Vulnerability Index: Year 2020

Isolated App Privilege Escalation Vulnerability in Android Use-after-free vulnerability in ih264d_init_decoder in ih264d_api.c allows remote attackers to execute arbitrary code via a crafted video file in Android 8.0, 8.1, 9, and 10. Time-of-Check Time-of-Use Vulnerability in InstallStart.java Allows Package Validation Bypass Local Denial of Service Vulnerability in WallpaperManagerService's generateCrop Method Out-of-bounds Write Vulnerability in btm_read_remote_ext_features_complete of Android Uninitialized Data Information Disclosure in rw_i93_send_cmd_write_single_block of rw_i93.cc Heap Memory Information Disclosure in flattenString8 of Sensor.cpp Race condition in LowEnergyClient::MtuChangedCallback in low_energy_client.cc leads to out-of-bounds read vulnerability in Android Arbitrary Write Permissions Bypass in ashmem.c (Android Kernel) Out-of-bounds Write Vulnerability in fpc_ta_get_build_info of fpc_ta_kpi.c Out of Bounds Write Vulnerability in get_auth_result of fpc_ta_hw_auth.c Out of Bounds Write Vulnerability in fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c Clickable TYPE_TOAST Window Vulnerability Overlay Vulnerability in CertInstaller: Local Privilege Escalation in Android Insecure Default Password Vulnerability in Broadcom Nexus Firmware Local Information Disclosure Vulnerability in Android's User Dictionary Possible Log Information Disclosure in MotionEntry::appendDescription of InputDispatcher.cpp Insecure Default Password Vulnerability in Broadcom Nexus Firmware ExifInterface.java: Location Information Redaction Failure Possible Permanent Denial-of-Service Vulnerability in removeUnusedPackagesLPw of PackageManagerService.java Out of Bounds Write Vulnerability in reassemble_and_dispatch of packet_fragmenter.cc Missing Permission Check in setPhonebookAccessPermission of AdapterService.java Allows Disclosure of User Contacts over Bluetooth Possible Unauthorized Setting Modification Vulnerability in SettingsBaseActivity.java Screen Pinning Permissions Bypass in deletePackageVersionedInternal of PackageManagerService.java Use-after-free vulnerability in Parcel::continueWrite in Parcel.cpp Out of Bounds Write Vulnerability in HidRawSensor::batch of HidRawSensor.cpp Possible Bypass of Private DNS Settings in NetworkMonitor.java Location History Storage Vulnerability in WifiConfigManager Race condition vulnerability in binder_thread_release in binder.c allows for local privilege escalation without additional execution privileges needed Sensitive Information Disclosure in Augmented Autofill of Android-10 Heap Buffer Overflow in ih264d_release_display_bufs of ih264d_utils.c Stale Pointer Out-of-Bounds Write Vulnerability in CryptoPlugin::decrypt of CryptoPlugin.cpp Out-of-bounds Read Vulnerability in vp8_decode_frame of decodeframe.c Missing Permission Check in TelephonyProvider.java Allows Unauthorized Access to SIM Card Info Possible Permissions Bypass Vulnerability in hasPermissions of PermissionMonitor.java Out of Bounds Read Vulnerability in rw_i93_sm_set_read_only of Android NFC Uninitialized Data Read Vulnerability in rw_i93_sm_update_ndef of rw_i93.cc Uninitialized Data Read Vulnerability in rw_i93_sm_update_ndef of rw_i93.cc Out-of-Bounds Write Vulnerability in binder_transaction of Android Kernel Possible Out of Bounds Read in fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c Out of Bounds Read Vulnerability in authorize_enrol of fpc_ta_hw_auth.c Out of Bounds Read Vulnerability in set_nonce of fpc_ta_qc_auth.c Race condition vulnerability in StatsService::command of StatsService.cpp allows for local escalation of privilege with System execution privileges needed (Android-10). Heap Buffer Overflow in DrmPlugin::releaseSecureStops of DrmPlugin.cpp Allows Local Privilege Escalation Missing Permission Check in setMasterMute of AudioService.java Allows Local Silencing of Audio Possible Stack Information Leak in onTransact of IAudioFlinger.cpp Possible Information Disclosure in onReadBuffer() of StreamingSource.cpp in Android-10 (A-140177694) Out-of-bounds Write Vulnerability in nfa_hciu_send_msg of nfa_hci_utils.cc Possible Tapjacking Vulnerability in SettingsHomepageActivity's onCreate Method Lock Screen SMS Permissions Bypass Vulnerability Out-of-bounds Write Vulnerability in convertHidlNanDataPathInitiatorRequestToLegacy and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp Possible Permission Revocation in WifiNetworkSuggestionsManager Out of Bounds Read Vulnerability in l2c_link_process_num_completed_pkts of l2c_link.cc Out of Bounds Read Vulnerability in btu_hcif_connection_comp_evt of btu_hcif.cc Out of Bounds Read Vulnerability in btm_process_inq_results of btm_inq.cc Out of Bounds Read Vulnerability in l2c_rcv_acl_data of l2c_main.cc Out-of-bounds Read Vulnerability in btm_ble_batchscan_filter_track_adv_vse_cback of Android-10 Possible SQL Injection Vulnerability in SmsProvider.java and MmsSmsProvider.java Allows Permission Bypass and Local Information Disclosure Possible Permissions Bypass in Pixel Recorder Allows Arbitrary Audio Recording Euicc Information Disclosure Vulnerability: Remote Exploitation without User Interaction Local Privilege Escalation Vulnerability in SurfaceFlinger with TEE Bypass Improper Authorization Vulnerability in Android SoC Provisioning Data Processing Improper Authorization in Android Suite Daemon Receiver Component Race condition vulnerability in netlink driver allows for local privilege escalation Out of Bounds Read Vulnerability in f2fs_xattr_generic_list of xattr.c Integer Overflow Vulnerability in crus_afe_get_param of msm-cirrus-playback.c Out-of-Bounds Write Vulnerability in Mediatek Command Queue Driver Out of Bounds Write Vulnerability in rw_t2t_update_lock_attributes of rw_t2t_ndef.cc Out of Bounds Write Vulnerability in rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc Out-of-bounds Write Vulnerability in rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc Out-of-bounds Write Vulnerability in rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc Potential Settings Bypass Vulnerability Allowing Arbitrary Domain Default Handler in PackageManagerService Out of Bounds Read Vulnerability in FPC IRIS TrustZone App's set_shared_key Function Out of Bounds Write Vulnerability in FPC IRIS TrustZone App Out of Bounds Read Vulnerability in FPC IRIS TrustZone App Allows Local