site Scripting (XSS) Vulnerability in selectize-plugin-a11y before 1.1.0 via the msg field. Cross-Site Scripting (XSS) Vulnerability in Bolt CMS before 3.6.10 XSS Vulnerability in Bolt CMS (Versions before 3.6.10) via Image Alt or Title Field Cross-Site Scripting (XSS) Vulnerability in Bolt CMS 3.6.10 and Earlier XSS Vulnerability in Django JS Reverse before 0.9.1 XSS Vulnerability in DfE School Experience before v16333-GA via Teacher Training URL Reflected XSS in Ignite Realtime Openfire LDAP Setup Test Cross-Site Scripting (XSS) Vulnerability in laracom (aka Laravel FREE E-Commerce Software) 1.4.11 Insecure Random Number Generator in OpenSSL 1.1.1 Code Injection Vulnerability in openITCOCKPIT before 3.7.1 (RVID 1-445b21) CSRF Vulnerability in openITCOCKPIT before 3.7.1 (RVID 2-445b21) Reflected XSS Vulnerability in openITCOCKPIT before 3.7.1 (RVID 3-445b21) File Deletion Vulnerability in openITCOCKPIT before 3.7.1 (RVID 4-445b21) SSRF Vulnerability in openITCOCKPIT before 3.7.1 (RVID 5-445b21) CSRF Vulnerability in MyT Project Management 1.5.1 Allows Arbitrary Code Execution Default Credentials Vulnerability in Black Box iCOMPEL and ONELAN Net-Top-Box Arbitrary OS Command Execution in Vera Edge Home Controller 1.7.4452 via webcam.sh CodiMD 1.3.1 Safari XSS Vulnerability Reflected Cross-Site Scripting (XSS) in L-Soft LISTSERV: /scripts/wa.exe OK Parameter Vulnerability Remote Crash Vulnerability in TeamSpeak Client OS Command Execution Vulnerability in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 Double Free Vulnerability in Linux Kernel USB Driver (CVE-XXXX-XXXX) Out-of-Bounds Read Vulnerability in Linux Kernel USB DVB-USB Driver Critical Information Disclosure Vulnerability in Kaseya Virtual System Administrator (VSA) Cleartext Password Exposure in Octopus Deploy Versions 2018.8.4 to 2019.7.6 Cleartext Password Exposure in Octopus Tentacle Versions 3.0.8 to 5.0.0 Overflow Bug in x64_64 Montgomery Squaring Procedure: Limited Impact on RSA and DSA HTML Injection Vulnerability in Zoho ManageEngine Desktop Central 10 User Administration Page Local Privilege Escalation Vulnerability in GOG Galaxy Client Service Denial of Service Vulnerability in OpenWrt libuci Privacy Vulnerability: Incorrect Access Level Indication in Telegram App Allows Phone Number Discovery CSRF Token Leakage in Discourse 2.3.2 Directory Traversal Vulnerability in Cuberite (before 2019-06-11) via ....// Directory Traversal Vulnerability in jc21 Nginx Proxy Manager before 2.0.13 Directory Traversal Vulnerability in Swoole before 4.2.13 Directory Traversal Vulnerability in Power-Response Plugin (Pre-2019-02-02) Vulnerability: Insecure Default Configuration Directory in OpenSSL Directory Traversal Vulnerability in comelz Quark (before 2019-03-26) PHP Object Injection Vulnerability in Spoon Library SSL Bypass Vulnerability in LINBIT csync2 Improper Handling of GNUTLS_E_WARNING_ALERT_RECEIVED in LINBIT csync2 Arbitrary File Upload Vulnerability in CSZ CMS 1.2.3 Critical Vulnerability: Missing SSL Certificate Validation in pw3270 Terminal Emulator Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Heap-based Buffer Over-read in GNU Libextractor's DVI Extractor Plugin Cross-Site Scripting (XSS) vulnerability in CyberChef before 8.31.2 in core/operations/TextEncodingBruteForce.mjs SQL Injection Vulnerability in XENFCoreSharp's web/verify.php SQL Injection Vulnerability in Raml-Module-Builder 26.4.0's PostgresClient.update SQL Injection Vulnerability in Tasking Manager before 3.4.0 via Custom SQL SQL Injection Vulnerability in Acclaim Block Plugin for Moodle SQL Injection Vulnerability in SimpleSAMLphp Proxystatistics Module XFS Filesystem Wedge Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in MantisBT Project Documentation Feature Heap-based Buffer Overflow in CSO Filter of libMirage 3.2.2 in CDemu Denial of Service in rustls-mio TLS Server Uncontrolled Recursion in HTML DOM Tree Serialization Memory Corruption Vulnerability in slice-deque Crate Memory Exhaustion Vulnerability in Rust Protobuf Crate Ed25519 Signature Spoofing Vulnerability in libp2p-core Crate Format String Vulnerabilities in pancurses crate through 0.16.1 Format String Vulnerabilities in ncurses Crate for Rust Buffer Overflow Vulnerabilities in ncurses Crate for Rust Memory Exhaustion Vulnerability in asn1_der Crate Out-of-Bounds Read and Page Boundary Crossing Vulnerability in simd-json Crate Double Free Vulnerability in smallvec Crate Use-after-free vulnerability in libflate crate allows arbitrary code execution Uninitialized Memory Exposure in memoffset Crate Memory Corruption in SmallVec Crate: Grow Attempts with Insufficient Capacity SQL Injection Vulnerability in FredReinink Wellness-app (before 2019-06-19) SQL Injection Vulnerability in Social Network Registration Handler SQL Injection Vulnerability in XM^online 2 User Account and Authentication Server 1.0.0 via Tenant Key SQL Injection Vulnerability in XM^online 2 Common Utils and Endpoints 0.2.1 DianoxDragon Hawn SQL Injection Vulnerability SQL Injection Vulnerability in Reviews Module of OpenSource Table (before 2019-06-14) FlashLingo SQL Injection Vulnerability Incomplete Parentheses SQL Injection Vulnerability in GORM SQL Injection Vulnerability in OHDSI WebAPI FeatureExtractionService.java SQL Injection Vulnerability in Compassion Switzerland Addons for Odoo SQL Injection Vulnerability in ICOMMKT Connector for PrestaShop (Versions before 1.0.7) SQL Injection Vulnerability in Alfresco Android Application SQL Injection Vulnerability in OpenForis Arena Sorting Feature SQL Injection Vulnerability in idseq-web Allows Attackers to Manipulate tax_levels SQL Injection Vulnerability in HM Courts & Tribunals CCD Data Store API SQL Injection Vulnerability in BEdita 4.0.0-RC2 SQL Injection Vulnerability in ClonOS WEB Control Panel (before 2019-04-30) Gesior-AAC Shop.php ServiceCategoryID SQL Injection Vulnerability SQL Injection Vulnerability in Gesior-AAC (tankyou.php) Gesior-AAC Account Management SQL Injection Vulnerability Command Injection Vulnerability in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 via API Blobs Scope GitLab CE/EE Information Disclosure: Unauthorized Access to Private System Notes via GraphQL Endpoint GitLab CE/EE Information Disclosure Vulnerability: Project Milestones Disclosure via Groups Browsing Information Disclosure in GitLab Community Edition (CE) and Enterprise Edition (EE) Allows Path Disclosure in Unsubscribe Email Links Information Disclosure Vulnerability in GitLab CE and EE: Confidential Issue Assignee Disclosure via Milestones Unauthenticated User Access to Restricted Pipeline Data in GitLab IDOR vulnerability in GitLab allows unauthorized access to private group members via merge request approval rules IDOR Vulnerability in GitLab Community Edition and Enterprise Edition Allows Unauthorized Group Access Information Disclosure in GitLab API: Private Labels and Project Namespace Disclosure Markdown Input Validation Bypass Vulnerability in GitLab SAML Integration Account Takeover Vulnerability in GitLab CE and EE Cross-Site Scripting (XSS) Vulnerability in Gitlab CE/EE < 12.1.10 Mermaid Plugin Unsanitized JavaScript Vulnerability in Loofah Gem for Ruby OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) leading to Remote Code Execution (RCE) Improper Access Control Vulnerability in Gitlab Allows Blocked Users to Bypass Restrictions Vulnerability: Padding Oracle Attack in OpenSSL Access Control Issue: Disclosure of Private Merge Requests and Issues in GitLab Group Search Improper Access Control Vulnerability in GitLab <12.3.3 Allows Unauthorized Access to Container and Dependency Scanning Reports GitLab 12.2.2 and below: Guest User Privilege Escalation via Activity Timeline GitLab 12.2.3 Denial of Service Vulnerability in Issue Comments GitLab 11.8 and Later: Restricted Pipeline Details Disclosure Vulnerability Local Privilege Escalation Vulnerability in UniFi Video Controller =<3.10.6 Path Traversal Vulnerability in Statics-Server Allows Symlink-Based Attack Remote Code Execution Vulnerability in node-df v0.1.4 Remote Code Execution Vulnerability in treekill on Windows Remote Code Execution Vulnerability in tree-kill on Windows Arbitrary File Read Vulnerability in http_server Stored Cross-Site Scripting (XSS) Vulnerability in fileview package v0.1.6 Stored Cross-Site Scripting (XSS) Vulnerability in seefl v0.1.1 via Malicious Filename in Directory Listing X.509 Certificate Validation Vulnerability in Node.js 10, 12, and 13 HTTP Request Smuggling Vulnerability in Node.js 10, 12, and 13: Malicious Payload Delivery via Malformed Transfer-Encoding Trailing White Space Bypass Vulnerability in Node.js HTTP Header Value Comparisons Stored XSS Vulnerability in Node-RED (<= 0.20.7): Exploiting IoT Wiring Tool TOCTOU Vulnerability in Yarn < 1.19.0: Cache Pollution Attack via Package Integrity Validation Command Injection Vulnerability in kill-port-process Package (Version < 2.2.0) Access Retention Vulnerability in Circles App 0.17.7 Insecure Data Leakage in iOS App 2.23.0: Login and Token Exposure in Nextcloud Services Password Reset Bug in Nextcloud Server 15.0.2 Allows Expired 2FA Logins to Persist File Extension-Based Workflow Vulnerability in Nextcloud Server 17.0.1 XSS Vulnerability in iOS App 2.24.4 due to Missing Sanitization Time Bypass Vulnerability in Android App 3.9.0 Dangling Remote Share Attempts in Nextcloud 16: A DNS Pollution Vulnerability Security Vulnerability: Unauthorized Second Factor Setup in Nextcloud Server 17.0.0 Reflected XSS Vulnerability in Nextcloud 15.0.5 Updater Cross-Site Scripting (XSS) Vulnerability in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3, and Nextcloud Deck 0.6.5 Improper Access Control in Nextcloud Talk 6.0.3: Leakage of Private Conversation Existence and Names via Projects Feature Improper Permissions Preservation in Nextcloud Server 16.0.1: Sharees Able to Reshare with Write Permissions via Public Link Information Disclosure Vulnerability in Nextcloud Android App 3.6.0 Information Leakage in Nextcloud Server 16.0.1: Sending Domain and User IDs to Disabled Lookup Server Group Admins Can Create Users with IDs of System Folders in Nextcloud Server 15.0.7 Memory Usage Vulnerability in Trend Micro Password Manager 3.8 Clear Text Transmission of Initial LDAP Communication in Deep Security Manager Application Arbitrary File Delete Vulnerability in Trend Micro Deep Security Agent for Windows DLL Hijacking Vulnerability in Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) FLAG_MISUSE Vulnerability in Trend Micro Password Manager for Android: Information Sharing with Third-Party Apps Bleichenbacher Padding Oracle Attack on RSA Encryption in OpenSSL Remote File Read Vulnerability in MuleSoft Components Arbitrary Code Execution Vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x Unencrypted Password Disclosure in Grafana 5.4.0 Tableau Products XXE Vulnerability: Information Disclosure and DoS Risk Uncontrolled Search Path Element in COPA-DATA zenon Editor 8.10 Remote Crash Vulnerability in Sangoma Asterisk 13.28.0 and 16.5.0 Limesurvey Image Upload Vulnerability Authenticated XXE Vulnerability in Webmin's xmlrpc.cgi Authenticated Remote Code Execution in Webmin through rpc.cgi XSS Vulnerability in Ultimate-FAQs Plugin for WordPress (Version < 1.8.22) Stored XSS Vulnerability in Zoho-SalesIQ Plugin for WordPress CSRF Vulnerability in Zoho-SalesIQ Plugin for WordPress SQL Injection Vulnerability in rsvpmaker Plugin for WordPress Remote Code Execution Vulnerability in Groundhogg Plugin for WordPress Insufficient Restrictions on Deleting or Renaming Vulnerability in insert-or-embed-articulate-content-into-wordpress Plugin Insufficient File Upload Restrictions in insert-or-embed-articulate-content-into-wordpress Plugin Arbitrary JavaScript and HTML Injection in PAN-OS External Dynamic Lists Insufficient Restrictions on Option Changes in stops-core-theme-and-plugin-updates Plugin for WordPress Heap-Based Buffer Over-read in DecodeCertExtensions in wolfSSL 4.1.0 Client-side code injection vulnerability in NSSLGlobal SatLink VSAT Modem Unit (VMU) web interface before 18.1.0 Insecure Authentication Mechanism in Comba AP2600-I Devices: Password Disclosure Vulnerability Password Disclosure Vulnerability in Comba AC2400 Devices D-Link DSL-2875AL Password Disclosure Vulnerability Information Disclosure Vulnerability in D-Link DSL-2875AL and DSL-2877AL Devices Arbitrary Code Execution in eslint-utils (<=1.4.1) via getStaticValue Function SQL Injection Vulnerability in connect-pg-simple before 6.0.1 SQL Injection Vulnerability in Pie-Register Plugin for WordPress (Versions prior to 3.1.2) Arbitrary JavaScript and HTML Injection in PAN-OS Management Web Interface CSRF Vulnerability in wp-members Plugin for WordPress Stack-based Buffer Overflow in Rivet Killer Control Center (CVE-2021-XXXX) Arbitrary Read Privilege Escalation in Rivet Killer Control Center Out-of-Bounds Read Privilege Escalation in Rivet Killer Control Center (Issue 1 of 2) Out-of-Bounds Read Privilege Escalation in Rivet Killer Control Center Arbitrary Write Primitive Vulnerability in Rivet Killer Control Center Out-of-Bounds Array Access in __xfrm_policy_unlink Leading to Denial of Service Arbitrary Code Execution in Expedition Migration Tool 1.1.6 and Earlier Heap Buffer Overflow in TightVNC Code Version 1.3.10: Remote Code Execution Vulnerability Heap Buffer Overflow in TightVNC Code Version 1.3.10: Potential Code Execution via Network Connectivity Palo Alto Networks Demisto 4.5 XSS Vulnerability Null Pointer Dereference Vulnerability in TightVNC 1.3.10: Exploitable DoS via Network Connectivity Memory Leak Vulnerability in LibVNC Server Code (CWE-655) Out-of-Bound Access Read Vulnerabilities in RDesktop 1.8.4 Leading to Denial of Service (DoS) Stack Buffer Overflow Vulnerability in TurboVNC Server Code Remote Unauthorized Access Vulnerability in Kaspersky Protection Extension for Google Chrome Remote Disabling of Security Features in Kaspersky Products: Bypass Vulnerability Remote Disabling of Anti-Virus Protection Features: A Critical Vulnerability in Kaspersky Security Products Remote Information Disclosure Vulnerability in Kaspersky Security Products Inadequate User Notification of Untrusted Site Redirect Vulnerability Local Privilege Escalation Vulnerability in Kaspersky Security Products Arbitrary Code Execution in Expedition Migration Tool User Mapping Settings Stack Use-After-Return Vulnerability in TigerVNC Heap Buffer Overflow in TigerVNC Version Prior to 1.10.1: Remote Code Execution Vulnerability Heap Buffer Overflow in TigerVNC Version Prior to 1.10.1: Remote Code Execution Vulnerability Heap Buffer Overflow in TigerVNC 1.10.1 and Earlier: Remote Code Execution Stack Buffer Overflow in TigerVNC Prior to 1.10.1: Remote Code Execution Sensitive Value Exposure in Octopus Deploy 2019.7.3 through 2019.7.9 Memory Access Vulnerability in Suricata 4.1.4 Arbitrary Code Execution in Expedition Migration Tool 1.1.8 and Earlier HTML Injection Vulnerability in Frappe Framework 12 through 12.0.8 Arbitrary OS Command Execution via HelpModal.jsx in BloodHound 2.2.0 Denial-of-Service Vulnerability in RIOT TCP Implementation Insufficient Entropy in PRNG Vulnerability in Fortinet FortiOS for FortiGate VM Models Clear Text Storage of Sensitive Information Vulnerability in FortiClient for Mac FortiOS SSL VPN Portal Denial of Service Vulnerability Improper Access Control Vulnerability in FortiMail Admin WebUI Command Injection Vulnerability in FortiAP-S/W2, FortiAP, and FortiAP-U CLI Admin Console Unauthorized File Overwrite Vulnerability in FortiAP-S/W2 and FortiAP-U CLI Admin Console Arbitrary Code Execution Vulnerability in Expedition Migration Tool 1.1.8 and Earlier FortiExtender CLI Admin Console OS Command Injection Vulnerability Privilege Escalation Vulnerability in FortiClient for Linux 6.2.1 and Below via Specially Crafted IPC Requests Improper Access Control Vulnerability in FortiMail Admin WebUI XSS Vulnerability in my-calendar Plugin for WordPress (<=3.1.10) Directory Traversal Vulnerability in Entropic CLI Post Authentication Command Injection in MantisBT: Remote Code Execution Vulnerability Insecure Permissions in WTF Before 0.19.0 Use-after-free vulnerability in Irssi 1.2.x before 1.2.2 with double CAP Privilege Escalation via Unrestricted D-Bus Access in systemd-resolved Privilege Escalation in Altair PBS Professional through 19.1.2 via Insecure Message Authentication Unauthenticated Remote Access to PHP Files in PAN-OS 9.0.0 Local Privilege Escalation via Pre or Post Backup Action in CloudBerry Backup v6.1.2.34 Unauthorized Access to Group Runner Settings GitLab Markdown Resource Exhaustion Vulnerability Bypassing Push Rules via Email Merge Requests in GitLab HTML Injection Vulnerability in GitLab Label Descriptions IDOR Vulnerability in GitLab Epic Notes API: Disclosure of Private Milestones, Labels, and Other Information Arbitrary Server Disclosure Vulnerability in GitLab Community and Enterprise Edition Insufficient Permission Checks in GitLab CI Results Display Insufficient SSRF Protection in GitLab Kubernetes Integration Unintentional Disclosure of Last Pipeline Information in GitLab Vulnerability in GlobalProtect Agent Allows Session Token Spoofing SSRF Vulnerability in GitLab Jira Integration Allows Unauthorized Network Access Unauthorized Commenting on Merge Requests in GitLab Project Import API Bypasses Visibility Restrictions in GitLab Community and Enterprise Edition 12.2 through 12.2.1 Default Branch Name Exposure Vulnerability Unauthorized Access to Commit Titles and Team Member Comments Denial of Service Vulnerability in GitLab CI Pipelines Improper Authentication and Session Management in GitLab Community and Enterprise Edition through 12.2.1 Disclosure of Merge Request IDs via Email in GitLab Community and Enterprise Edition 12.0 through 12.2.1 XSS Vulnerability in GitLab Community and Enterprise Edition 8.1 through 12.2.1 Arbitrary Code Execution through Cross-Site Scripting (XSS) in Palo Alto Networks Expedition Migration Tool EXIF Geolocation Data Exposure in GitLab Community and Enterprise Edition Privilege Escalation Vulnerability in GitLab Omnibus through 12.2.1 Poly Plantronics Hub Local Privilege Escalation Vulnerability Confused Deputy Attack Vulnerability in Sony Xperia Touch Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Sony Xperia XZs Android Device Hardcoded AES 256 Bit Key Vulnerability in Eques Elf Smart Plug Arbitrary PHP Command Injection in SITOS six Build v6.2.1 Insufficient Server-Side Checks Allow Unauthorized Role Escalation in SITOS six Build v6.2.1 Unauthenticated File Upload and Code Execution in SITOS six Build v6.2.1 Password and Email Change Vulnerability in SITOS six Build v6.2.1 Privilege Escalation and API Key Extraction Vulnerability in PAN-OS Cross-Site Scripting (XSS) Vulnerability in SITOS six Build v6.2.1 Blog Function Unrestricted File Upload Vulnerability in SITOS six Build v6.2.1 Privilege Escalation via Trojan Horse Docker Credential OpenStack os-vif Vulnerability: MAC Learning Bypass and Packet Viewing in Linuxbridge NULL Pointer Dereference Vulnerability in libMirage 3.2.2 CDemu NRG Parser Missing Validation Rules in asmjs/asmangle.cpp Leading to Assertion Failure in wasm/wasm.cpp NULL Pointer Dereference in Binaryen 1.38.32: Denial-of-Service Vulnerability Remote Command Injection Vulnerability in PAN-OS 9.0.2 and Earlier Authenticated Remote Code Execution in KSLABS KSWEB Android Application Stack-based Buffer Overflow in GNU Chess 6.2.5 via Crafted EPD File CSRF Vulnerability in handl-utm-grabber Plugin for WordPress Arbitrary Code Injection Vulnerability in Palo Alto Networks Traps 5.0.5 and Earlier Unprotected Save Calls in woo-address-book Plugin for WordPress Vulnerability: Siteurl Modification via nopriv_ AJAX Action in nd-shortcodes Plugin WordPress nd-donations Plugin 1.4 and Earlier: Siteurl Modification Vulnerability WordPress nd-travel Plugin 1.7 Vulnerability: Unauthorized Modification of siteurl Setting via nopriv_ AJAX Action Vulnerability: Siteurl Modification via nd-booking Plugin AJAX Action Vulnerability: Siteurl Modification via nd-learning Plugin AJAX Action Vulnerability: 301 Redirect Rule Injection via CSV File in Simple 301 Redirects Addon Bulk Uploader Plugin XSS Vulnerability in shapepress-dsgvo Plugin for WordPress XSS Vulnerability in woo-variation-gallery Plugin for WordPress Lack of Nonce Validation in Insta-Gallery Plugin for WordPress Cross-Site Scripting Vulnerability in Palo Alto Networks MineMeld Version 0.9.60 and Earlier Unsafe Deserialization Vulnerability in Formidable Plugin for WordPress CSRF Vulnerability in Facebook-by-Weblizar Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in WebTorrent HTTP Server Buffer Overflow Vulnerability in Lute-Tab's pdf_print.cc (Pre-2019-08-23) CSndUList Array Overflow in Secure Reliable Transport (SRT) 1.3.4 with Multiple Connections Buffer Overflow in PrefsUI_LoadPrefs in FontForge 20190813-20190820 Buffer Overflow Vulnerability in ROBOTIS Dynamixel SDK through 3.7.11 Integer Overflow Vulnerability in libZetta.rs (Version 0.1.2) Leads to Panic in zpool Parser Integer Overflow in Clara Genomics Analysis: Vulnerability in cudapoa Memory Management Privilege Escalation Vulnerability in MicroK8s Allows Root Access via Privileged Container Vulnerability: Remote Code Execution in PAN-OS with GlobalProtect Interface Privilege Escalation via Apport's /proc/pid Information Disclosure Vulnerability ShiftFS File Descriptor Reference Underflow Vulnerability ShiftFS Privilege Escalation Vulnerability Shiftfs Vulnerability: Bypassing Discretionary Access Control Permissions Refcount Underflow Vulnerability in Overlayfs and Shiftfs Insecure MD5 Checksum Verification in python-apt Unsigned Repository Download Vulnerability in Python-apt Privilege Escalation Vulnerability in Zyxel GS1900 Devices Remote Memory Corruption Vulnerability in PAN-OS Versions 7.1.24 and Earlier, 8.0.19 and Earlier, 8.1.9 and Earlier, and 9.0.3 and Earlier Arbitrary Command Execution Vulnerability in Zyxel GS1900 Devices Zyxel GS1900 Firmware Password Encryption Vulnerability Hardcoded Cryptographic Key Vulnerability in Zyxel GS1900 Devices Undocumented Diagnostics Shell with Remote Access Control Bypass on Zyxel GS1900 Devices Undocumented Menu Access for Password Recovery on Zyxel GS1900 Devices Authentication Bypass Vulnerability in CommScope ARRIS TR4400 Devices Authentication Bypass Vulnerability in CommScope ARRIS TR4400 Devices Memory Leak and Denial of Service Vulnerability in Linux Kernel SAS Expander Discovery Timing Side Channel Vulnerability in Athena SCS Smart Cards Critical Remote Code Execution Vulnerability in PAN-OS SSH Management Interface Reflected XSS Vulnerability in Netdisco 2.042010 Device Search Cross-Site Scripting (XSS) Vulnerability in DomainMOD through 4.13 Arbitrary Code Execution via File Upload Bypass in Sentrifugo 3.2 Stored XSS Vulnerabilities in Sentrifugo 3.2: Exploiting Arbitrary Web Script Injection Unauthenticated Access Control Bypass in ZyXEL P-1302-T10D v3 Firmware 2.00(ABBX.3) and Earlier Vulnerability: Lack of Protection Against Option Changes in wp-private-content-plus Plugin XSS Vulnerability in easy-property-listings Plugin for WordPress Unauthenticated Access to Bulk Export and Clear List Actions in Simple 301 Redirects Addon Unauthenticated Access to nd-restaurant-reservations Plugin in WordPress Arbitrary Memory Corruption Vulnerability in PAN-OS Versions 8.1.9 and Earlier, and 9.0.3 and Earlier Unauthenticated Access to lolmi_save_settings in Login-or-Logout-Menu-Item Plugin Vulnerability: Lack of Protection for Modifying Settings and Importing Data in Bold Page Builder Plugin for WordPress Directory Traversal Vulnerability in wps-child-theme-generator Plugin Bypassing Action=Confirmaction Protection in WPS-Hide-Login Plugin for WordPress Adminhash Protection Bypass in WPS Hide Login Plugin for WordPress Bypassing Action=rp&key&login Protection in WPS-Hide-Login Plugin Protection Bypass Vulnerability in wps-hide-login Plugin for WordPress XSS Vulnerability in OneSignal-Free-Web-Push-Notifications Plugin for WordPress CSRF Vulnerability in One-Click-SSL Plugin for WordPress XSS Vulnerability in Photoblocks-Grid-Gallery Plugin for WordPress Privilege Escalation Vulnerability in Palo Alto Networks Twistlock Console Icegram Plugin for WordPress 1.10.29: ig_cat_list XSS Vulnerability CSRF Vulnerability in Visitors Traffic Real-Time Statistics Plugin for WordPress CSRF Vulnerability in Visitors Traffic Real-Time Statistics Plugin for WordPress Reflected XSS Vulnerability in simple-mail-address-encoder Plugin for WordPress CSRF Vulnerability in webp-converter-for-media Plugin for WordPress CSRF Vulnerability in wp-better-permalinks Plugin for WordPress Stored XSS Vulnerability in wp-ultimate-recipe Plugin for WordPress Stored XSS Vulnerability in webp-express Plugin for WordPress Reflected XSS Vulnerability in Custom-404-Pro Plugin for WordPress Local File Inclusion Vulnerability in Sina Extension for Elementor Plugin Remote Code Execution Vulnerability in Zingbox Inspector Version 1.293 and Earlier CSRF Vulnerability in Facebook-for-WooCommerce Plugin for WordPress CSRF Vulnerability in Facebook-for-WooCommerce Plugin for WordPress XSS Vulnerability in easy-pdf-restaurant-menu-upload Plugin for WordPress Xiaomi Millet Mobile Phones 1-6.3.9.3: Man-in-the-Middle File Upload Vulnerability Path Checking Vulnerability in Ruby's File.fnmatch Functions Remote Code Execution via Trailing Backslash in Exim Optimization Vulnerability in POWER9 Backend of GCC: Reduced Entropy in __builtin_darn Calls Cross-Site Scripting (XSS) Vulnerability in JetBrains TeamCity 2019.1 and 2019.1.1 Session Fixation Vulnerability in eQ-3 HomeMatic CCU3 Firmware 3.41.11 Privilege Escalation Vulnerability in Cisco Nexus 9000 Series ACI Mode Switch Software Remote Code Execution in eQ-3 HomeMatic CCU3 Firmware Version 3.41.11 via ReGa.runScript Method Privilege Escalation Vulnerability in Maarch RM 2.5 Path Traversal Vulnerability in Maarch RM 2.5 Allows Remote File Overwrite and Denial of Service Unauthenticated Options Import Vulnerability in Woody Ad Snippets Plugin for WordPress Password Disclosure Vulnerability in Socomec DIRIS A-40 Devices Insecure Removal of Encryption Keys in Cisco APIC Software: Local Access Vulnerability SIGSEGV vulnerability in Xpdf 2.00's XRef::constructXRef in XRef.cc File Upload Vulnerability in CKFinder Unintended Account Creation Vulnerability in ConvertPlus Plugin for WordPress XSS Vulnerability in Breadcrumbs-by-Menu Plugin for WordPress CSRF Vulnerability in Breadcrumbs-by-Menu Plugin for WordPress Arbitrary File Upload Vulnerability in Crelly Slider Plugin for WordPress Hardcoded Password Vulnerability in Slick-Popup Plugin for WordPress CSRF Vulnerability in Affiliates-Manager Plugin for WordPress Stored XSS Vulnerability in JobCareer WordPress Theme (Version 2.5.1 and below) Information Disclosure Vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI Mode Stored XSS Vulnerability in CarSpot WordPress Theme Unauthenticated Settings Update Vulnerability in LoginPress Plugin for WordPress SQL Injection Vulnerability in LoginPress Plugin for WordPress Remote Code Execution in ProfileGrid User Profiles, Groups, and Communities Plugin for WordPress Incomplete Packet Data Validation Vulnerability in FreeBSD 12.1-STABLE, 12.1-RELEASE, 11.3-STABLE, and 11.3-RELEASE Stack Data Leakage in FreeBSD 12.1-STABLE and Earlier Versions Privilege Escalation Vulnerability in FreeBSD oce Network Driver Privilege Escalation in FreeBSD ixl Network Driver Use-After-Free Vulnerability in SCTP-AUTH Shared Key Update in FreeBSD Race Condition in FreeBSD Cryptodev Module Allows Arbitrary Kernel Memory Overwrite Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability Kernel Panic Vulnerability in FreeBSD 12.1-STABLE and 12.1-RELEASE XSS Vulnerability in WordPress Download-Manager Plugin via Category Shortcode Feature Trusted Platform Module (TPM) Vulnerability in Cisco Nexus 9000 Series Fabric Switches Allows Unauthorized Access to Sensitive Information Use-After-Free Vulnerability in