Information Disclosure Out of Bounds Write Vulnerability in DrmPlugin.cpp Out-of-bounds Write Vulnerability in CryptoPlugin.cpp (CVE-2020-XXXX) Possible Local Privilege Escalation Vulnerability in AppOpsControllerImpl.java Double Free Vulnerability in AssetManager.java Allows for Local Privilege Escalation Unsafe Deserialization Vulnerability in ExternalVibration.java Allows Arbitrary Intent Activation Improper Default Value Handling in setRequirePmfInternal of sta_network.cpp in Android-10 (A-142797954) Missing Permission Checks in NotificationManagerService.java Allows Local Privilege Escalation Possible Permission Bypass in setBluetoothTethering of PanService.java Possible Out of Bounds Write Vulnerability in readCString of Parcel.cpp Possible Side Channel Information Disclosure in getProcessPss of ActivityManagerService.java Possible Resource Exhaustion Vulnerability in parseTrackFragmentRun of MPEG4Extractor.cpp Missing Permission Check in Audio Server Allows Local Privilege Escalation in Android-11 (A-137015603) Improper Authorization in Android Email Receiver Component (A-149813048) Incorrect Configuration in mnld Driver_cfg for Meta Factory Mode Vulnerability Possible Disclosure of Sensitive Notification Content in setHideSensitive of NotificationStackScrollLayout.java Out-of-bounds Read Vulnerability in exif_data_save_data_entry of exif-data.c Out of Bounds Write Vulnerability in ExifUtils.cpp Possible Privilege Escalation Vulnerability in ActivityStartController.java Permission Bypass Vulnerability in PackageManagerService.java Permission Bypass Vulnerability in navigateUpToLocked of ActivityStack.java Insecure Default Value in addWindow of WindowManagerService.java Allows for Tapjacking and Privilege Escalation Out-of-bounds Read Vulnerability in onTransact of IHDCP.cpp Uninitialized Data Information Disclosure in BnCrypto::onTransact of ICrypto.cpp Out-of-Bounds Write Vulnerability in GattServer::SendResponse of gatt_server.cc Possible Remote Code Execution Vulnerability in a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc Inappropriate Read Vulnerability in KeyguardStateMonitor.java Missing Permission Check in onKeyguardVisibilityChanged in key_store_service.cpp Allows Local Escalation of Privilege in Android Possible Permission Bypass in getCellLocation of PhoneInterfaceManager.java Possible Permissions Bypass and Local Information Disclosure in getUiccCardsInfo of PhoneInterfaceManager.java Possible bypass of foreground process restrictions in postNotification of ServiceRecord.java Missing Permission Check in simulatePackageSuspendBroadcast of NotificationManagerService.java Allows Local Privilege Escalation Out of Bounds Write Vulnerability in psi_write of psi.c Out-of-Bounds Read Vulnerability in sendCaptureResult of Camera3OutputUtils.cpp Local Privilege Escalation Vulnerability in KeyguardSliceProvider Potential settings bypass vulnerability in PackageManagerService.java allows arbitrary domain takeover Possible Bypass of User Profile Isolation in checkSystemLocationAccess of LocationAccessPolicy.java Integer Overflow Vulnerability in aes_cmac.cc Allows Remote Code Execution in Bluetooth Server Out-of-bounds Write Vulnerability in addListener of RegionSamplingThread.cpp Improper Certificate Validation in WifiConfigManager.java Allows Man-in-the-Middle Attack Heap Buffer Overflow in notifyErrorForPendingRequests of QCamera3HWI.cpp Possible Permission Bypass in updateUidProcState of AppOpsService.java Leading to Local Information Disclosure Possible Permissions Bypass in com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml Possible Out of Bounds Write Vulnerability in Android SoC (A-149871374) Out of Bounds Write Vulnerability in markBootComplete of InstalldNativeService.cpp Out of Bounds Read Vulnerability in mediadrm: Local Information Disclosure Race condition vulnerability in DrmPlugin.cpp allows for local code execution Out of Bounds Read Vulnerability in AudioStream::decode of AudioGroup.cpp Integer Overflow Vulnerability in AMPEG4ElementaryAssembler's addPacket Method Out-of-Bound Write Vulnerability in SetData of btm_ble_multi_adv.cc Possible Command Injection Vulnerability in Android-11 (Android ID: A-123230379) Allows Local Privilege Escalation Out-of-bounds Write Vulnerability in MPEG4Extractor.cpp Possible Out of Bounds Read in BnAAudioService::onTransact of IAAudioService.cpp GPS Location Spoofing Vulnerability in MockLocationAppPreferenceController Possible Information Disclosure in BnDrm::onTransact of IDrm.cpp Possible Backup Metadata Exposure in RollbackManagerServiceImpl.java Integer Overflow Vulnerability in Parcel.cpp Allows for Local Privilege Escalation Missing Permission Check in setIPv6AddrGenMode of NetworkManagementService.java Allows Local Privilege Escalation Out of Bounds Write Vulnerability in get_element_attr_rsp of btif_rc.cc Integer Overflow Vulnerability in NDEF_MsgValidate of ndef_utils.c Information Disclosure in rw_i93_sm_detect_ndef of rw_i93.c Heap Disclosure Vulnerability in OutputBuffersArray::realloc of CCodecBuffers.cpp Information Disclosure in rw_i93_sm_format of rw_i93.c in Android-10 Out of Bounds Read Vulnerability in nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c Out-of-bounds Read Vulnerability in btm_proc_sp_req_evt of btm_sec.cc Out of Bounds Read Vulnerability in btm_simple_pair_complete of btm_sec.cc Out of Bounds Read Vulnerability in btu_hcif_hardware_error_evt of btu_hcif.cc Out-of-bounds Read Vulnerability in btu_hcif_esco_connection_chg_evt of btu_hcif.cc Out of Bounds Read Vulnerability in btu_hcif.cc Out-of-bounds Read Vulnerability in btu_hcif_mode_change_evt of btu_hcif.cc Out-of-bounds Write Vulnerability in rw_t3t_message_set_block_list of Android-10 Out-of-bounds Read Vulnerability in avb_vbmeta_image_verify of avb_vbmeta_image.c Out of Bounds Read Vulnerability in avb_vbmeta_image_verify of avb_vbmeta_image.c Out of Bounds Write Vulnerability in phNxpNciHal_write_ext of phNxpNciHal_ext.cc Out of Bounds Read Vulnerability in nci_proc_core_rsp of nci_hrcv.cc Out of Bounds Write Vulnerability in phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc Possible Out of Bounds Read in NxpNfc::ioctl of NxpNfc.cpp Leading to Local Information Disclosure Out of Bounds Read Vulnerability in nfa_hci_conn_cback of nfa_hci_main.cc Out of Bounds Read Vulnerability in NFC T3T Polling Notification Handling Out of