libslirp 4.0.0: ip_reass in ip_input.c Misleading Documentation Regarding Content Sniffing Protection in CKFinder HTTP/1 Parsing Failure Denial of Service Vulnerability in Varnish Cache Remote Code Execution in Sonatype Nexus Repository Manager 2.x before 2.14.15 ESP-IDF Vulnerability: Fault Injection Bypasses Secure Boot Digest Verification Unauthenticated Options Changes in Search Exclude Plugin for WordPress Unauthenticated Options Import Vulnerability in LifterLMS Plugin for WordPress Authentication Bypass in BeeGFS-CTL via Communication with Metadata Server Reflected XSS Vulnerability in Nagios Log Server Login Page Insecure TLS Client Authentication Vulnerability in Cisco Nexus 9000 Series ACI Mode Switch Software Uninitialized Variable in Slicer69 doas Allows Command Execution as Root Improper Group ID Handling in slicer69 doas before 6.2 on Certain Platforms Backporting Error Reintroduces Spectre Vulnerability in Linux Kernel Heap-based Buffer Over-read in libexpat XML Parser Escape from Restricted Shell: Cisco Nexus 9000 Series ACI Mode Switch Software Vulnerability ZigBee Network Discovery Denial of Service Vulnerability Insecure Key Transport in ZigBee PRO: Vulnerability Exploitation and Device Takeover ZigBee Trust Center Rejoin Procedure Vulnerability on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 Devices Insecure Key Transport in Xiaomi Smart Home Devices: Exploiting ZigBee Communication Vulnerability Multiple Denial of Service Vulnerabilities in Xiaomi ZigBee Devices Denial of Service Vulnerability in Xiaomi ZigBee Devices Memory Leak in register_queue_kobjects() in net/core/net-sysfs.c Use-after-free vulnerability in hci_uart_set_proto() in Linux kernel before 5.0.5 Out-of-Bounds Read Vulnerability in Linux Kernel's SMB2_negotiate Function Use-after-free vulnerability in SMB2_write in Linux kernel before 5.0.10 Privilege Escalation Vulnerability in Cisco Nexus 9000 Series ACI Mode Switch Software Use-after-free vulnerability in SMB2_read in Linux Kernel before 5.0.10 Memory Leak in genl_register_family() in Linux Kernel NULL Pointer Dereference in drivers/block/paride/pf.c NULL Pointer Dereference in drivers/block/paride/pf.c NULL pointer dereference in fm10k_init_module due to alloc_workqueue failure Out of Bounds Access Vulnerability in hclge_tm_schd_mode_vnet_base_cfg Function Out of Bounds Access Vulnerability in ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx Functions Out-of-Bounds Access in build_audio_procunit Function in Linux Kernel Unlimited Brute Force Vulnerability in Craft CMS Elevated Session Password Prompt Privilege Escalation Vulnerability in Cisco NX-OS Software's Bash Shell Implementation Clickjacking Vulnerability in Intesync Solismed 3.3sp Intesync Solismed 3.3sp Directory Traversal Vulnerability Intesync Solismed 3.3sp Incorrect Access Control Vulnerability SQL Injection Vulnerability in Intesync Solismed 3.3sp CSRF Vulnerability in Intesync Solismed 3.3sp XSS Vulnerability in Intesync Solismed 3.3sp Insecure File Upload Vulnerability in Intesync Solismed 3.3sp Remote Buffer Overflow in Pengutronix Barebox through 2019.08.1: Exploiting a memcpy Vulnerability in nfs_readlink_reply Remote Buffer Overflow in Pengutronix Barebox through 2019.08.1: Exploiting a memcpy Vulnerability in nfs_readlink_req Divide-by-Zero Error in cv::HOGDescriptor::getDescriptorSize Denial of Service Vulnerability in Cisco NX-OS Software 802.1X Implementation Critical Security Vulnerability: Unauthenticated Root Access via TELNET in Victure PC530 Devices OpenID Connect Issuer Bypass Vulnerability in LemonLDAP::NG 2.x through 2.0.5 Uninitialized Value Vulnerability in FFmpeg's h2645_parse Remote Code Execution and Denial of Service Vulnerability in Counter-Strike: Global Offensive vphysics.dll HTML Injection Vulnerability in Counter-Strike: Global Offensive Community Game Servers Out-of-Bounds Access Vulnerability in OpenSC's decode_bit_string Function Out-of-Bounds Access Vulnerability in OpenSC before 0.20.0-rc1 Unencrypted Wallet.dat Data Exposure in Bitcoin Core 0.18.0 Buffer Overflow Vulnerability in Texas Instruments CC256x and WL18xx Dual-Mode Bluetooth Controllers Remote Command Execution as Root in Nagios XI Fibre Channel over Ethernet (FCoE) Protocol Denial of Service Vulnerability XSS Vulnerability in Redmine CRM Plugin 4.2.4 via Crafted vCard Data Path Traversal and Remote Command Execution in Total.js CMS 12.0.0 Vertical and Horizontal Privilege Escalation in Total.js CMS 12.0.0 Total.js CMS 12.0.0 - Remote Command Execution (RCE) via Malicious Widget Session Cookie Brute Force Vulnerability in Total.js CMS 12.0.0 Unauthorized System Reset Vulnerability in Cisco Web Security Appliance (WSA) Arbitrary Command Injection Vulnerability in Cisco Small Business RV Series Routers Remote Code Execution Vulnerability in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Arbitrary Command Execution Vulnerability in Cisco Small Business SPA500 Series IP Phones Privilege Escalation Vulnerability in Cisco NX-OS Software for Bash Shell Privilege Escalation in Cisco Webex Network Recording Admin Page Denial of Service Vulnerability in Clam AntiVirus (ClamAV) Software Improper Permission Assignment in Cisco TelePresence Collaboration Endpoint (CE) Software Allows Local Attackers to Write Files to /root Directory Information Disclosure Vulnerability in Cisco Unified Communications Manager Web Interface Cisco TelePresence Advanced Media Gateway Web Application Denial of Service Vulnerability Unauthenticated Audio Recording Vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Domain Manager Cisco Web Security Appliance (WSA) Cross-Site Scripting (XSS) Vulnerability Multiple Denial of Service (DoS) Vulnerabilities in Cisco FXOS and NX-OS Software MP3 File Validation Vulnerability in Cisco Email Security Appliance Allows Bypass of Content Filters SQL Injection Vulnerability in Cisco Unified Communications Manager Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Industrial Network Director (IND) Web Interface Title: Cisco Managed Services Accelerator (MSX) Web Interface Open Redirect Vulnerability Authentication Bypass Vulnerabilities in Cisco Data Center Network Manager (DCNM) Authentication Bypass Vulnerabilities in Cisco Data Center Network Manager (DCNM) Authentication Bypass Vulnerabilities in Cisco Data Center Network Manager (DCNM) Arbitrary Command Injection Vulnerabilities in Cisco Data Center Network Manager (DCNM) API Endpoints Arbitrary Command Injection Vulnerabilities in Cisco Data Center Network Manager (DCNM) API Endpoints Vulnerability in LDAP Implementation in Cisco FXOS and NX-OS Software Directory Traversal Vulnerabilities in Cisco Data Center Network Manager (DCNM) Directory Traversal Vulnerabilities in Cisco Data Center Network Manager (DCNM) Directory Traversal Vulnerabilities in Cisco Data Center Network Manager (DCNM) Cisco Data Center Network Manager (DCNM) SOAP API XXE Vulnerability Arbitrary SQL Command Execution Vulnerabilities in Cisco Data Center Network Manager (DCNM) API Endpoints Arbitrary SQL Command Execution Vulnerabilities in Cisco Data Center Network Manager (DCNM) API Endpoints Arbitrary Command Injection Vulnerability in Cisco Unity Express CLI Missing CAPTCHA Protection in Cisco Webex Centers: Username Guessing Vulnerability Bypassing URL Reputation Filters in Cisco Email Security Appliance Cisco IOS XR Software BGP Attribute Processing Denial of Service Vulnerability Cisco NX-OS Software Network Stack Denial of Service Vulnerability Unauthenticated Remote Information Disclosure in Cisco Small Business RV Series Routers Lua Interpreter Heap Overflow Vulnerability in Cisco ASA and FTD Software Unauthenticated Remote Access Vulnerability in Cisco Small Business Switches Cross-Site Scripting (XSS) Vulnerability in Cisco Stealthwatch Enterprise Web Interface Arbitrary SQL Query Execution Vulnerability in Cisco DNA Spaces: Connector Privilege Escalation Vulnerability in Cisco DNA Spaces: Connector Command Injection Vulnerability in Cisco DNA Spaces: Connector NETCONF over SSH Access-Control Logic Vulnerability in Cisco IOS XR Software Unauthorized Access to JBoss EAP via Cisco DCNM Vulnerability Vulnerability in File System Permissions of Cisco FXOS and NX-OS Software Cisco Umbrella Roaming Client for Windows: Unauthorized Application Installation Vulnerability Local DLL Hijacking Vulnerability in Cisco Webex Teams for Windows Cross-Site Request Forgery (CSRF) Vulnerability in Cisco SD-WAN Solution's vManage Web UI Cisco UCS Director Web Interface Log File Download Vulnerability Unauthenticated Remote Bypass Vulnerability in Cisco Vision Dynamic Signage Director REST API Arbitrary Command Execution Vulnerability in Cisco Webex Video Mesh Vulnerability in Cisco AnyConnect Secure Mobility Client for Android Allows Service Hijack Attack and DoS Cross-Site Scripting (XSS) Vulnerability in Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Title: Cisco IOS and IOS XE Software Web UI CSRF Vulnerability Vulnerability: Filesystem Permissions Misconfiguration in Cisco NX-OS Software Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software Arbitrary Command Injection Vulnerability in Cisco IOS XE SD-WAN Software SQL Injection Vulnerability in Cisco SD-WAN Solution vManage Software Cisco Data Center Analytics Framework: Reflected XSS Vulnerability in Web-based Management Interface Insecure Direct Object Reference Vulnerability in Cisco Unified Customer Voice Portal (CVP) OAMP OpsConsole Server Cisco IOS XR Software BGP EVPN Denial of Service Vulnerability Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Vulnerability: Privilege Escalation via Improper Filesystem Permissions in Cisco NX-OS Software Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Cross-Site Scripting (XSS) Vulnerability in Cisco Crosswork Change Automation Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Emergency Responder Web Framework Denial of Service Vulnerability in Cisco Mobility Management Entity (MME) via SCTP Traffic Cisco IOS XR Software IS-IS Denial of Service Vulnerability Cisco Firepower Management Center (FMC) LDAP Authentication Bypass Vulnerability API Vulnerability in Cisco Smart Software Manager On-Prem Allows Unauthorized Modification of User Account Information and Denial of Service Privilege Escalation Vulnerability in Cisco NX-OS Software Elevated Privileges Vulnerability in Cisco NX-OS Software Vulnerability in Cisco NX-OS Software Allows Arbitrary Code Execution Multiple @ Characters in Email Addresses Parsing Vulnerability Remote Command Injection Vulnerability in D-Link DNS-320 through 2.05.B10 Login Manager Buffer Overflow Vulnerability in pam_p11 Component of OpenSC CSRF Vulnerability in Sentrifugo 3.2 Allows Arbitrary Code Execution Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Airbrake Ruby Notifier 4.2.3 Vulnerability: Unauthorized Disclosure of Passwords Weak Permissions on NETSAS Enigma NMS Server Allow Unauthorized Access and Modification Unencrypted Sensitive Data Exposure in NETSAS Enigma NMS 65.0.0 and Prior Unencrypted Sensitive Data Exposure in NETSAS Enigma NMS 65.0.0 and Prior Directory Traversal Vulnerability in NETSAS Enigma NMS 65.0.0 and Prior Remote SQL Injection Vulnerability in Enigma NMS 65.0.0 and Prior Versions Unrestricted File Upload Vulnerability in NETSAS Enigma NMS 65.0.0 and Prior Weak Authentication Vulnerability in NETSAS Enigma NMS 65.0.0 and Prior CSRF Vulnerability in NETSAS ENIGMA NMS Version 65.0.0 and Prior Stored Cross-site Scripting (XSS) Vulnerabilities in NETSAS Enigma NMS 65.0.0 and Prior through SNMP Protocol Injection Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Stored Cross-site Scripting (XSS) Vulnerabilities in NETSAS Enigma NMS 65.0.0 and Prior Versions Privilege Escalation Vulnerability in Enigma NMS 65.0.0 and Prior OS Command Injection Vulnerability in NETSAS Enigma NMS 65.0.0 and Prior Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Xpdf 3.04 Vulnerability: SIGSEGV in XRef::fetch Unchecked Return Value in nbd_genl_status Function in Linux Kernel Vulnerability in Cisco NX-OS CLI Allows Arbitrary Command Execution Out-of-Bounds Read Vulnerability in Symonics libmysofa 0.7 NULL Pointer Dereference in getHrtf in libmysofa 0.7 Invalid Write Vulnerability in Symonics libmysofa 0.7 Invalid Read Vulnerability in Symonics libmysofa 0.7 Invalid Read Vulnerability in Symonics libmysofa 0.7's getDimension Function Heap-Based Buffer Overflow in Kilo 0.0.1 Due to Integer Overflow in Tab Calculation User Registration Bypass Vulnerability in Harbor 1.7.0 through 1.8.2 Privilege Escalation and Code Execution Vulnerability in Micro-Star MSI Afterburner 4.6.2.15658 CSRF Vulnerability in Silver Peak EdgeConnect SD-WAN (Before 8.1.7.x) via JSON Data to .swf File Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Silver Peak EdgeConnect SD-WAN Web-Interface Outage Vulnerability Information Disclosure Vulnerability in Silver Peak EdgeConnect SD-WAN (CVE-2021-12345) Silver Peak EdgeConnect SD-WAN SNMP Service Public Value Vulnerability Privilege Escalation via spsshell Feature in Silver Peak EdgeConnect SD-WAN Reflected XSS Vulnerability in Silver Peak EdgeConnect SD-WAN (CVE-2021-12345) Directory Traversal Vulnerability in Silver Peak EdgeConnect SD-WAN (CVE-2021-XXXX) Unauthenticated Password Change Vulnerability in Humanica Humatrix 7 Recruitment Module CSRF Vulnerability in phpBB 3.2.7 Allows Unauthorized Deletion of Post Attachments Arbitrary CSS Injection Vulnerability in phpBB 3.2.7 Account Confirmation Bypass in Plataformatec Devise Arbitrary Command Execution Vulnerability in Cisco NX-OS and FXOS Software Remote Code Execution Vulnerability in Blade Shadow Network Protocol Remote Code Execution in TylerTech Eagle 2018.3.11 via Deserialization Vulnerability Remote Code Execution in Bludit 3.9.2 via File Upload Vulnerability Unauthenticated Remote Code Execution in ATutor 2.2.4 Stack-based Buffer Under-read Vulnerability in Xpdf 4.01.01 Information Exposure in Bootstrap.log File Allows Administrator Password Hash Retrieval XSS Vulnerability in 10Web Photo Gallery Plugin for