Bounds Read Vulnerability in rw_mfc_writeBlock of rw_mfc.cc Resource Exhaustion Vulnerability in setSyncSampleParams of SampleTable.cpp in Android-10 (A-124771364) Possible Resource Exhaustion Vulnerability in parseChunk of MPEG4Extractor.cpp Possible Resource Exhaustion Vulnerability in parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp Possible Resource Exhaustion Vulnerability in parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp Out of Bounds Read Vulnerability in phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc Out of Bounds Write Vulnerability in phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc Missing Validation in Parceling of URI Information in Android-10: Local Privilege Escalation Vulnerability Integer Overflow Vulnerability in ResourceTypes.cpp Out-of-bounds Write Vulnerability in impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c Resource Exhaustion Vulnerability in RTTTL_Event of eas_rtttl.c in Android-10 (A-123700383) Missing Bounds Check in IMY_Event of eas_imelody.c Allows for Remote Denial of Service in Android-10 Resource Exhaustion Vulnerability in Parse_lart of eas_mdls.c Resource Exhaustion Vulnerability in Parse_art of eas_mdls.c Improper Input Validation in Parse_lins of eas_mdls.c Leads to Remote Denial of Service in Android-10 Resource Exhaustion Vulnerability in Parse_ptbl of eas_mdls.c Resource Exhaustion Vulnerability in XMF_ReadNode of eas_xmf.c Out-of-Bounds Read Vulnerability in avdt_msg_prs_rej of avdt_msg.cc Possible Permissions Bypass in connect() of PanService.java Allows Local Privilege Escalation Missing Permission Check in getAllConfigFlags of SettingsProvider.cpp Allows Local Information Disclosure Insufficient Input Validation in doSendObjectInfo of MtpServer.cpp Allows Path Traversal Attack Possible Out of Bounds Read in GetOpusHeaderBuffers() of OpusHeader.cpp in Android-10 (A-142861738) Integer Overflow Vulnerability in exif_data_load_data_thumbnail of exif-data.c Out of Bounds Read Vulnerability in exif_entry_get_value of Android-10 Incomplete Reset Vulnerability in BluetoothManagerService Allows Local Privilege Escalation Potential Infinite Loop Vulnerability in ihevcd_ref_list() of ihevcd_ref_list.c Out-of-bounds Read Vulnerability in avrc_pars_browsing_cmd of avrc_pars_tg.cc Out of Bounds Write Vulnerability in hal_fd_init of hal_fd.cc Incorrect Cryptographic Algorithm Selection in engineSetMode of BaseBlockCipher.java Possible Permissions Bypass in SettingsSliceProvider.java's onCreatePermissionRequest Method Resource Exhaustion Vulnerability in ihevcd_decode() of Android-10 Heap Buffer Overflow in ideint_weave_blk of ideint_utils.c Out-of-bounds Read Vulnerability in ih264d_update_default_index_list() of ih264d_dpb_mgr.c Out-of-bounds Read Vulnerability in ih264d_decode_slice_thread of ih264d_thread_parse_decode.c Heap Buffer Overflow in ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s Integer Overflow Vulnerability in ihevcd_parse_slice_header.c Allows for Remote Code Execution Uninitialized Data Information Disclosure Vulnerability in ihevcd_iquant_itrans_recon_ctb Possible Remote Denial of Service Vulnerability in RegisterNotificationResponse::GetEvent Out of Bounds Read Vulnerability in InitDataParser::parsePssh of InitDataParser.cpp Integer Overflow Vulnerability in exif_data_load_data_content of exif-data.c Possible Use-After-Free Vulnerability in TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp Out of Bounds Read Vulnerability in ReadLittleEndian of raw_bit_reader.cc Possible Credential Leak in showSecurityFields of WifiConfigController.java Possible Bypass of Developer Settings Requirements for Capturing System Traces in TraceService.java Possible UID Reuse Vulnerability in freeIsolatedUidLocked of ProcessList.java Bypassing Signature Check in InstallPackage of package.cpp in Android-10 (A-136498130) Out-of-bounds Read Vulnerability in DaalaBitReader Constructor of entropy_decoder.cc Improper Input Validation in Android Settings App Leads to Local Denial of Service Out-of-Bounds Read Vulnerability in jdmarker.c of Android-10 (A-135532289) Possible Permissions Bypass in AccountManager.java Allows Local Privilege Escalation Possible Permissions Bypass in AccountManager.java Allows Local Privilege Escalation Possible Permissions Bypass and Privilege Escalation in removeSharedAccountAsUser of AccountManager.java Out of Bounds Read Vulnerability in SumCompoundHorizontalTaps of convolve_neon.cc Use-after-free vulnerability in _onBufferDestroyed of InputBufferManager.cpp allows for remote information disclosure in Android Heap Buffer Overflow in hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s Out of Bounds Read Vulnerability in ce_t4t_process_select_file_cmd of ce_t4t.cc Bluetooth Information Leak Vulnerability in ConfirmConnectActivity Integer Overflow Vulnerability in phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp Out of Bounds Write Vulnerability in RW_T4tPresenceCheck of Android-10 (A-141331405) Race condition vulnerability in loadSoundModel and related functions of SoundTriggerHwService.cpp allows for local privilege escalation without additional execution privileges needed Possible Insecure Intent in SliceDeepLinkSpringBoard.java Allows Local Elevation of Privilege Out of Bounds Write Vulnerability in msm-cirrus-playback.c Numeric Overflow Vulnerability in Airbrush FW's Scratch Memory Allocator Unbounded Write Vulnerability in Android Kernel Out-of-bounds Write Vulnerability in FastKeyAccumulator::GetKeysSlow Out-of-Bounds Write Vulnerability in a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc Out of Bounds Write Vulnerability in createWithSurfaceParent of Client.cpp Missing Permission Check in onCommand of CompanionDeviceManagerService.java Improper Configuration of Recorder Service in Android SoC (A-156333723) Possible Out of Bounds Write Vulnerability in Android SoC (A-156333725) Possible Out of Bounds Write Vulnerability in Android SoC (A-156337262) Android Out of Bounds Write Vulnerability (A-156333727) Use-After-Free Vulnerability in abc_pcie_issue_dma_xfer_sync Use After Free Vulnerability in Android Kernel Allows Local Privilege Escalation Out of Bounds Write Vulnerability in crus_afe_get_param of msm-cirrus-playback.c Memory Corruption Vulnerability in crus_sp_shared_ioctl Out-of-Bounds Read Vulnerability in A2DP_GetCodecType of a2dp_codec_config Race condition