WordPress XSS Vulnerability in 10Web Photo Gallery Plugin for WordPress SQL Injection Vulnerability in 10Web Photo Gallery Plugin for WordPress (<=1.5.35) Arbitrary Command Execution Vulnerability in Cisco NX-OS Software CSV Injection in Event Tickets Plugin for WordPress Local File Disclosure Vulnerability in Kartatopia PilusCart 1.4.1 Unrestricted Access to Configuration File in YouPHPTube 7.4 SQL Injection Vulnerability in Jobberbase 2.0's public/page_subscribe.php Stored Cross-Site Scripting Vulnerability in Grav through 1.6.15 via JavaScript Execution in SVG Images Integer Overflow Vulnerability in Atmel Advanced Software Framework (ASF) 4 Buffer Overflow Vulnerability in Microchip CryptoAuthentication Library CryptoAuthLib (Issue 1 of 2) Buffer Overflow Vulnerability in Microchip CryptoAuthentication Library CryptoAuthLib (Issue 2 of 2) Arbitrary Command Execution Vulnerability in Cisco NX-OS Software XSS Vulnerability in YII2-CMS v1.0 Contact Form Arbitrary File Upload Vulnerability in OKLite v1.2.25 Arbitrary File Deletion Vulnerability in OKLite v1.2.25 Session Hijacking Vulnerability in eteams OA v4.0.34 Rust Spin Crate RwLock Mutual Exclusion Violation Vulnerability Use-after-free vulnerability in HDR image format decoder in image crate before 0.21.3 Generativity Mishandling in compact_arena Crate: Out-of-Bounds Read/Write Vulnerability Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Use-after-free vulnerability in chttp crate before 0.1.3 Panic During Initialization of Lazy in once_cell Crate Thread-safety vulnerability in renderdoc crate before 0.5.0 Incorrect Block Sizes in BLAKE2b and BLAKE2s Algorithms with HMAC Uninitialized Memory Usage in Generator Crate API Calls XSS Vulnerability in Breadcrumbs Contributed Module for Padrino Framework Cross-Site Scripting (XSS) Vulnerability in Gophish 0.8.0 via Username Cross-Site Scripting (XSS) Vulnerability in Liferay Portal 7.2.0 GA1 via Journal Article Title Cross-Site Scripting (XSS) Vulnerability in Sakai 12.6 via Chat User Name Vulnerability: Image Signature Verification Bypass in Cisco NX-OS Software Hard-coded Cryptographic Key Vulnerability in FortiClient for Windows Denial of Service Vulnerability in FortiClient for Linux 6.2.1 and Below Fortinet FortiSIEM Database Component Hard-Coded Password Vulnerability Cross-Site Scripting (XSS) Vulnerability in FortiAuthenticator WEB UI 6.0.0 Privilege Escalation Vulnerability in FortiClient for Linux: Arbitrary System File Overwrite Cross Site Scripting (XSS) Vulnerability in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 Information Exposure Vulnerability in Fortinet FortiWeb 6.2.0 CLI and Earlier Stack-based Buffer Overflow in BIRD Internet Routing Daemon's BGP Daemon Cisco Fabric Services Buffer Overflow Vulnerability Integer Underflow Vulnerability in MikroTik RouterOS SMB Server NULL Pointer Dereference in Onigmo's onig_error_code_to_str Function Out-of-Bounds Read Vulnerability in Onigmo through 6.2.0 Stack Exhaustion Vulnerability in Oniguruma before 6.9.3 NULL Pointer Dereference in myhtml_tree_node_remove in MyHTML through 4.0.5 Use-After-Free Vulnerability in GNU cflow 1.6's Reference Function in parser.c Heap-Based Buffer Over-Read Vulnerability in GNU cflow through 1.6 Integer Overflow in remap_struct() in sa_common.c leads to memory corruption in sysstat before 12.1.6 Severe Division by Zero Vulnerability in SQLite's Query Planner Denial of Service (DoS) Vulnerability in Cisco NX-OS Software for Nexus 9000 Series Switches Incorrect Access Control Vulnerability in GitLab Enterprise Edition 11.x and 12.x Stored XSS Vulnerability in JetBrains YouTrack through 2019.2.56594 Stored XSS Vulnerability in LimeSurvey Allows Privilege Escalation Reflected XSS Vulnerability in LimeSurvey Allows Privilege Escalation XML Injection Vulnerability in Limesurvey before 3.17.14 Allows Remote Code Execution and Data Compromise Clickjacking Vulnerability in Limesurvey before 3.17.14 Path Disclosure Vulnerability in Limesurvey before 3.17.14 Browser Caching Vulnerability in Limesurvey before 3.17.14 Stored XSS Vulnerability in Limesurvey Allows Injection of Arbitrary Web Script or HTML via Admin Box Button Titles Limesurvey Default Configuration Allows Insecure SSL/TLS Usage Arbitrary Code Execution Vulnerability in Cisco Nexus 9000 Series Switches LDAP Authentication Brute Force and User Enumeration Vulnerability in Limesurvey Privilege Escalation: Admin Users Can Mark Other Users' Notifications as Read Reflected Cross-Site Scripting (XSS) Vulnerability in Limesurvey before 3.17.14 Unauthorized Integrity Check Execution in Limesurvey before 3.17.14 CSV Injection Vulnerability in Limesurvey before 3.17.14 Allows Command Injection via Survey Responses Unrestricted Access to Reserved Menu Entries in Limesurvey Unrestricted Access to Plugin Manager in Limesurvey before 3.17.14 Limesurvey before 3.17.14 Anti-CSRF Cookie Vulnerability XML External Entity (XXE) Vulnerability in HCL AppScan Source before 9.03.13 Cisco Data Center Network Manager Authentication Bypass Vulnerability Authentication Bypass Vulnerability in D-Link DIR-868L, DIR-885L, and DIR-895L Devices Arbitrary PHP Code Execution via upload_model() in DocCms 2016.5.17 Cross Frame Scripting (XFS) Vulnerability in ArcGIS Enterprise 10.6.1 through EDIT MY PROFILE Feature SQL Injection Vulnerability in Centreon 19.04: Exploiting the svc_id Parameter in makeXMLForOneService.php Cross-Site Scripting (XSS) Vulnerability in Centreon myAccount Alias and Name Fields Cross-Site Scripting (XSS) Vulnerability in Dolibarr 10.0.1 Directory Traversal Vulnerability in KSLabs KSWEB 3.93 Remote Code Execution in eQ-3 Homematic CCU2 and CCU3 via ReGa Core Process URLs Arbitrary File Upload Vulnerability in Cisco Data Center Network Manager Heap-based Buffer Over-read in GNU Serveez through 0.2.2 Regular Expression Denial of Service in WEBrick::HTTPAuth::DigestAuth Privilege Escalation Vulnerability in MISP Versions Prior to 2.4.115 Brocade Fabric OS Versions Vulnerability: Exposing Remote ESRS Server Credentials Vulnerability: Exposing External Passwords and Authentication Keys in Brocade Fabric OS Versions Insufficiently Random Session ID Vulnerability in Brocade SANnav Plaintext Account Credential Logging Vulnerability in Brocade SANnav Versions Before v2.0 Hard-coded Password Vulnerability in Brocade SANnav Versions Before v2.0 Weakness in Password-Based Encryption Algorithm in Brocade SANnav Versions before v2.0 Man-in-the-Middle Attack Vulnerability in Brocade SANnav Versions before v2.0 Cisco Data Center Network Manager (DCNM) Web Interface File Access Vulnerability Brocade SANnav Vulnerability: Plain Text Database Connection Password Logging Plaintext Password Storage Vulnerability in Brocade SANnav Versions Before v2.1.0 LDAP Injection Vulnerability in Brocade SANnav Versions Before v2.1.0 Arbitrary Command Execution Vulnerability in Tenda PA6 Wi-Fi Powerline Extender 1.0.1.21 Regular Expression Vulnerability in Libra Core Allows Code Interference via Nonstandard Line-Break Character Exponential Backtracking Vulnerability in Zulip Server Markdown Parser Insecure MIME Type Validation in Zulip Server 2.0.5 and Earlier Cross-Site Scripting (XSS) Vulnerability in WordPress Media Uploads (CVE-2019-17671) Stored Cross-Site Scripting (XSS) Vulnerability in WordPress before 5.2.3 XSS Vulnerability in WordPress Shortcode Previews Improper Access Controls in Cisco Data Center Network Manager (DCNM) Allow Information Retrieval Open Redirect Vulnerability in WordPress before 5.2.3 Reflected XSS Vulnerability in WordPress Dashboard Cross-Site Scripting (XSS) Vulnerability in WordPress before 5.2.3 XSS Vulnerability in WordPress Previews by Authenticated Users Invalid Write Operation in py-lmdb 0.97 Invalid Write Operation in py-lmdb 0.97 Invalid Write Operation in py-lmdb 0.97: Unvalidated memmove in mdb_node_del Invalid Write Operation in py-lmdb 0.97: Vulnerability in mdb_cursor_set Divide-by-Zero Error in py-lmdb 0.97: Vulnerability in mdb_env_open2 NULL pointer dereference in kfd_interrupt.c in Linux kernel 5.2.14 Arbitrary Code Execution Vulnerability in Cisco Meeting Server CLI Configuration Shell NULL pointer dereference vulnerability in radeon_display.c in Linux kernel 5.2.14 NULL Pointer Dereference in fjes_main.c NULL Pointer Dereference in if_sdio.c NULL Pointer Dereference in qla_os.c in Linux Kernel 5.2.14 NULL Pointer Dereference in iwlwifi PCIe Transmitter Improper Source Verification in Dino's XEP-0280 Message Carbons Module Roster Push Authorization Bypass in Dino (CVE-2019-09-10) Improper Source Verification in Dino MAM Message Archive Management Module XSS Vulnerability in Afterlogic Aurora 8.3.9-build-a3 Allows Session Hijacking Buffer Overflow in process_http_response in OpenConnect before 8.05 with Crafted Chunk Sizes Arbitrary Command Injection Vulnerability in Cisco SD-WAN vManage Web UI Buffer Overflow and Information Disclosure Vulnerability in HP Inkjet Printers Bypassing PIN Authentication on TCL Alcatel Cingular Flip 2 B9HUAH1 Devices Vulnerability: OS Command Injection in TCL Alcatel Cingular Flip 2 B9HUAH1 omamock Application Undocumented Web API Allows Unauthorized Access to Firmware Update Settings on TCL Alcatel Cingular Flip 2 B9HUAH1 Devices Bypassing Security Filters and Accessing Hidden Objects in OMERO.server User Information Disclosure Vulnerability in OMERO Intesync Solismed 3.3sp1 Local File Inclusion (LFI) Vulnerability User Mode Write AV Vulnerability in Delta DCISoft 1.21 Insecure Media Deletion in Telegram's Delete For Feature Out-of-Bounds Read Vulnerability in OpenCV 4.1.1 Privilege Escalation Vulnerability in Cisco SD-WAN CLI Unauthenticated Options Changes and CSS Injection Vulnerability in Ocean Extra Plugin Authenticated Options Changes in YIT Plugin Framework for WordPress SSL Certificate Validation Bypass in Nutfind.com Android App Allows Man-in-the-Middle Attacks Privilege Escalation Vulnerability in SamsungTTS Application HTTP Response Splitting in Ruby through 2.6.4 Code Injection Vulnerability in Ruby's Shell#[] and Shell#test Methods Simjacker: Exploiting the SIMalliance Toolbox Browser on Samsung Devices Simjacker: Exploiting the SIMalliance Toolbox Browser on Motorola Devices Vulnerability: Root Access Exploit via Homee Brain Cube V2 Bootloader Privilege Escalation Vulnerability in Cisco SD-WAN vManage Web UI Unauthenticated POST Request Vulnerability in Tripp Lite PDUMH15AT 12.04.0053 Devices Insecure SSL Certificate Validation in Twitter Kit for iOS SQL Injection Vulnerability in EGPP GESAC v1 Authentication Form Buffer Overflow Vulnerability in CODESYS V2.3 ENI Server up to V3.2.2.24 HTML Injection Vulnerability in Zoho ManageEngine Remote Access Plus 10.0.259 Unauthorized Access to Sensitive User Information in Cisco IMC Server Utilities Unauthenticated Remote Reading of Whiteboard Image PDFs in DTEN D5 and D7 Devices Vulnerability: Factory Settings Allow Firmware Reflash and ADB Enablement on DTEN D5 and D7 Devices Unauthenticated Root Shell Access and Covert Screen Data Capture Vulnerability in DTEN D5 and D7 Devices Unencrypted HTTP Data Transfer Vulnerability in DTEN D5 and D7 Devices Incorrect Indication of Disconnection Vulnerability in hostapd and wpa_supplicant HTTP Request Smuggling Vulnerability in Go before 1.12.10 and 1.13.x before 1.13.1 Heap-Based Buffer Overflow in PicoC 2.1's StringStrcpy Function Remote Code Execution via Directory Traversal in Nostromo nhttpd Denial of Service Vulnerability in nostromo nhttpd through 1.9.6 via Crafted HTTP Request Buffer Overflow Vulnerability in Cisco IMC Web Server API Token Validation Vulnerability in Ptarmigan before 0.2.3 Persistent Cross-Site Scripting (XSS) Vulnerability in NCH Express Invoice v7.12 HP Softpaq Installer Arbitrary Code Execution Vulnerability Arbitrary Code Execution Vulnerability in HP Products: Privilege Elevation via EFI_BOOT_SERVICES Physical Access Vulnerability: Unauthorized Extraction of Sensitive Information Bypassing OS Application Filter through Browser Preferences to Execute Arbitrary Commands Application Filter Bypass Vulnerability in HP ThinPro Linux Allows Privileged Access and Command Execution Tenda N301 Wireless Router Crash Vulnerability Authenticated XSS Vulnerability in insert-php Plugin for WordPress Cisco IMC Configuration Import Utility File Upload Vulnerability Arbitrary OS Command Execution Vulnerability in Open-AudIT Create Discoveries Feature Remote Code Execution and Denial of Service Vulnerability in Notepad++ (x64) 7.7 and Earlier Stored XSS vulnerability in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 via cmd_arg parameter Vulnerability: Incomplete Event Handling in ONOS P4 Tutorial Application Vulnerability: Unhandled Host Event Types in ONOS Virtual BNG Application Vulnerability: Unhandled Host Event Types in ONOS Mobility Application Buffer Overflow Vulnerability in Cisco IMC Firmware Signature Checking Program Vulnerability: Unhandled HOST_REMOVED Event in ONOS ACL Application Unhandled Event Type Vulnerability in ONOS Virtual Tenant Network Application Vulnerability in ONOS Ethernet VPN Application: Absence of Intended Code Execution Insecure Randomness in JHipster Generator Allows Privilege Escalation and Account Takeover Command Injection Vulnerability in MobaXterm Protocol Handler Reflected Cross-Site Scripting (XSS) Vulnerability in Fuji Xerox DocuShare SQL Injection Vulnerability in FlameCMS 3.3.5 via accountName Parameter in account/login.php Cisco Integrated Management Controller (IMC) Web Interface Information Disclosure Vulnerability XSS Vulnerability in NIUSHOP V1.11 via index.php?s=/admin URI CSRF Vulnerability in NIUSHOP V1.11 via search_info in index.php XSS Vulnerability in s-cms V3.0 via S_id Parameter in index.php?type=text Credential Disclosure Vulnerability in ifw8 Router ROM v4.31 Remote Code Execution Vulnerability in Indexhibit 2.1.5 via /ndxzstudio/install.php?p=2 Arbitrary .phar File Execution Vulnerability in Pimcore before 5.7.1 File Extension Bypass Vulnerability in Pimcore before 5.7.1 Infinite Loop Vulnerability in Gryphon Dissector in Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10 Cisco IMC Web Interface CSRF Vulnerability Vulnerability in Cobham Sea Tel v170-v194 Devices: Unauthorized Access to Vessel Location via SNMP XSS Vulnerability in ScadaBR 1.0CE and 1.1.x through 1.1.0-RC via Nonexistent Resource Request CSRF Vulnerability in D-Link DIR-601 B1 2.00NA Allows for Remote Router Management and Device Compromise Authentication Bypass Vulnerability in D-Link DIR-601 B1 2.00NA Remote Code Execution via Object Attribute Modification in RPyC 4.1.x through 4.1.1 Persistent XSS Vulnerability in NCH Express Accounts Accounting v7.02 XSS Vulnerability in api-bearer-auth Plugin for WordPress Persistent Cross-Site Scripting (XSS) in GetSimple CMS v3.3.15 admin/theme-edit.php Persistent XSS Vulnerability in Bludit v3.9.2 Categories Add New Category Name Field Polymorphic Typing Vulnerability in FasterXML jackson-databind Denial of Service Vulnerability in Cypress PSoC 4 BLE Component 3.61 and Earlier Use-after-free vulnerability in hncbd90 component in Hancom Office 9.6.1.9403 via crafted .docx file Use-After-Free Vulnerability in Hancom Office 9.6.1.7634 Arbitrary Command Injection Vulnerability in Cisco IMC IPMI Remote Discovery of Recovery Key in Belkin Linksys Velop 1.1.8.192419 Devices Cross-Site Scripting (XSS) Vulnerability in ScadaBR 1.0CE Login Form Heap-Based Buffer Overflow in ngiflib 0.4's WritePixel() Function Heap-Based Buffer Overflow in ngiflib 0.4's WritePixels() Function NULL Pointer Dereference in gain_file() at wav_gain.c NULL Pointer Dereference in Bento4 1.5.1-628: AP4_ByteStream::ReadUI32 Vulnerability XML Parsing Vulnerability in Cisco IP Phone 7800 and 8800 Series: Remote DoS Exploit NULL Pointer Dereference in idct2d8x8() at dct.c in ffjpeg (before 2019-08-18) NULL Pointer Dereference in huffman_decode_step() in ffjpeg before 2019-08-18 Heap-Based Buffer Overflow in ffjpeg's jfif_load() Function Remote Device Crafted Traffic Vulnerability in Emerson GE Automation Proficy Machine Edition 8.0 Race Condition Vulnerability in Beego 1.10.0 File Session Manager Weak File Permissions in Beego 1.10.0 File Session Manager Arbitrary Command Execution Vulnerability in Cisco Webex Teams Client Heap-Based Buffer Overflow in fxBeginHost in Moddable SDK OS180329 Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows PGP Signing Plugin in Gradle Allows Artifact Replacement via SHA-1 Collision Clickjacking Vulnerability in LogMeIn LastPass LDAP Injection Vulnerability in Pega Platform 8.2.1 Remote Code Execution Vulnerability in OTRS 7.0.x and Community Edition 5.0.x-6.0.x Incorrect Access Control in makandra consul gem through 1.0.2 for Ruby Multiple From: Address Signature-Bypass Vulnerability in OpenDMARC Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Bypassing FileGuard Folder Protection in Ivanti Workspace Control 10.3.110.0 SQL Injection Vulnerability in MOVEit Transfer 2018 SP2, 2019, and 2019.1 Path Traversal Vulnerability in Cybele Thinfinity VirtualUI 2.5.17.2 Allows Data Exfiltration HTTP Response Splitting Vulnerability in Cybele Thinfinity VirtualUI 2.5.17.2 via PDF Viewer Request Information Disclosure Vulnerability in PEGA Platform 7.x and 8.x Privilege Escalation in PEGA Platform 8.3.0 via prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases Information Disclosure Vulnerability in PEGA Platform 8.3.0 via prweb/sso/random_token/!STANDARD?pyStream=MyAlerts Endpoint Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Authenticated Visitor Content Modification and Database Manipulation Vulnerability in SPIP Cross-Site Scripting (XSS) Vulnerability in SPIP before 3.1.11 and 3.2 before 3.2.5 via Error Messages SPIP Redirect URL Mishandling Vulnerability Information Disclosure Vulnerability in SPIP Password-Reminder Page Stack-Based Buffer Overflow in GnuCOBOL 2.2's cb_name() Function Use-after-free vulnerability in GnuCOBOL 2.2 via crafted COBOL source code Remote Code Execution via SD Card on Keeper K5 20.1.0.25 and 20.1.0.63 Devices Broken Authentication in Western Digital WD My Book World through II 1.02.12 allows unauthorized access to /admin/ directory Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Bluetooth AT Command Denial of Service Vulnerability in Samsung Galaxy Devices Bluetooth-based Injection of AT Commands on Samsung Galaxy Devices: Leaking Sensitive Information Customer Data Manipulation Vulnerability in Webkul Bagisto Authenticated SQL Injection in OpenEMR through 5.0.2: Arbitrary Data Extraction via eye_base.php Remote Code Execution via Macro Expression Location Settings in Centreon Web Privilege Escalation Vulnerability in Centreon Web 19.04.4 DLL Hijacking Vulnerability in JetBrains ReSharper Installers (Pre-2019.2) Unpublished Versions of Files Exposed in SilverStripe Versioned Files Module Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Memory Access Vulnerability in Suricata 4.1.4: Lack of Header Length Checking in Defrag4Reassemble Function Memory Access Vulnerability in Suricata 4.1.4 Zero wanMTU Value Vulnerability in Tenda N301 Wireless Routers Denial of Service Vulnerability in Linux Kernel's 9p Filesystem DOM-based XSS in GFI Kerio Control v9.3.0: Exploiting Login Page to Steal Cleartext Credentials XSS Vulnerability in HRworks 3.36.9: Exploiting Travel-Expense Report Purpose Field XSS Vulnerability in HRworks FLOW 3.36.9: Exploiting Travel-Expense Report Purpose Field Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure Web Interface Cisco IoT-FND UDP Protocol Implementation Denial of Service Vulnerability Adobe Acrobat and Reader Binary Planting Privilege Escalation Vulnerability Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Unauthenticated Adjacent Attackers Can Access Sensitive Data in Cisco CMX Software Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Adobe Acrobat and Reader Security Bypass Vulnerability Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Privilege Escalation and Configuration Modification Vulnerability in Cisco SD-WAN Solution CLI Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.5 Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.5 Adobe Experience Manager User Interface Injection Vulnerability Expression Language Injection Vulnerability in Adobe Experience Manager Insecure Default Configuration in Cisco SD-WAN Solution Allows Unauthorized Access to vSmart Containers Stack-based Buffer Overflow Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Privilege Escalation Vulnerability in Cisco SD-WAN Solution Vulnerability in Cisco's Secure Boot Implementation Allows Unauthorized Firmware Modification Arbitrary File Overwrite Vulnerability in Cisco SD-WAN Solution Integer Overflow Privilege Escalation in Imagination Technologies Driver for Chrome OS Root User Privilege Escalation and Denial of Service Vulnerability in Cisco SD-WAN Solution vContainer Use-After-Free Vulnerability in libIEC61850 through 1.3.3 Directory Traversal Vulnerability in FireGiant WiX Toolset Stored XSS Vulnerability in ConnectWise Control Appearance Modifier CSRF Vulnerability in ConnectWise Control 19.3.25270.7185 Remote Code Execution Vulnerability in ConnectWise Control Lack of HTTP Security Headers in ConnectWise Control ConnectWise Control User Enumeration Vulnerability CORS Misconfiguration in ConnectWise Control Allows Unauthorized Administrative Actions Vulnerability: Unintended Temperature Manipulation via Bluetooth Low Energy (BLE) Packets on Swell Kit Mod Devices Undocumented Feature in ESET Cyber Security for macOS Allows Unauthorized Root Command Execution Arbitrary Command Execution Vulnerability in Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Stored XSS Vulnerability in All in One SEO Pack Plugin for WordPress Reflected XSS Vulnerability in Broken Link Checker WordPress Plugin Stored XSS Vulnerability in EU Cookie Law (GDPR) Plugin for WordPress Stored XSS Vulnerability in Events Manager Plugin for WordPress Stored XSS Vulnerability in Easy FancyBox WordPress Plugin XSS Vulnerability in Checklist Plugin for WordPress Sensitive Information Disclosure in AbuseFilter Extension for MediaWiki Oversighted Edit Summaries Exposed in CheckUser Results Improper Access Controls in Cisco Small Business RV320 and RV325 Routers Allow Unauthorized Retrieval of Sensitive Information Remote Code Execution in Sonatype Nexus Repository Manager and IQ Server Multiple CSRF Issues in LayerBB before 1.1.4: System Settings Modification via admin/general.php HTTP Host Header Injection Vulnerability in YzmCMS V5.3 XSS Vulnerability in DrayTek Vigor2925 Firmware 3.8.4.3 XSS Vulnerability in DrayTek Vigor2925 Firmware 3.8.4.3 via Crafted WAN Name Vulnerability: RCE and DoS via Native Protocol in ClickHouse (versions before 19.14) Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Vulnerability: Unauthorized Deletion of Support Bundles in Jenkins Support Core Plugin Vulnerability in Cisco Aironet Series Access Points Allows Unauthorized Root Access Arbitrary File Deletion Vulnerability in Jenkins Support Core Plugin Jenkins JIRA Plugin Allows Unauthorized Access to System Credentials Unencrypted Storage of Credentials in Jenkins Anchore Container Image Scanner Plugin Unencrypted Storage of Credentials in Jenkins Spira Importer Plugin Unencrypted Storage of Credentials in Jenkins QMetry for JIRA - Test Management Plugin Jenkins QMetry for JIRA - Test Management Plugin: Plain Text Transmission of Credentials Insecure SSH Host Key Verification in Jenkins Google Compute Engine Plugin Information Disclosure in Jenkins Google Compute Engine Plugin 4.1.1 and earlier Cross-Site Request Forgery Vulnerability in Jenkins Google Compute Engine Plugin Allows Unauthorized Agent Provisioning XML External Entity (XXE) Vulnerability in Jenkins Maven Release Plugin 0.16.1 and Earlier Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Meetings Server Cross-Site Request Forgery Vulnerability in Jenkins Maven Release Plugin 0.16.1 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and Earlier Jenkins Gerrit Trigger Plugin 2.30.1 and Earlier: Missing Permission Check Allows Unauthorized Access Jenkins Build Failure Analyzer Plugin 1.24.1 and Earlier: Cross-Site Request Forgery Vulnerability Exploiting Computationally Expensive Regular Expression Evaluation Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier: Missing Permission Check Allows for Computationally Expensive Regular Expression Evaluation Uninterruptible Regular Expression Evaluation in Jenkins Build Failure Analyzer Plugin Unencrypted Storage of Credentials in Jenkins Rundeck Plugin Unencrypted Storage of Credentials in Jenkins Redgate SQL Change Automation Plugin Jenkins Spira Importer Plugin 3.2.3 and earlier: SSL/TLS Certificate Validation Bypass Unauthenticated Path Existence Disclosure in Jenkins WebSphere Deployer Plugin Local Shell Access Vulnerability in Cisco Enterprise NFVIS CLI Cross-Site Request Forgery Vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and Earlier Jenkins WebSphere Deployer Plugin SSL/TLS Certificate and Hostname Validation Bypass Vulnerability Stored XSS Vulnerability in Jenkins buildgraph-view Plugin 1.8 and Earlier Stored XSS vulnerability in Jenkins Mission Control Plugin 0.9.16 and earlier Stored XSS vulnerability in Jenkins Pipeline Aggregator View Plugin 1.8 and earlier Cross-Site Request Forgery Vulnerability in Jenkins Team Concert Plugin 1.3.0 and Earlier Vulnerability: Missing Permission Check in Jenkins Team Concert Plugin Allows Unauthorized Access to Attacker-Specified URLs Vulnerability: Enumeration of Credentials ID in Jenkins Team Concert Plugin Jenkins SCTMExecutor Plugin 2.2 and earlier exposes service credentials in plain text Cross-Site Request Forgery Vulnerability in Jenkins Mantis Plugin 0.26 and Earlier Unauthorized Access Vulnerability in Cisco AMP Threat Grid Jenkins RapidDeploy Plugin 4.1 and Earlier: Cross-Site Request Forgery Vulnerability Allows Unauthorized Server Connections Unauthenticated Remote Connection Vulnerability in Jenkins RapidDeploy Plugin 4.1 and Earlier Unencrypted Storage of Credentials in Jenkins Weibo Plugin Cross-Site Request Forgery Vulnerability in Jenkins Alauda DevOps Pipeline Plugin Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs Cross-Site Request Forgery Vulnerability in Jenkins Alauda Kubernetes Support Plugin Jenkins Alauda Kubernetes Support Plugin 2.3.0 and earlier - Missing Permission Check Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Unified Intelligence Center Cisco Prime Infrastructure Integration Feature SSL Certificate Validation Vulnerability Unauthenticated Remote Access Vulnerability in Cisco TelePresence Management Suite (TMS) Software Cross-Site Scripting (XSS) Vulnerability in Cisco TelePresence Management Suite (TMS) Web Interface Insufficient Authentication Controls in Cisco Prime Collaboration Assurance Software Arbitrary Code Execution Vulnerability in Cisco RV Series Routers Root Access Vulnerability in Cisco HyperFlex Software SQL Injection Vulnerability in TuziCMS 2.0.6 via index.php/Mobile/Zhuanti/group?id= parameter Stored XSS Vulnerability in ZrLog 2.1.1's article_edit Area SQL Injection Vulnerability in TuziCMS 2.0.6 ZhuantiController.class.php Arbitrary HTTP Host Header Phishing Vulnerability in Embedthis GoAhead 2.5.0 Unquoted Search Path Vulnerability in Maxthon Browser for Windows Virtual Media Service Vulnerability on Supermicro H11, H12, M11, X9, X10, and X11 Products Cross-Site Scripting (XSS) Vulnerability in Cisco HyperFlex Software Web Interface Vulnerability: Privilege Escalation via Virtual Media Service on Supermicro X10 and X11 Products Vulnerability: WAN IP Address Leakage via SNMP Commands on Virgin Media Super Hub 3 Remote Command Execution in Genius Bytes Genius Server (Genius CDDS) 3.2.2 Remote Code Execution Vulnerability in Genius Bytes Genius Server (Genius CDDS) 3.2.2 Reinstallation Vulnerability in joyplus-cms 1.6.0 Arbitrary PHP Code Execution in joyplus-cms 1.6.0 via Object Name Injection XSS Vulnerability in TuziCMS 2.0.6 via PATH_INFO to Group URI CSRF Vulnerability in TuziCMS 2.0.6's index.php/manage/notice/do_add CSRF