vulnerability in updatePreferenceIntents of AccountTypePreferenceLoader allows for local escalation of privilege and launching privileged activities without additional execution privileges needed Location Metadata Disclosure Vulnerability in getDocumentMetadata of DocumentsContract.java Integer Overflow Vulnerability in NewFixedDoubleArray of factory.cc Double Free Vulnerability in NuPlayerStreamListener of Android Use-after-free vulnerability in NuPlayerDriver.cpp allows local privilege escalation Use-after-free vulnerability in clearPropValue of MediaAnalyticsItem.cpp Out-of-bounds Read Vulnerability in writeBurstBufferBytes of SPDIFEncoder.cpp Heap Buffer Overflow in DecodeFrameCombinedMode of combined_decode.cpp Missing Permission Check in getCarrierPrivilegeStatus of UiccAccessRule.java Allows Local Information Disclosure of EID Data Possible Crash Loop in Threshold::getHistogram of ImageProcessHelper.java Possible Permission Bypass and Local Information Disclosure in postInstantAppNotif of InstantAppNotifier.java Possible Permission Bypass and Local Information Disclosure in postInstantAppNotif of InstantAppNotifier.java Missing Permission Check in requestCellInfoUpdateInternal of PhoneInterfaceManager.java Allows Local Information Disclosure of Location Data Possible Out of Bounds Read Vulnerability in Android SoC (A-152647626) Possible Memory Corruption Vulnerability in Android SoC (A-152236803) Possible Memory Corruption Vulnerability in Android SoC (A-152647365) Possible Out of Bounds Read Vulnerability in Android SoC (A-152647751) Out of Bounds Write Vulnerability in LoadPartitionTable of gpt.cc Incomplete Cleanup in SpecializeCommon of com_android_internal_os_Zygote.cpp Allows Local Privilege Escalation in Android-10 Insufficient Cleanup in stopZygoteLocked of AppZygote.java Allows Local Information Disclosure Improper Crypto Usage in dm-verity Allows for Local Privilege Escalation in Android Android SoC Vulnerability: Out of Bounds Read Exploit Missing Seccomp Configuration File Vulnerability in C2 Flame Devices Android WiFi Tethering Vulnerability: Attacker-Controlled Intent Exploitation Potential Permission Bypass in Accessibility Service via Unsafe PendingIntent Libstagefright Integer Overflow Vulnerability Allows Remote Code Execution on Android Android Telephony Vulnerability: Local Information Disclosure without User Interaction Android Factory Reset Protection Vulnerability Allows Local Privilege Escalation Confused Deputy Vulnerability in WindowManager Allows Unexpected App Launch Race Condition Vulnerability in NFC Could Lead to Local Privilege Escalation Android Auto Settings Unsafe PendingIntent Permission Bypass Vulnerability Out of Bounds Read Vulnerability in Tremolo Library on Android-11 (Android ID: A-145790628) Insecure Default Value in Android Settings App: Local Privilege Escalation and Tapjacking Vulnerability Uninitialized Data Vulnerability in libhwbinder Allows Local Information Disclosure Out of Bounds Write Vulnerability in hwservicemanager Possible Information Disclosure in OMX Parser: Local Data Exposure in Android-11 (A-120781925) Permission Bypass Vulnerability in MediaProvider Allows Unauthorized Access to ContentResolver and MediaStore Entries Telephony Vulnerability: Local Information Disclosure via Permission Bypass in Android-11 Missing Permission Check in NetworkPolicyManagerService Allows Local Privilege Escalation Possible Out of Bounds Write Vulnerability in Android SoC (A-160812574) Out of Bounds Read Vulnerability in AAC Parser Allows Remote Information Disclosure Out-of-Bounds Read Vulnerability in nci_proc_ee_management_rsp of nci_hrcv.cc NFC Out of Bounds Read Vulnerability in Android-11 (A-137857778) NFC Out of Bounds Read Vulnerability in Android-11 (A-144506224) Potential Out of Bounds Write Vulnerability in Android SoC (A-163008257) Telephony Vulnerability: Local Information Disclosure via Permission Bypass in Android-11 Telephony Vulnerability: Local Information Disclosure via Permission Bypass in Android-11 Bluetooth AVRCP Audio Metadata Leak Vulnerability in Android-11 Resource Exhaustion Vulnerability in libmkvextractor Leads to Remote Denial of Service in Android Missing Permission Check in PackageManager Allows Local Information Disclosure Missing Permission Check in PackageManager Allows for Local Information Disclosure Missing Permission Check in PackageManager Allows Local Information Disclosure Android Bluetooth Vulnerability: Out of Bounds Read Leading to Local Information Disclosure Android Bluetooth Vulnerability: Out of Bounds Read Leading to Local Information Disclosure Missing Permission Check in Java Network APIs Allows Local Information Disclosure Potential Permission Bypass Vulnerability in bindWallpaperComponentLocked of WallpaperManagerService.java Title: Android Telecom Vulnerability: Permission Bypass via Unsafe PendingIntent Unsafe PendingIntent in ADB and USB Servers Allows Permission Bypass and Local Information Disclosure Permission Bypass Vulnerability in DevicePolicy Service with Unsafe PendingIntent Android Bluetooth Vulnerability: Local Privilege Escalation via Missing Permission Check Bluetooth Metadata Spoofing Vulnerability in Android-11 (A-145130119) Uninitialized Data in NFC Allows Remote Information Disclosure in Android Libstagefright Vulnerability: Remote Denial of Service Exploitation in Android-11 Title: Android Settings Permission Bypass via Unsafe PendingIntent Use-after-free vulnerability in Android Media Extractor allows for remote code execution Title: Android Settings Permission Bypass via Unsafe PendingIntent Race condition leading to use-after-free vulnerability in cdev_get of char_dev.c Ineffective Stack Cookie Placement in LLVM: Local Privilege Escalation in Android-11 (A-139666480) Title: Android Settings Permission Bypass via Unsafe PendingIntent Unsafe PendingIntent in Window Manager Allows Permission Bypass and Local Information Disclosure Android Bluetooth Server Integer Overflow Vulnerability Title: Android Settings Permission Bypass via Unsafe PendingIntent Permission Bypass Vulnerability in InputManagerService with Unsafe PendingIntent Battery Saver Permission Bypass Vulnerability in Android-11 Potential Permission Bypass in NotificationManagerService via Unsafe PendingIntent Missing Permission Checks in AudioService: Local Information Disclosure Vulnerability Zen Mode