Vulnerability in TuziCMS 2.0.6's index.php/manage/link/do_add Unauthenticated Remote Data Retrieval Vulnerability in Cisco HyperFlex Graphite Service CSRF Vulnerability in joyplus-cms 1.6.0's admin_ajax.php?action=savexml&tab=vodplay XSS Vulnerability in Ogma CMS 0.5: New Blog Creation Command Execution Vulnerability in rConfig 3.9.2 Command Execution Vulnerability in rConfig 3.9.2 Cross-Site Scripting (XSS) Vulnerability in ThinkSAAS 2.91 via index.php?app=group&ac=create&ts=do groupname Parameter Cross-Site Scripting (XSS) Vulnerability in ThinkSAAS 2.91 via index.php?app=group&ac=comment&ts=do&js=1 URI CSRF Vulnerability in diag_command.php in pfSense 2.4.4-p3 Account Enumeration Vulnerability in Pagekit 1.0.17 Reset Password Feature Arbitrary Data Write Vulnerability in Cisco HyperFlex Graphite Interface Authentication Mechanism Brute-Force Vulnerability Uncontrolled Resource Consumption Vulnerability in Weidmueller IE-SW Devices Clear-text Transmission of Sensitive Credentials in Weidmueller IE-SW-VL05M, IE-SW-VL08MT, and IE-SW-PL10M Devices Clear-text Password Storage Vulnerability Predictable Authentication Information in Cookie Leads to Admin Password Compromise Out-of-bounds Read and Remote Code Execution in PHOENIX CONTACT PC Worx and Config+ Incorrect Access Control in Plataformatec Simple Form's file_method in lib/simple_form/form_builder.rb CSRF Vulnerability in idreamsoft iCMS V7.0 CSRF Vulnerability in YzmCMS 5.3 Allows Denial of Service via Superseding Route Local File Inclusion Vulnerability in Gila CMS before 1.11.1 Cross-Site Scripting (XSS) Vulnerability in Cisco SocialMiner Chat Feed Path Traversal Vulnerability in GNOME file-roller Arbitrary URL Opening and Deceptive Content Injection Vulnerability in Traveloka Android App SQL Injection Vulnerability in TYPO3 URL Redirect Extension Xoops 2.5.10 Image Manager Breadcrumb Hover XSS Vulnerability Xoops 2.5.10 Image-Manager JavaScript Payload Execution Vulnerability Stored XSS Vulnerability in Dolibarr 9.0.5 User Group Description Section Stored XSS Vulnerability in Dolibarr 9.0.5 User Note Section Stored XSS and Privilege Escalation in Dolibarr 9.0.5 User Profile Signature Section Stored XSS Vulnerability in Dolibarr 9.0.5 Email Template Section Cisco Firepower Threat Defense (FTD) Software Memory Exhaustion Vulnerability SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/filter-result.php SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/order.php SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/edit-result.php SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/filter.php SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/edit.php Unrestricted Data Access in TYPO3 Direct Mail Extension Remote Code Execution in sr_freecap TYPO3 Extension Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Intelligence Center Software Arbitrary File Upload and Potential Remote Code Execution in TYPO3 slub_events Extension Remote Code Injection in pfSense through 2.3.4 through 2.4.4-p3 via methodCall XML document with pfsense.exec_php call Buffer Overflow Vulnerability in Integard Pro 2.2.0.9026 Allows Remote Code Execution Stored XSS vulnerability in admin/infolist_add.php in PHPMyWind 5.6 Stored XSS vulnerability in admin/infoclass_update.php in PHPMyWind 5.6 Out of Bounds Read Vulnerability in Ming (libming) 0.4.8's OpCode() Function CSRF Vulnerability in kkCMS v1.3 Allows Unauthorized User Account Addition Invalid Read Vulnerability in Hunspell 1.7.0's SuggestMgr::leftcommonsubstring Memory Leak in ImageMagick 7.0.8-35: XCreateImage Vulnerability Memory Leak in ImageMagick 7.0.8-35: Vulnerability in coders/dps.c Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Web Interface Memory Leak in ImageMagick 7.0.8-35: Vulnerability in coders/dot.c Memory Leak in Huffman2DEncodeImage in ImageMagick 7.0.8-40 Memory Leak in Huffman2DEncodeImage in ImageMagick 7.0.8-43 Memory Leak in ImageMagick 7.0.8-43: Vulnerability in coders/dot.c Uninitialized Fields in rds6_inc_info_copy Vulnerability Incorrect Access Control in OX App Suite through 7.10.2 Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.2 Command Injection Vulnerability in radare2 bin_symbols() Function WTCMS 1.0 Vulnerability: CSRF and XSS via index.php?g=admin&m=index&a=index Cisco Web Security Appliance (WSA) Decryption Policy Bypass Vulnerability Arbitrary File Upload Vulnerability in ZZZCMS zzzphp v1.7.2 CSRF Vulnerability in NoneCMS v1.3 Allows Unauthorized Deletion of Admin User Insufficient Protection Mechanism in ZZZCMS zzzphp v1.7.2 Allows PHP Code Execution Cacti 1.2.6 Authenticated User Bypass Vulnerability Arbitrary Code Execution via Structured Exception Handler (SEH) Buffer Overflow in File Sharing Wizard 1.5.0 XSS Vulnerability in Joomla! 3.x before 3.9.12 via Logo Parameter DOMPurify 2.0.1 and Earlier: XSS Vulnerability via innerHTML Mutation (mXSS) in SVG or MATH Element Local Root Escalation Vulnerability in pam-python Cisco Identity Services Engine (ISE) Web-Based Management Interface Cross-Site Scripting (XSS) Vulnerability Arbitrary Command Execution in Petwant PF-103 Firmware 4.22.2.42 and Petalk AI 3.2.2.30 Remote Code Execution and Device Manipulation in Petwant PF-103 and Petalk AI Firmware Unencrypted Firmware Upgrade Vulnerability in Petalk AI and PF-103: Allowing Man-in-the-Middle Attackers to Execute Arbitrary Code as Root User Arbitrary Command Execution Vulnerability in Petwant PF-103 Firmware 4.22.2.42 and Petalk AI 3.2.2.30 Default Credentials Vulnerability in Petwant PF-103 Firmware 4.3.2.50 and Petalk AI 3.2.2.30 Stack-based Buffer Overflow in Petwant PF-103 Firmware and Petalk AI: Remote Code Execution Vulnerability Stack-based Buffer Overflow in Petwant PF-103 Firmware and Petalk AI Arbitrary Command Execution Vulnerability in Petwant PF-103 Firmware and Petalk AI Information Disclosure of Suppressed Usernames via User ID Lookup in MediaWiki Arbitrary Command Execution Vulnerability in Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools eBrigade before 5.0 - SQL Injection in evenement_ical.php eBrigade before 5.0: Critical SQL Injection Vulnerability in evenements.php cid Parameter eBrigade before 5.0 - SQL Injection in evenement_choice.php Buffer Overflow in Linux Kernel's nl80211.c Invalid Pointer Free Vulnerability in MatrixSSL DTLS Server Heap-based Buffer Over-read in ASN.1 Certificate Data Parsing in wolfSSL through 4.1.0 Default Local Account with Static Password Vulnerability in Cisco Aironet Active Sensor Reflected Cross Site Scripting (XSS) in Devise Token Auth's omniauth failure endpoint Arbitrary HTTP Request Vulnerability in DAPS, Dash Core, and PIVX Weak Signature Scheme Design in Decentralized Anonymous Payment System (DAPS) and Private Instant Verified Transactions (PIVX) NULL Pointer Dereference Vulnerability in RIOT 2019.07 MQTT-SN Implementation Pre-Authenticated Remote Command Execution Vulnerability in BMC Remedy ITSM Suite Directory Traversal Vulnerability in Lexmark Services Monitor 2.27.4.0.39 Remote Command Execution via widgetConfig[code] Parameter in vBulletin 5.x through 5.5.4 Cisco Meeting Server (CMS) Software Denial of Service Vulnerability Vulnerability: Incorrect Dependency Download in Cargo Prior to Rust 1.26.0 Bitcoin Script Vulnerability: Specially Crafted Scripts Trigger SLP Consensus Hard-Fork Specially Crafted Bitcoin Script Vulnerability Allows for SLP Consensus Hard-Fork Unsanitized URL Vulnerability in Pannellum 2.5.0 - 2.5.4 Allows for Potential XSS Attacks Denial of Service Vulnerability in PowAssent: Unsafe Use of `String.to_atom/1` Arbitrary Code Execution Vulnerability in Visual Studio Code with CodeQL Extension Wagtail-2FA Authentication Bypass Vulnerability Conditional Admin Sys Mode Vulnerability Information Leakage Vulnerability in Sylius Cross-site Scripting (XSS) Vulnerability in serialize-javascript npm Package Cross-Site Scripting Vulnerability in Cisco Webex Meetings for Android Denial of Service Vulnerability in Puma's Reactor Armeria 0.85.0 - 0.96.0 HTTP Response Splitting Vulnerability Cross-site Scripting (XSS) Vulnerability in serialize-to-js NPM Package Object Injection Vulnerability in PHPFastCache Cookie Driver Arbitrary File Write Vulnerability in npm CLI Arbitrary File Write Vulnerability in npm CLI Arbitrary File Overwrite Vulnerability in npm CLI Heap Buffer Overflow in UnsortedSegmentSum in TensorFlow Race Condition Vulnerability in RubyGem excon before 0.71.0 Cisco Meeting Server Denial of Service Vulnerability XSS Vulnerability in WordPress Block Editor Allows JavaScript Injection Authenticated User JavaScript Injection in WordPress Block Editor Timing Attack Vulnerability in Rack RubyGem Local Privilege Escalation Vulnerability in PyInstaller on Windows HTTP Request Smuggling/Splitting Vulnerability in Waitress 1.3.1 Vulnerability: HTTP Request Parsing Issue in Waitress 1.3.1 HTTP Request Smuggling Vulnerability in Waitress 1.4.0: Proxy Bypass and Cache Poisoning Title: Authenticated SSRF Vulnerability in Cisco TelePresence Conductor, Expressway Series, and TelePresence VCS Software Remote Code Execution Vulnerability in Tiny File Manager 2.3.9 Vulnerability: Downgrade of Effective STS Policy in postfix-mta-sts-resolver before 0.5.1 Request Smuggling Vulnerability in Waitress 1.3.1 Arbitrary Text Injection Vulnerability in Cisco Webex Business Suite Cisco Network Convergence System 1000 Series TFTP Arbitrary File Retrieval Vulnerability Privilege Escalation Vulnerability in Cisco APIC FUSE Filesystem Functionality Improper Validation of Server Certificates in Cisco IP Phones Allows Eavesdropping and Call Manipulation Cisco IP Phone 7800 and 8800 Series Denial of Service Vulnerability Cisco Unity Connection SAML SSO Interface Cross-Site Scripting Vulnerability Vulnerability: Bypassing ACL Protection on Cisco ASR 9000 Series Routers Untrusted Search Path Vulnerability in Code42 App for Windows Untrusted Search Path Vulnerability in Code42 Server for Windows Reflected XSS Vulnerability in OpenEMR 5.x before 5.0.2.1 TPM-FAIL: Side-Channel Timing Attack on STMicroelectronics ST33TPHF2ESPI TPM Devices Remote Code Execution via SSH Access in CompleteFTP Server Memory Allocation and Processing Time Vulnerability in Pillow Uninitialized Memory Access Vulnerability in Unbound DNS Server Arbitrary File Deletion Vulnerability in HongCMS 3.0.0 Arbitrary File Deletion Vulnerability in Emlog through 6.0.0beta via admin/data.php?action=dell_all_bak with Directory Traversal HTTP Request Smuggling Vulnerability in Netty before 4.1.42.Final TCP Proxy Denial of Service Vulnerability in Cisco ASA and FTD Software Remote Code Execution via Beckhoff ADS Protocol in Beckhoff Embedded Windows PLCs and Twincat on Windows Engineering Stations Incorrect Access Control in Portainer before 1.22.1 Cross-Site Scripting (XSS) vulnerability in Portainer before 1.22.1 Incorrect Access Control in Portainer before 1.22.1 (Issue 2 of 4) Directory Traversal Vulnerability in Portainer before 1.22.1 Incorrect Access Control in Portainer before 1.22.1 Cross-Site Scripting (XSS) Vulnerability in Portainer before 1.22.1 Missing Authentication for Critical Function in Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70 Firmware Versions 5.0 and Prior Unauthenticated Access and DoS Vulnerability in Cisco Network Assurance Engine (NAE) Management Web Interface Double Free Vulnerability in Linea Crate's Matrix::zip_elements Method Use-after-free vulnerability in portaudio-rs crate allows arbitrary code execution Cloning Flaw in String-Interner Crate Allows Memory Read Vulnerability AppArmor Restriction Bypass Vulnerability in runc Remote Code Execution via Crafted Cookies in OkayCMS Buffer Overflow Vulnerability in IrfanView 4.53 Denial of Service Vulnerability in Ubiquiti EdgeMAX Devices Arbitrary File Upload Vulnerability in Cisco Webex Teams iOS Client XSS Vulnerability in Halo 1.1.0 via Crafted authorUrl in JSON Data Remote Command Execution Vulnerability in Liferay Portal CE 6.2.5 via JSON Deserialization Uncompressed Size Spoofing Vulnerability in Rubyzip Unauthenticated Reboot Vulnerability in TP-Link TP-SG105E V4 1.0.0 Build 20181120 SQL Injection through Insecure Deserialization in download.php of inoERP 4.15 Arbitrary File Write Vulnerability in K7 Ultimate Security 16.0.0117 Privilege Escalation via Arbitrary Registry Writes in K7 Antivirus Software Arbitrary Code Execution Vulnerability in Advantech WebAccess/HMI Designer 2.1.9.31 Unauthenticated Access Vulnerability in Cisco APIC Management Interface Advantech WebAccess/HMI Designer 2.1.9.31 User Mode Write AV Vulnerability WebAccess/HMI Designer 2.1.9.31 Exception Handler Chain Corruption Vulnerability Unauthenticated Arbitrary File Deletion in ARforms Plugin 3.7.1 for WordPress Directory Traversal Vulnerability in Platinum UPnP SDK 1.2.0 Stored XSS Vulnerability in TeamPass 2.1.27.36 via Crafted Passwords Pre-Authentication Integer Overflow in OpenSSH XMSS Key Parsing Algorithm Unauthenticated User Notification Access Vulnerability in Infosysta In-App & Desktop Notifications App for Jira Unauthenticated User Enumeration in Infosysta In-App & Desktop Notifications App for Jira Unauthenticated Access to Jira Project List in Infosysta In-App & Desktop Notifications App Unauthorized Access to Jira Project List via Infosysta In-App & Desktop Notifications App Cisco Firepower Threat Defense Software SSL/TLS Packet Header DoS Vulnerability Insufficient Entropy in Deterministic ECDSA RNG Privilege Escalation Vulnerability in PC Protect Antivirus v4.14.31 Cross-Site Scripting (XSS) Vulnerability in pfSense through 2.4.4-p3 Unsanitized Parameter in pfSense Widget Allows Path Traversal SQL Injection Vulnerability in WiKID Enterprise 2FA Server Harbor API Broken Access Control Vulnerability: Unauthorized Robot Account Creation Unauthenticated Remote Access to Sensitive System Usage Information in Cisco APIC Software Title: Critical Unauthenticated Remote Code Execution Vulnerability in Multiple D-Link Products Uninitialized Data Structure Vulnerability in hns_roce_alloc_ucontext Unintended Public Exposure of Files in SuiteCRM 7.10.x