Vulnerability: Permission Bypass and Local Information Disclosure in Android-11 Telephony Vulnerability: Local Information Disclosure of Radio Data in Android-11 Missing Permission Check in UsageStatsManager Allows Local Information Disclosure Uncaught Exception in System UI Leads to Local Denial of Service in Android-11 Android NFC Out of Bounds Write Vulnerability: Local Privilege Escalation and Firmware Compromise Libstagefright Resource Exhaustion Vulnerability: Remote Denial of Service in Android-11 Uninitialized Data Out-of-Bounds Write Vulnerability in Android MP3 Extractor Possible Out of Bounds Read Vulnerability in apexd with Local Information Disclosure Out of Bounds Read Vulnerability in libavb Allows Local Information Disclosure Out of Bounds Read Vulnerability in libsonivox in Android-11 (A-136660304) NFC Vulnerability: Local Information Disclosure with System Execution Privileges Uninitialized Data Out of Bounds Write Vulnerability in NFC on Android-11 (A-146453119) Missing Permission Check in Core Networking: Local Information Disclosure Vulnerability Integer Overflow Vulnerability in Android Camera Allows Local Information Disclosure OMX Encoder Out-of-Bounds Read Vulnerability in Android-11 (CVE-2021-12345) Possible Memory Corruption Vulnerability in iorap: Local Privilege Escalation and Code Execution Possible Permissions Bypass Vulnerability in Android-11 Allows Local Information Disclosure Remote Denial of Service Vulnerability in libstagefright on Android-11 (A-124783982) Improper Input Validation in UrlQuerySanitizer Allows Remote Code Execution NFC Out of Bounds Write Vulnerability in Android-11 (A-147995915) NFC Out of Bounds Write Vulnerability in Android-11 (A-122361504) Type Confusion Vulnerability in SurfaceFlinger Allows Local Privilege Escalation Bypass of Permissions Check in MediaProvider: Local Information Disclosure Vulnerability Possible Permission Bypass in checkKeyIntent of AccountManagerService.java Possible Out of Bounds Read Vulnerability in Android SoC (A-162980705) Uninitialized Data Vulnerability in libcodec2_soft_mp3dec Permission Bypass Vulnerability in DisplayManager Allows Local Privilege Escalation Android SoC Vulnerability: Out of Bounds Write Exploit Missing Permission Check in NetworkStatsService Allows for Local Information Disclosure Possible Permissions Bypass and Local Information Disclosure in MediaProvider via SQL Injection Permission Bypass Vulnerability in DocumentsUI Allows Local Privilege Escalation Integer Overflow Vulnerability in Mediaserver Allows Local Privilege Escalation Out of Bounds Write Vulnerability in iptables Allows Local Privilege Escalation NFC Out of Bounds Read Vulnerability in Android-11 (A-139188582) NFC Out of Bounds Read Vulnerability in Android-11 (A-139188779) NFC Out of Bounds Write Vulnerability in Android-11 (A-139424089) Libstagefright Vulnerability: Remote Denial of Service in Android-11 (CVE-2021-1234) Possible Permissions Bypass and Local Information Disclosure in MediaProvider via SQL Injection Resource Exhaustion Vulnerability in libmp4extractor: Remote Denial of Service in Android Critical Out of Bounds Write Vulnerability in Bluetooth on Android-11 (A-143604331) Out of Bounds Read Vulnerability in libFraunhoferAAC Out of Bounds Write Vulnerability in Android Audio HAL Use-after-free vulnerability in SurfaceFlinger allows for local privilege escalation Race Condition Use After Free Vulnerability in SurfaceFlinger Allows for Local Privilege Escalation Buffer Overflow Vulnerability in GLESRenderEngine Allows for Local Information Disclosure Uninformed Consent Vulnerability in Android Notification Access Confirmation Uninitialized Data in libDRCdec: Remote Information Disclosure Vulnerability Remote Denial of Service Vulnerability in libstagefright on Android-11 (A-123237930) Resource Exhaustion Vulnerability in libmedia Out of Bounds Read Vulnerability in libDRCdec of Android-11 (A-137282770) Out of Bounds Read Vulnerability in netd Allows Remote Denial of Service Tapjacking Vulnerability in PackageInstaller Allows Permissions Bypass Android SoC Vulnerability: Out of Bounds Write Exploit Possible Permission Bypass in CallLogProvider.java Allows Local Information Disclosure of Voicemail Metadata Integer Overflow Vulnerability in libavb Allows for Local Privilege Escalation Out of Bounds Read Vulnerability in libAACdec of Android-11 (A-112051700) Missing Bounds Check Vulnerability in Android SoC Leads to Out of Bounds Read Missing Permission Check in ActivityManager Allows Local Information Disclosure Race condition vulnerability in SoundTriggerHwService allows for local information disclosure Unsafe PendingIntent in NFC Allows Permission Bypass and Privilege Escalation in Android-11 Telephony Vulnerability: Local Privilege Escalation and EUICC Country Setting Bypass Missing Bounds Check Vulnerability in Android SoC Leads to Out of Bounds Read Out-of-bounds Read Vulnerability in GATT Process Read by Type Response in Android Bluetooth Server Missing Permission Check in onWnmFrameReceived of PasspointManager.java Bluetooth Spoofing Vulnerability in Android Devices Out-of-bounds Write Vulnerability in allocExcessBits of bitalloc.c Integer Overflow Vulnerability in Parse_wave of eas_mdls.c Possible User Consent Bypass Vulnerability in RunInternal of dumpstate.cpp Out-of-Bounds Write Vulnerability in Parse_ins of eas_mdls.c Out-of-Bounds Write Vulnerability in Parse_art of eas_mdls.c Out-of-Bounds Write Vulnerability in Parse_insh of eas_mdls.c Insecure Default Value in RequestPermissionActivity.java Allows Tapjacking Vulnerability Tapjacking Vulnerability in SmartSpace Package Manifest Files Possible Permissions Bypass in createEmergencyLocationUserNotification of GnssVisibilityControl.java Potential Permission Bypass in createSaveNotification of RecordingService.java Possible Permissions Bypass in Zygote SE Policy: Local Information Disclosure Vulnerability Unenforced Protected-Broadcast Vulnerability in PackageManagerService.java Allows Arbitrary Command Execution as System Double Free Vulnerability in getLayerDebugInfo of SurfaceFlinger.cpp Out-of-bounds Read Vulnerability in CryptoPlugin.cpp's Decrypt Functions Insecure Default Value in BluetoothPairingDialog.java Allows Tapjacking and Privilege Escalation Potential Permission Bypass in showNotification of EmergencyCallbackModeService.java Unsafe PendingIntent Allows Permission Bypass in Telephony Potential Permission Bypass and Local Information Disclosure in getNotificationBuilder of CarrierServiceStateTracker.java Possible Permission Bypass and Local Information Disclosure in updateMwi of NotificationMgr.java Unsafe PendingIntent in showLimitedSimFunctionWarningNotification of NotificationMgr.java allows for permission bypass and local information disclosure Unsafe PendingIntent in showDataRoamingNotification of NotificationMgr.java allows for local information disclosure Missing Permission Check in setInstallerPackageName of PackageManagerService.java Possible Local Privilege Escalation Vulnerability in FPC TrustZone Fingerprint App Possible linked list corruption in uvc_scan_chain_forward leading to local privilege escalation in Android kernel Potential Permissions Bypass in NetworkStackNotifier via Unsafe Implicit PendingIntent Out of Bounds Write Vulnerability in libmpeg2dec in Android-11 (A-137794014) Weak Disk Encryption due to Truncated IVs in f2fs Encryption Implementation Integer Overflow Vulnerability in String16.cpp Allows for Local Privilege Escalation Integer Overflow Vulnerability in FileMap.cpp Allows for Local Privilege Escalation Permission Bypass in setNotification of SapServer.java Allows Local Information Disclosure Uninitialized Data Out-of-Bounds Write Vulnerability in AACExtractor Missing Permission Check in setProcessMemoryTrimLevel of ActivityManagerService.java Out of Bounds Read Vulnerability in GATT Process Read by Type Response Non-silenced Audio Buffer Permissions Bypass Vulnerability in AudioFlinger::RecordThread::threadLoop Unsafe PendingIntent in SystemUI Allows Permission Bypass and Contact Data Disclosure Insecure Default Value in Android Settings Screens Allows Tapjacking Attacks Possible Permissions Bypass in setNiNotification of GpsNetInitiatedHandler.java Local Privilege Escalation Vulnerability in getPermissionInfosForGroup of Utils.java Cross-Profile URI Data Leak in PackageInstallerSession.java Memory Corruption Vulnerability in setUpdatableDriverPath of GpuService.cpp Out-of-bounds Write Vulnerability in appendFormatV of String8.cpp Unsafe PendingIntent in constructImportFailureNotification of NotificationImportExportListener.java allows for local information disclosure of contact data Use-after-free vulnerability in binder_release_work in binder.c allows local attackers to escalate privileges in the Android kernel. Out-of-bounds Read Vulnerability in send_vc of res_send.cpp Android Lockdown Bypass: Unauthorized Notification Viewing Vulnerability Unsafe PendingIntent in SyncManager allows for local information disclosure without user interaction Out of Bounds Read Vulnerability in create_pinctrl of core.c Race Condition Use After Free Vulnerability in CamX Code Use-after-free vulnerability in l2tp_session_delete function in l2tp_core.c allows for local privilege escalation Out of Bounds Read Vulnerability in skb_headlen of Android Kernel Out of Bounds Write Vulnerability in kbd_keycode of keyboard.c in Android Kernel Integer Overflow in skb_to_mamac of networking.c Allows for Local Privilege Escalation Use-after-free vulnerability in blk_mq_queue_tag_busy_iter in blk-mq-tag.c allows for local privilege escalation in Android kernel (CVE-2021-xxxxx) Possible Local Privilege Escalation Vulnerability in Pixel's Catpipe Library Missing Permission Check in CellBroadcastReceiver's Intent Handlers: Local Denial of Service of Emergency Alerts Uninitialized Data Vulnerability in AIBinder_Class Constructor of ibinder.cpp Incorrect Permission Check in generatePackageInfo of PackageManagerService.java Allows Permissions Bypass and Local Privilege Escalation Missing Permission Check in createVirtualDisplay of DisplayManagerService.java Allows for Local Privilege Escalation Resource Exhaustion Vulnerability in Notification.java Improper Input Validation in Notification.java Could Lead to UI Slowdown or Crash Uncaught Exception in LocaleList.java Leads to Forced Reboot Vulnerability Potential Local Privilege Escalation Vulnerability in Android Kernel Potential Out of Bounds Write Vulnerability in Android SoC (Android ID: A-168264527) Potential Out of Bounds Write Vulnerability in Android SoC (Android ID: A-168264528) Potential Out of Bounds Write Vulnerability in Android SoC (Android ID: A-168251617) Missing Permission Check in getPhoneAccountsForPackage Allows for Local Information Disclosure Use-after-free vulnerability in btm_sec_disconnected function allows remote code execution in Bluetooth server Uninitialized Data Out-of-Bounds Read in rw_i93_sm_format of Android NFC Heap Buffer Overflow in sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp Integer Overflow Vulnerability in exif_entry_get_value of exif-entry.c Unsafe PendingIntent in updateNotification of BeamTransferManager.java allows for permission bypass and local information disclosure Possible permission bypass in callCallbackForRequest of ConnectivityService.java leading to local information disclosure of current SSID Potential Out of Bounds Write Vulnerability in Android SoC (A-170372514) Potential Out of Bounds Write Vulnerability in Android SoC (A-170378843) Android SoC Vulnerability: Out of Bounds Write Exploit Integer Overflow Vulnerability in SPDIFEncoder::writeBurstBufferBytes in Android Potential Local Information Disclosure of WiFi Network Names in Android Improperly Installed Certificates Vulnerability in CertInstaller.java Out-of-bounds Read Vulnerability in sdp_server_handle_client_req of sdp_server.cc Possible side channel information disclosure in resolv_cache_lookup of res_cache.cpp Out of Bounds Write Vulnerability in hid-multitouch.c Possible Use After Free Vulnerability in do_epoll_ctl and ep_loop_check_proc of eventpoll.c Potential Local Information Disclosure Vulnerability in Vpn.java Missing Permission Check in listen() Function of TelephonyRegistry.java Allows Location Permissions Bypass Possible loss of synthetic password leading to local denial of service in addEscrowToken of LockSettingsService.java Heap Buffer Overflow in extend_frame_highbd of restoration.c Improper Input Validation in Bluetooth Connection Reassembly and Dispatch (CVE-2021-12345) Possible Permissions Bypass in BluetoothOppNotification.java Allows Unauthorized File Transfer via Bluetooth Race condition in HalCamera::requestNewFrame of HalCamera.cpp leading to