and 7.11.x XSS Vulnerability in kkcms 1.3 via jx.php?url= Parameter Cleartext Password Transmission Vulnerability in Nulock Application 1.5.0 XSS Vulnerability in Flower 0.9.3 via @app.task's name parameter XSS Vulnerability in Flower 0.9.3 via Crafted Worker Name Out-of-Bounds Write Vulnerability in Xpdf 4.01.01's TextPage::findGaps Function Exim Remote Code Execution via Heap-Based Buffer Overflow in EHLO Command Incorrect Access Control in Auth0 auth0.net: Unintended Validation of Untrusted ID Tokens WebVPN Service Denial of Service Vulnerability IP Address Discovery Vulnerability in Zcashd Prior to 2.0.7-3 Stored XSS Vulnerability in Visualizer Plugin 3.3.0 for WordPress Blind SSRF Vulnerability in Visualizer Plugin for WordPress XSS Vulnerability in Python XML-RPC Server Cisco ASA and FTD Software Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in NSA Ghidra 9.0.4 Experimental Mode Polymorphic Typing Vulnerability in FasterXML jackson-databind Polymorphic Typing Vulnerability in FasterXML jackson-databind SSRF Vulnerability in Enghouse Web Chat 6.1.300.31 Allows Port Scanning on Internal Network Email Spoofing and Phishing Vulnerability in Enghouse Web Chat Unauthenticated Adjacent Attack Vulnerability in Cisco ASA and FTD Software XSS Vulnerability in Enghouse Web Chat 6.1.300.31 and 6.2.284.34: Exploitable QueueName Parameter Remote File Include Vulnerability in Enghouse Web Chat 6.2.284.34: Unauthorized Data Retrieval and Information Disclosure HTML Injection Vulnerability in SolarWinds Web Help Desk 12.7.0 via Comment in Help Request Ticket XSS Vulnerability in SolarWinds Web Help Desk 12.7.0 via Uploaded SVG Document XSS Vulnerability in SolarWinds Web Help Desk 12.7.0 via Request Type Parameter Cross-Site Scripting (XSS) Vulnerability in SolarWinds Web Help Desk 12.7.0 via User Account First Name Field Arbitrary Code Injection through Location Name in SolarWinds Web Help Desk 12.7.0 CSV Injection in SolarWinds Web Help Desk 12.7.0 via Ticket Attachment Denial of Service Vulnerabilities in Cisco Firepower Threat Defense Software Cross-Site Scripting (XSS) Vulnerability in SolarWinds Web Help Desk 12.7.0 via Crafted Location Name Field in CSV Template File XSS Vulnerability in SolarWinds Web Help Desk 12.7.0 via Schedule Name HTML Injection Vulnerability in Zoho ManageEngine Desktop Central 10.0.430 via Modified Report Name in New Custom Report Command Injection Vulnerability in FusionPBX Call Center Queue Module Command Injection Vulnerability in FusionPBX up to 4.5.7 Allows Remote Code Execution as www-data Unsanitized Group Variable XSS Vulnerability in Contactmanager Cross-Site Scripting (XSS) Vulnerability in Manager Module of FreePBX Cross-Site Scripting (XSS) Vulnerability in FusionPBX up to 4.5.7 Unsanitized c Variable in FusionPBX up to 4.5.7 Leads to XSS Vulnerability LDAP Packet Parsing Vulnerability in Cisco ASA and FTD Software Unsanitized savemsg Variable in FusionPBX up to 4.5.7 Allows for XSS Unsanitized contact_uuid Variable in FusionPBX up to 4.5.7 Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX Contact Addresses PHP File Leads to XSS Vulnerability Unsanitized query_string Variable in FusionPBX Contact Edit Page Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX Contact Times PHP File Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX Contact Notes PHP File Leads to XSS Vulnerability Unsanitized query_string Variable in FusionPBX up to 4.5.7 Leads to XSS Vulnerability Unsanitized query_string Variable in FusionPBX up to 4.5.7 Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX v4.5.7 Allows XSS Attacks Unsanitized id Variable in FusionPBX Contact URLs PHP File Leads to XSS Vulnerability XML External Entity (XXE) Vulnerability in Cisco IoT-FND Software Allows Unauthorized Information Access SQL Injection Vulnerability in FusionPBX v4.5.7's call_broadcast_edit.php Unsanitized id Variable in FusionPBX Conference Profile Params.php Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX v4.5.7 Allows XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in FusionPBX up to v4.5.7 Unsanitized filename Variable in FusionPBX v4.5.7 Allows XSS via app\recordings\recording_play.php Unsanitized rec Variable in FusionPBX Allows Arbitrary File Deletion Unsanitized f Variable in FusionPBX Download.php Allows Arbitrary File Download Unsanitized query_string Variable in FusionPBX Contact Import Leading to XSS Unsanitized eavesdrop_dest Variable in FusionPBX v4.5.7 Allows for XSS Unsanitized c Variable in FusionPBX conference_interactive.php Leads to XSS Vulnerability Command Injection Vulnerability in Cisco Firepower Threat Defense (FTD) Software Unsanitized file Variable in FusionPBX Allows Arbitrary File Download Unsanitized file Variable in FusionPBX up to v4.5.7 Allows XSS via app\edit\filedelete.php Insufficient Notice of Private Key Usage in Keybase App 2.13.2 for iOS CSRF Token Verification Vulnerability in phpBB Administration Control Panel Memory Leak in sit_init_net() in Linux Kernel Memory Leak in hsr_dev_finalize() in Linux Kernel SQL Injection Vulnerability in Metinfo 7.0.0beta via product_admin.class.php SQL Injection Vulnerability in Metinfo 7.0.0beta via app/system/language/admin/language_general.class.php SQL Injection in CloudBoot API via Crafted Status Field in JSON Data FPGA Ingress Buffer Management Denial of Service Vulnerability CSP Bypass in Cross-Origin Frame via Object Tag with Data URI in Firefox < 70 Bypassing Content-Security-Policy with Object Tag: Cross-Site Scripting (XSS) Vulnerability in Firefox 69 Insecure Link Drag-and-Drop Vulnerability in Firefox < 70 QR Code JavaScript Execution Vulnerability Static-sized array overflow vulnerability in Thunderbird, Firefox ESR, and Firefox Buffer Overflow Vulnerability in Network Security Services (NSS) Denial of Service Vulnerability in Network Security Services (NSS) 3.44 and earlier Use-after-free vulnerability in nested workers during destruction Unrestricted File Writing Vulnerability in Updater Service Cross-Site Scripting (XSS) Vulnerabilities in Cisco WebVPN Service Race Condition Vulnerability in Resist Fingerprinting Preference Check Race condition leading to use-after-free vulnerability in Thunderbird and Firefox Memory Corruption Vulnerabilities in Firefox 70 and Firefox ESR 68.2 Memory Corruption Vulnerabilities in Firefox 70 Cross-Origin Information Leak via Drag and Drop in Firefox < 71 Pointer Offset Manipulation Vulnerability in Firefox ESR < 68.4 and Firefox < 72 on Windows CSS Sanitizer Incorrectly Rewrites @namespace Rule in Firefox ESR < 68.4 and Firefox < 72, Allowing for Data Exfiltration Type Confusion Vulnerability in Firefox ESR < 68.4 and Firefox < 72 Windows 10 Keyboard Word Suggestion Retention Vulnerability in Firefox < 72 Python File Execution Vulnerability in Firefox on Windows Cross-Site Scripting (XSS) Vulnerabilities in Cisco Enterprise Chat and Email Web Interface XML External Entity (XXE) Injection in Firefox < 72 Race Condition Vulnerability in Firefox ESR and Firefox: Heap Address Disclosure in Windows Clipboard-based CSS Injection Vulnerability in Firefox ESR < 68.4 and Firefox < 72 Invalid State Transition in TLS State Machine in Firefox < 72 Memory Corruption Vulnerabilities in Firefox 71 and Firefox ESR 68.3 Memory Corruption Vulnerability in Firefox 71 Type Confusion Vulnerability in IonMonkey JIT Compiler for Array Element Setting Cisco Firepower Threat Defense (FTD) Software Denial of Service Vulnerability Denial of Service Vulnerabilities in Cisco Firepower Threat Defense Software Out-of-Bounds Access Vulnerability in Rsyslog v8.1908.0 Heap Overflow in AIX Log Message Parser in Rsyslog v8.1908.0 Heap Overflow in Rsyslog v8.1908.0 Cisco Log Message Parser Privilege Escalation in BMC Patrol Agent 9.0.10i Privilege Escalation via Weak Execution Permissions in BMC Patrol Agent 9.0.10i Stored XSS Vulnerability in Ilch 2.1.22 Jobs Tab Remote Code Execution in Ilch 2.1.22 via Misconfigured Allowed Files NETGEAR SRX5308 4.3.5-3 SQL Injection Vulnerability Allows Unauthorized User Account Creation Cisco ASA Software Remote Access VPN Session Manager Denial of Service Vulnerability Arbitrary File Read and Delete Vulnerability in Voyager Package Unsanitized Attachment Files in Evernote macOS: Code Execution Vulnerability Unprivileged User Raw Socket Creation Vulnerability in Linux Kernel (CID-0614e2b73768) Unprivileged User Raw Socket Creation Vulnerability in Linux Kernel (CVE-2019-18683) Unprivileged Users Can Create Raw Sockets in Linux Kernel (CID-6cc03e8aa36c) Unprivileged User Raw Socket Creation Vulnerability in Linux Kernel Unprivileged User Raw Socket Creation Vulnerability in Linux Kernel Cross-Site Scripting (XSS) Vulnerability in Footy Tipping Software AFL Web Edition 2019 Arbitrary File Upload and Remote Code Execution in Footy Tipping Software AFL Web Edition 2019 Sophos Cyberoam Firewall Appliance Shell Injection Vulnerability Cisco ASA Software Cryptography Module Denial of Service Vulnerability BLE Link Layer Header Vulnerability on NXP KW41Z Cypress PSoC BLE Link Layer Header Vulnerability Session Fixation Vulnerability in OXID eShop PDFxStream before 3.7.1 (Java): Long Running Computation Due to Page-Tree Mishandling NULL Pointer Dereference in Xpdf 4.02's Catalog.cc User Registry Hijacking Vulnerability in Ivanti WorkSpace Control Port-forwarding vulnerability in PuTTY before version 0.73 on Windows allows for connection hijacking Vulnerability: PuTTY before 0.73 Bracketed Paste Mode Protection Bypass Denial of Service Vulnerability in PuTTY Versions Prior to 0.73 Cross-Site Scripting (XSS) Vulnerability in Cisco DNA Center Web Interface XSS Vulnerability in Liquid-Speech-Balloon WordPress Plugin Client Dash Plugin 2.1.4 for WordPress XSS Vulnerability SQL Injection Vulnerability in new-contact-form-widget Plugin for WordPress Directory Traversal Vulnerability in Emlog through 6.0.0beta Stored XSS Vulnerability in XunRuiCMS 4.3.1 Module_Category Area Vulnerability: Stack Variable Usage in cxgb4 Driver Allows for Denial of Service Remote Code Execution and Denial of Service Vulnerability in Jamf Pro Cisco ASA and FTD Software MOBIKE Denial of Service Vulnerability Code Execution Vulnerability in mintinstall 7.9.9 for Linux Mint Micro Focus Operations Agent XXE Attack Vulnerability in Versions 12.0-12.11 AcuToWeb Unauthorized File Download Vulnerability Command Injection Vulnerability in Cisco Firepower Threat Defense (FTD) Software Reflected XSS Vulnerability in Mojarra JavaServer Faces Arbitrary Script Injection Vulnerability in OpenProject Project List DLL Preloading Vulnerability in Avast and AVG Antivirus Stack-based Buffer Overflow in Belkin WeMo Insight Switch Firmware Command Injection Vulnerability in Bitdefender BOX 2: Arbitrary Execution of System Commands OS Command Injection Vulnerability in Bitdefender BOX 2's Bootstrap Stage Hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App and Firmware Untrusted Search Path Vulnerability in Bitdefender Endpoint Security Tools Unauthenticated Remote Access Vulnerability in Cisco ASR 9000 Series Routers Untrusted Search Path Vulnerability in Bitdefender Total Security 2020 Allows Arbitrary Code Execution Command Injection Vulnerability in Netatmo Smart Indoor Camera Firmware Race condition vulnerability in Bitdefender BOX 2 allows arbitrary command execution Bitdefender AV for Mac Incorrect Default Permissions Vulnerability Missing HTTPOnly Flag in Centreon VM Apache HTTP Server Cookie Configuration Predictable Token Generation in Centreon Web 2.8.27 Lateral Movement Vulnerability in Centreon Web through 2.8.29 Arbitrary Code Execution in minPlayCommand.php in Centreon Web Local File Inclusion and Stored XSS Vulnerability in Centreon Web Remote Directory Traversal Vulnerability in Koji 1.18.0: Privilege Escalation Cisco IOS XR Software Event Management Service Daemon Denial of Service Vulnerability Exposure of Mail Server Configuration File in Zoho ManageEngine DataSecurity Plus Buffer overflow vulnerability in libopenmpt_modplug.c in libopenmpt before 0.3.19 and 0.4.x before 0.4.9 Stored and Reflected XSS Vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 Multiple Cross-Site Scripting (XSS) Vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 Stored and Reflected Cross-Site Scripting (XSS) Vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 Arbitrary SQL Command Execution Vulnerability in WiKID 2FA Enterprise Server CSRF Vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2053 Allows Remote Attackers to Perform Unauthorized Actions SQL Injection Vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 Cisco IOS XR Software PIM AutoRP Denial of Service Vulnerability Stored and Reflected XSS Vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 XSS Vulnerability in REDCap before 9.3.4 via Lock Record Custom Text Values Email Spoofing Vulnerability in eGain Web Email API 11+ Vulnerability: Incorrect Access Control in Kramer VIAware 2.5.0719.1034 Angular CSTI Vulnerability in SolarWinds Orion Platform 2019.2 HF1: Escaping Angular Sandbox for Stored XSS Stored Client Side Template Injection (CSTI) in SolarWinds Orion Platform 2019.2 HF1: Angular Expression Injection for Stored XSS and Privilege Escalation Unauthenticated SQL Injection (Boolean Based Blind) in Netreo OmniCenter Login Page Cross-Site Request Forgery Vulnerability in Cisco ASA Software Web-Based Management Interface External URL Mishandling in vBulletin 5.5.4 Clickjacking Vulnerability in vBulletin before 5.5.4 Avatar Upload Vulnerability in vBulletin 5.5.4 Buffer Overflow Vulnerability in cfg80211_mgd_wext_giwessid in Linux Kernel through 5.3.2 Authentication Bypass Vulnerability in Amphora Images of OpenStack Octavia Arbitrary Code Execution via DXF File Parsing in Foxit PhantomPDF 9.5.0.20723 Arbitrary Code Execution via DXF to PDF Conversion in Foxit PhantomPDF 9.5.0.20723 Null Byte Injection Vulnerability in NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.909 via JPEG to EPS Conversion Arbitrary Code Execution via Javascript Processing in Foxit PhantomPDF 9.5.0.20723 SAML SSO VPN Session