use-after-free vulnerability in Android-11 (A-169282240) Missing Permission Check in createInputConsumer of WindowManagerService.java Allows for Local Privilege Escalation Potential Information Disclosure in onNotificationRemoved of Assistant.java Missing Permission Check in sendLinkConfigurationChangedBroadcast in ClientModeImpl.java Allows Local Information Disclosure Out-of-bounds Write Vulnerability in extend_frame_lowbd of restoration.c Possible Permissions Bypass in DocumentsProvider.java: Local Privilege Escalation Vulnerability Possible Permissions Bypass in DocumentsProvider.java Allows Unauthorized File Operations Possible Permissions Bypass in AndroidManifest.xml Allows Unauthorized Broadcasts Out-of-Bounds Read Vulnerability in IncidentService.cpp Possible Use After Free Vulnerability in DrmManagerService::~DrmManagerService() of Android Use-after-free vulnerability in destroyResources of ComposerClient.h allows for local privilege escalation Potential Local Privilege Escalation in UsbBackend.java Insecure Default Value in openAssetFileListener of ContactsProvider2.java Allows Local Privilege Escalation Uninitialized Data Information Disclosure in ihevc_inter_pred_chroma_copy_ssse3 Out-of-Bounds Write Vulnerability in Parse_data of eas_mdls.c Out of Bounds Read Vulnerability in floor1_info_unpack of floor1.c Possible Denial of Service Vulnerability in readBlock of MatroskaExtractor.cpp Heap Buffer Overflow in BitstreamFillCache of bitstream.cpp in Android-11 (A-154058264) Out-of-bounds Read Vulnerability in CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp Heap Buffer Overflow in ih264d_parse_ave of ih264d_sei.c Possible out of bounds write vulnerability in decode_Huffman of JBig2_SddProc.cpp Use-after-free vulnerability in CPDF_RenderStatus::LoadSMask in cpdf_renderstatus.cpp allows for local information disclosure without additional execution privileges. Missing Permission Check in canUseBiometric of BiometricServiceBase Allows Local Information Disclosure Heap Buffer Overflow in decode_packed_entry_number of codebook.c Heap Buffer Overflow in FLAC__bitreader_read_rice_signed_block of bitreader.c Potential Permission Bypass Vulnerability in InputMethodManager.java Buffer Overflow Vulnerability in Intel Graphics Drivers: Local Denial of Service Exploit Intel Graphics Drivers: Local Access Privilege Escalation Vulnerability Intel Graphics Drivers Vulnerability: Unauthorized Information Disclosure via Local Access Buffer Overflow Vulnerability in Intel Graphics Drivers Vulnerability in Intel(R) Graphics Drivers allowing information disclosure and denial of service Denial of Service Vulnerability in Intel(R) Graphics Drivers Unquoted service path vulnerability in Intel(R) Graphics Drivers Privilege Escalation Vulnerability in Intel(R) Graphics Drivers Installer Intel Graphics Drivers Out of Bounds Read Vulnerability Uncaught Exception Vulnerability in Intel(R) Graphics Drivers Uncaught Exception Vulnerability in Intel Graphics Drivers Escalation of Privilege Vulnerability in Intel Graphics Drivers Default Permissions Vulnerability in Intel Graphics Drivers Uncontrolled Search Path Element Vulnerability in Intel Graphics Drivers Installer Improper Access Control in Intel Graphics Drivers: Local Denial of Service Vulnerability Out-of-bounds Write Vulnerability in Intel Graphics Drivers: Potential Privilege Escalation and Denial of Service Denial of Service Vulnerability in Intel(R) HD Graphics Control Panel Improper Access Control in Intel Graphics Drivers: Potential Privilege Escalation and Denial of Service Path Traversal Vulnerability in Intel(R) Graphics Drivers Privilege Escalation Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel(R) Ethernet I210 Controller Firmware Denial of Service Vulnerability in Intel Ethernet I210 Controller Firmware Default Permissions Vulnerability in Intel(R) Ethernet I210 Controller Firmware Denial of Service Vulnerability in Intel Ethernet I210 Controller Firmware Intel NUC Firmware Vulnerability: Local Privilege Escalation via Improper Input Validation Intel Data Center SSDs Firmware Vulnerability: Privileged User Information Disclosure via Local Access Buffer Overflow Vulnerability in Intel Core Processor BIOS Firmware BIOS Firmware Vulnerability in Intel Core Processor Families: Potential Privilege Escalation via Local Access Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows Privilege Escalation via Local Access Information Disclosure Vulnerability in Intel(R) AMT Versions Before 11.8.77, 11.12.77, 11.22.77, and 12.0.64 Improper Input Validation in Intel(R) AMT Subsystem: Potential Denial of Service and Information Disclosure Reversible One-Way Hash Vulnerability in Intel(R) CSME Versions before 11.8.76, 11.12.77, and 11.22.77 Denial of Service Vulnerability in Intel(R) CSME Versions Before 12.0.64, 13.0.32, 14.0.33, and 14.5.12 Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77, and 12.0.64 Vulnerability: Unauthenticated Information Disclosure via Network Access Improper Input Validation in Intel(R) CSME and TXE Subsystems: Potential Information Disclosure via Network Access Denial of Service Vulnerability in Intel(R) AMT Subsystem Denial of Service Vulnerability in Intel(R) AMT Subsystem Path Traversal Vulnerability in Intel(R) DAL and Intel(R) TXE Software Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77, and 12.0.64 Vulnerability: Unauthenticated Information Disclosure via Network Access Escalation of Privilege Vulnerability in Intel(R) CSME Subsystem Buffer Overflow Vulnerability in Intel(R) CSME Subsystem Intel Processor Vulnerability: Incomplete Cleanup of Special Register Read Operations Kernel Mode Driver Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel CSME, TXE, and SPS Unquoted Service Path Vulnerability in Intel(R) Optane(TM) DC Persistent Memory Module Management Software Privilege Escalation Vulnerability in Intel(R) Data Migration Software Installer Intel(R) Processor Cleanup Errors: Authenticated User Information Disclosure Vulnerability Data Cache Eviction Information Disclosure Vulnerability Intel(R) Processors Data Cache Information Disclosure Vulnerability Intel(R) Processors Speculative Execution Information Disclosure Vulnerability Intel Wireless Bluetooth Driver Vulnerability: Local Information Disclosure via Out-of-Bounds Read Race Condition Vulnerability in Intel(R) Wireless Bluetooth(R) Software