Hijacking Vulnerability Arbitrary Code Execution via OnFocus Event Handling in Foxit PhantomPDF 9.6.0.25114 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.6.0.25114 Arbitrary Code Execution via Keystroke Action in Foxit PhantomPDF 9.6.0.25114 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.6.0.25114 via Malicious DWG Files (ZDI-CAN-9273) Arbitrary Code Execution via DWG to PDF Conversion in Foxit PhantomPDF 9.6.0.25114 Arbitrary Code Execution via DXF to PDF Conversion in Foxit PhantomPDF 9.6.0.25114 Arbitrary Code Execution in D-Link DCS-960L v1.07.102 via HNAP Service Arbitrary Code Execution Vulnerability in TP-LINK TL-WR841N Routers Privilege Escalation Vulnerability in Parallels Desktop 14.1.3 (45485) Insufficient Entropy in Cisco ASA and FTD Software DRBG: Cryptographic Key Collision Vulnerability Remote Code Execution Vulnerability in Tencent WeChat Prior to 7.0.9 Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability Cisco Video Surveillance Manager Web Interface Information Disclosure Vulnerability Absolute Path Traversal Vulnerability in joyplus-cms 1.6.0 Cross-Site Scripting (XSS) Vulnerability in Genesys PureEngage Digital (eServices) 8.1.x Memory Leak Vulnerability in libfreerdp/codec/region.c Memory Leak in HuffmanTree_makeFromFrequencies Function in LodePNG Multiple Versions of Software Vulnerability Fixed in 5.0.2.1 Cisco Identity Services Engine (ISE) Web Interface Denial of Service Vulnerability Arbitrary File Modification Vulnerability in Valve Steam Client Remote SEH Buffer Overflow in IntraSrv 1.0 (2007-06-03): Compromise via Crafted HTTP Request Memory Exhaustion Vulnerability in Foxit Reader before 9.7 Privilege Escalation Vulnerability in Xerox AtlaLink and C-Series Printers Denial-of-Service Vulnerability in FreeRADIUS 3.0.x Pre-Authentication Remote Code Execution in FiberHome HG2201T 1.00.M5007_JS_201804 via telnet.cgi Pre-Authentication Directory Traversal Vulnerability in FiberHome HG2201T 1.00.M5007_JS_201804 Devices Unrestricted File Upload Vulnerability in Fecshop FecMall 2.3.4 XSS Vulnerability in totemodata 3.0.0_b936 via Folder Name Cisco Identity Services Engine (ISE) Web-Based Guest Portal Cross-Site Scripting (XSS) Vulnerability Avast Secure Browser Local Privilege Escalation Vulnerability Unauthenticated Call Answer Vulnerability in Signal Private Messenger for Android WebRTC Videoconferencing Denial of Service Vulnerability in Signal Private Messenger Uncaught Exception Vulnerability in Connect2id Nimbus JOSE+JWT (before v7.9) SQL Injection in Lifestyle Demographic Filter Criteria in OpenEMR Directory Traversal Vulnerability in WPO WebPageTest 19.04 on Windows XML API Denial of Service Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerability: Unauthorized Elevation of Privilege in FastTrack Admin By Request 6.1.0.0 Insecure Privilege Elevation in FastTrack Admin By Request 6.1.0.0 Stored XSS Vulnerability in TeamPass 2.1.27.36 via Crafted Password in Search Page Stored XSS vulnerability in TeamPass 2.1.27.36 via crafted Knowledge Base label and item addition. Stored XSS in TeamPass 2.1.27.36 via Username Field during Login Attempt Arbitrary Script Execution via Uncontrolled Deserialization in Frost Ming Rediswrapper Reflected XSS Vulnerability in Broken Link Checker WordPress Plugin 1.11.8 XML Input Handling Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Allows for CPU Exhaustion and Denial of Service Denial-of-Service Vulnerability in MQTT Library in Arm Mbed OS 2017-11-02 Integer Overflow in CoAP Library in Arm Mbed OS 5.14.0 Buffer Overflow Vulnerabilities in Arm Mbed OS 5.14.0 CoAP Library Unauthenticated Stored XSS Vulnerability in WebARX Plugin 1.3.0 for WordPress WebARX Plugin 1.3.0 for WordPress Firewall Bypass Vulnerability V-Zug Combi-Steam MSLQ Devices Vulnerable to Password Brute-Force Attack Weak Password Hashing Vulnerability in V-Zug Combi-Steam MSLQ Devices CSRF Vulnerability in V-Zug Combi-Steam MSLQ Devices Unencrypted Communication Vulnerability in V-Zug Combi-Steam MSLQ Devices Unauthenticated Network Access on V-Zug Combi-Steam MSLQ Devices Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) FindMe Feature Cross-Site Scripting (XSS) Vulnerability in Rocket.Chat before 2.1.0 via ![title] Line Arbitrary File Read Vulnerability in PhantomJS 2.1.1 Stored XSS Vulnerability in Intelbras WRN 150 1.0.17 Devices HTML Injection Vulnerability in Dolibarr ERP/CRM 10.0.2 via user/note.php Path Traversal Vulnerability in Compal Broadband CH7465LG Modem Web Interface XSS Vulnerability in Subrion 4.2.1: Admin Member JSON Update XSS Vulnerability in CMS Made Simple (CMSMS) 2.2.11 via Search Term Field Unauthenticated Options Changes in Motors-Car-Dealership-Classified-Listings Plugin Multiple Stored XSS Vulnerabilities in Motors - Car Dealer & Classified Ads Plugin for WordPress Cisco CSPC Default Account Vulnerability Unauthenticated Options Changes Vulnerability in OneTone WordPress Theme Multiple Stored XSS Vulnerabilities in OneTone WordPress Theme Unauthenticated Options Import Vulnerability in Ultimate FAQs Plugin HTML Content Injection in EWD_UFAQ_Import.php Plugin for WordPress Unauthenticated Arbitrary File Deletion in IgniteUp Plugin for WordPress Information Disclosure Vulnerability in igniteup Plugin for WordPress Stored XSS Vulnerability in igniteup Plugin for WordPress CSRF Vulnerability in igniteup Plugin for WordPress Multiple Unauthenticated Stored XSS Vulnerabilities in Download Plugins Dashboard Plugin for WordPress Session Hijacking Vulnerability in Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Bypassing Brute-Force Protection in Bludit 3.9.2 via Forged X-Forwarded-For or Client-IP Headers User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 JPEG_LS Code Flow Control Vulnerability in IrfanView 4.53 JPEG_LS Code Flow Control Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 JPEG_LS+0x0000000000007da8 Write Address Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 Vulnerability: Arbitrary File Overwrite and Command Injection in Cisco UCS B-Series Blade Servers User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 Arbitrary Write Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 IrfanView 4.53 Exception Handler Chain Corruption Vulnerability JPEG_LS Write Address Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in KMPlayer 4.2.2.31 Vulnerability: Unauthorized Access to Internal Services in Cisco NX-OS Software Read Access Violation Vulnerability in MPC-HC through 1.7.13 XnView Classic 2.49.1 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in XnView Classic 2.49.1 Heap-based Buffer Over-read in libyal libfwsi Heap-based Buffer Over-read in libyal liblnk Heap-based Buffer Over-read in libsoup's soup_ntlm_parse_challenge() Function Polymorphic Typing Vulnerability in FasterXML jackson-databind Code-execution backdoor vulnerability in omniauth-weibo-oauth2 gem 0.4.6 Remote Command Execution in Intellian Remote Access 3.18 via Ping Test Field Privilege Escalation Vulnerability in Cisco NX-OS Software Python Scripting Subsystem Unauthenticated Remote Command Execution in Yachtcontrol via /pages/systemcall.php?command={COMMAND} SQL Injection Vulnerability in vBulletin 5.5.4 via ajax/api/hook/getHookList or ajax/api/widget/getWidgetList Parameter ONTAP Select Deploy Administration Utility Privilege Escalation Vulnerability IPv6 Denial of Service Vulnerability in E-Series SANtricity OS Controller Software version 11.60.0 Default Account Vulnerability in NetApp FAS and AFF Baseboard Management Controller (BMC) Firmware Arbitrary Code Execution Vulnerability in OnCommand Cloud Manager Versions Prior to 3.8.0 Cross-Site Scripting Vulnerability in OnCommand System Manager Arbitrary Command Execution Vulnerability in Cisco FXOS and NX-OS Software Vulnerability: Privilege Escalation and File Overwrite in Cisco NX-OS Software SQL Injection Vulnerability in SugarCRM pmse_Inbox Module SQL Injection Vulnerability in SugarCRM pmse_Project Module SQL Injection Vulnerability in SugarCRM Export Function SQL Injection Vulnerability in SugarCRM History Function SQL Injection Vulnerability in SugarCRM Contacts Module by Regular User SQL Injection Vulnerability in SugarCRM Quotes Module SQL Injection Vulnerability in SugarCRM Administration Module PHP Code Injection in SugarCRM Administration Module Vulnerability: Privilege Escalation in Cisco NX-OS Software Guest Shell PHP Code Injection Vulnerability in SugarCRM Administration Module PHP Code Injection in SugarCRM ModuleBuilder Module by Admin User PHP Code Injection in SugarCRM ModuleBuilder Module PHP Code Injection in SugarCRM MergeRecords Module by Developer User PHP Code Injection in SugarCRM MergeRecords Module by Admin User PHP Code Injection in SugarCRM MergeRecords Module PHP Code Injection in SugarCRM Configurator Module PHP Code Injection in SugarCRM Tracker Module by Admin User PHP Code Injection in SugarCRM Emails Module by Regular User PHP Code Injection in SugarCRM EmailMan Module by Admin User Vulnerability in Cisco NX-OS Software Allows Exposure of Private SSH Keys PHP Code Injection in SugarCRM Campaigns Module by Admin User Directory Traversal Vulnerability in SugarCRM Attachment Function Directory Traversal Vulnerability in SugarCRM Directory Traversal Vulnerability in SugarCRM Studio Module Directory Traversal Vulnerability in SugarCRM Configurator Module PHP Object Injection Vulnerability in SugarCRM Administration Module PHP Object Injection Vulnerability in SugarCRM Import Module PHP Object Injection in SugarCRM UpgradeWizard Module SQL Injection Vulnerability in SugarCRM pmse_Inbox Module SQL Injection Vulnerability in SugarCRM Emails Module by Regular User Time-of-Check, Time-of-Use (TOCTOU) Race Condition Vulnerability in Cisco NX-OS Software RPM Subsystem Buffer Overflow Vulnerability in NetSarang XFTP Client 6.0149 and Earlier Versions Information Disclosure Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Arbitrary File Creation Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Arbitrary File Creation and Execution Vulnerability in ClipSoft REXPERT Directory Traversal Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Arbitrary File Upload Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Arbitrary File Deletion Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Directory Traversal Vulnerability in JEUS 7 and JEUS 8 Administration Web Page Cross-Site Scripting (XSS) Vulnerability in Cisco NX-OS Software's NX-API Sandbox Interface Multiple Cross-Site Scripting (XSS) Vulnerabilities in TIBCO EBX Web Server Component Stored Cross-Site Scripting (XSS) Vulnerability in TIBCO EBX Add-ons Stored Cross-Site Scripting (XSS) Vulnerability in TIBCO EBX Add-ons Stored Cross-Site Scripting (XSS) Vulnerability in TIBCO EBX Web Server Component Remote Code Execution Vulnerability in TIBCO Spotfire Visualizations Component Multiple Privilege Escalation Vulnerabilities in TIBCO Spotfire Analytics Platform and Spotfire Server Multiple Vulnerabilities in TIBCO Spotfire Analytics Platform and Spotfire Server Allow Unauthorized Access to Credentials Reflected Cross-Site Scripting (XSS) Vulnerability in TIBCO Spotfire Analytics Platform and Server Persistent Cross-Site Scripting Vulnerabilities in TIBCO Patterns - Search TIBCO Silver Fabric VirtualRouter Component URL Script Injection Vulnerability Incomplete RBAC Verification Allows Unauthorized Access to Sensitive System Files in Cisco FXOS and NX-OS Software Xen Grant-Table Transfer Request Mishandling Vulnerability Race condition vulnerability during addition of passed-through PCI device in Xen Race Condition in Xen Allows Denial of Service and Privilege Escalation Xen Privilege Escalation and Denial of Service Vulnerability Denial of Service Vulnerability in Xen through 4.11.x Denial of Service Vulnerability in Xen 4.8.x through 4.11.x Xen Privilege Escalation and Denial of Service Vulnerability Xen Privilege Escalation and Denial of Service Vulnerability Denial of Service Vulnerability in Xen due to PCID and Shadow-Pagetable Switching Incompatibility Denial of Service Vulnerability in Xen Arm DomU LoadExcl/StoreExcl Operation Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Denial of Service Vulnerability in Xen Arm DomU Compare-and-Exchange Operation Unrestricted Resource Consumption Vulnerability in Xen Guest Memory Mapping File Upload Bypass Vulnerability in JFinal cos before 2019-08-13 Unauthenticated Access and Data Modification Vulnerability in D-Link DIR-615 Firmware Unauthenticated Access and Data Modification Vulnerability in Zyxel NBG-418N v2 Firmware V1.00(AARP.9)C0 Insecure Logging of Credentials in Orbitz Android App Insecure Transmission of Login Credentials in Infinite Design Android App Cacti 1.2.7 SQL Injection Vulnerability in graphs.php Unsafe Deserialization in Cacti 1.2.7: Array Population Vulnerability Memory Allocation Vulnerability in Bouncy Castle Crypto (BC Java) 1.63 Vulnerability in Cisco UCS C-Series Rack Servers Allows Bypass of UEFI Secure Boot Validation Uncontrolled Resource Consumption Vulnerability in Hitachi Command Suite 7.x and 8.x Command Injection Vulnerability in SaltStack Salt-API with SSH Client Enabled Out-of-bounds Read and Crash Vulnerability in LibTomCrypt Arbitrary Command Execution in Petwant PF-103 Firmware and Petalk AI Arbitrary User Account Access Vulnerability in Nix through 2.3 Improper Access Control in Citrix Application Delivery Management (ADM) 12.1 before build 54.13 CSRF Vulnerability in OpenWRT Firmware Version 18.06.4 XSS Vulnerability in S-CMS v1.5 via member_login.php CSRF Vulnerability in OTCMS v3.85 Admin Panel Allows Unauthorized Account Creation Interface Wedge and Denial of Service (DoS) Vulnerability in Cisco IOS Software and Cisco IOS XE Software Arbitrary PHP Code Execution in OTCMS v3.85 via into/**/outfile Manipulation Memory Leak in gif2png 2.5.13's writefile Function Authentication Bypass Vulnerability in Certain NETGEAR Devices Unauthenticated Access to Critical Pages in NETGEAR Devices via .jpg Substring Vulnerability Persistent API Token Credentials in cPanel (SEC-517) Self XSS vu