Installer on Windows* 7, 8.1, and 10 Vulnerability: Privilege Escalation via Improper Input Validation in Intel(R) Wireless Bluetooth(R) Products BlueZ Subsystem Vulnerability: Unauthenticated Access Control Exploit for Privilege Escalation and Denial of Service Insecure Inherited Permissions in Intel(R) PROSet/Wireless WiFi Products: Potential Privilege Escalation Vulnerability Buffer Overflow Vulnerability in Intel(R) PROSet/Wireless WiFi Driver for Windows 10 Insecure Inherited Permissions in Intel(R) PROSet/Wireless WiFi Products: Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Intel(R) Renesas Electronics(R) USB 3.0 Driver Installer Improper Initialization in Intel(R) SGX SDK: Potential Privilege Escalation via Local Access Privilege Escalation Vulnerability in Intel(R) RWC2 Installer Privilege Escalation Vulnerability in Intel(R) MPSS Installer Privilege Escalation Vulnerability in Intel(R) RWC3 Installer Uncontrolled Search Path Vulnerability in Intel Graphics Drivers Improper Access Control in Intel(R) TXE Subsystem: Physical Access Privilege Escalation Vulnerability Denial of Service Vulnerability in Intel(R) Graphics Drivers Race condition vulnerability in Intel(R) Driver and Support Assistant (before version 20.1.5) enables local denial of service. Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products on Windows 10 Uncontrolled Search Path Vulnerability in QT Library BIOS Firmware Vulnerability in 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series: Local Access Information Disclosure Privilege Escalation Vulnerability in Intel(R) Server Board S2600ST and S2600WF Firmware Intel CSI2 Host Controller Driver Out of Bounds Read Vulnerability Block Design Vulnerability in Intel(R) MAX(R) 10 FPGA: Escalation of Privilege and Information Disclosure via Physical Access Buffer Overflow Vulnerability in Intel(R) Unite Client for Windows* Buffer Overflow Vulnerability in Intel(R) Modular Server MFS2600KISPP Compute Module Escalation of Privilege Vulnerability in Intel(R) Modular Server MFS2600KISPP Compute Module Privilege Escalation Vulnerability in Intel(R) Modular Server MFS2600KISPP Compute Module Vulnerability: Improper Access Control in Intel(R) Smart Sound Technology Subsystem Firmware Buffer Overflow Vulnerability in Intel SSD and Optane SSD Series Improper Initialization Vulnerability in Intel(R) SPS Subsystem BIOS Firmware Vulnerability: Privilege Escalation via Improper Conditions Check in Intel(R) Processors BIOS Firmware Vulnerability: Privilege Escalation via Improper Conditions Check in Intel(R) Processors BIOS Firmware Vulnerability: Local Privilege Escalation in Intel(R) Processors Buffer Overflow Vulnerability in Intel(R) Processor BIOS Firmware Vulnerability in Intel(R) Processors BIOS Firmware Allows Local Privilege Escalation and Denial of Service Buffer Overflow Vulnerability in Intel(R) Processor BIOS Firmware IPv6 Subsystem Out-of-Bounds Read Vulnerability in Intel(R) AMT and Intel(R) ISM IPv6 Subsystem Use After Free Vulnerability in Intel(R) AMT and Intel(R) ISM Information Disclosure Vulnerability in Intel(R) AMT and Intel(R) ISM DHCPv6 Subsystem IPv6 Subsystem Out-of-Bounds Read Vulnerability in Intel(R) AMT and Intel(R) ISM Versions before 14.0.33 Uncontrolled Search Path Vulnerability in Intel(R) Binary Configuration Tool Installer Privilege Escalation Vulnerability in Intel(R) Processors' PMC Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows Privilege Escalation Windows CryptoAPI Spoofing Vulnerability ASP.NET Core Denial of Service Vulnerability ASP.NET Core Remote Code Execution Vulnerability Visual Studio Code Remote Code Execution via Environment Variables .NET Markup Remote Code Execution Vulnerability .NET Markup Remote Code Execution Vulnerability Memory Object Disclosure Vulnerability in Microsoft Graphics Components Kernel Information Disclosure Vulnerability in Win32k Component Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Windows Remote Desktop Client Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Common Log File System Driver Memory Object Disclosure Vulnerability Windows Hard Link Handling Vulnerability Hyper-V Denial of Service Vulnerability SQL Server Reporting Services Remote Code Execution Vulnerability Cryptographic Services Elevation of Privilege Vulnerability Third Party Filter Bypass Vulnerability in Windows 10 Password Update Windows Graphics Component Information Disclosure Vulnerability Windows Search Indexer Memory Object Handling Elevation of Privilege Vulnerability Win32k Object Handling Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Symbolic Link Elevation of Privilege Vulnerability Windows Subsystem for Linux File Handling Elevation of Privilege Vulnerability Remote Desktop Web Access Credential Information Disclosure Vulnerability Update Notification Manager Elevation of Privilege Vulnerability Windows Common Log File System Driver Memory Object Disclosure Vulnerability Internet Explorer Remote Code Execution Vulnerability Windows Media Service Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Windows GDI+ Information Disclosure Vulnerability Predictable Memory Section Names Vulnerability in Microsoft Windows Header Tampering Vulnerability in Microsoft IIS Server .NET Framework Remote Code Execution Vulnerability Cross-Origin Communication Validation Vulnerability in Microsoft Office Online Windows RSoP Service Application Memory Handling Elevation of Privilege Vulnerability Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Memory Corruption Vulnerability in Microsoft Office Software Microsoft Excel Remote Code Execution Vulnerability OneDrive for Android Passcode Bypass Vulnerability Clipboard Redirection Remote Code Execution Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Memory Object Disclosure Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Memory Object Handling Vulnerability in Windows: Remote Code Execution Cross-Domain Policy Enforcement Bypass in Microsoft Edge Active Directory Integrated DNS Information Disclosure Vulnerability Active Directory Forest Trust Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer Scripting Engine Memory Corruption Vulnerability in Internet Explorer Windows Key Isolation Service Information Disclosure Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Hard Link Elevation of Privilege Vulnerability in Windows Error Reporting Manager Windows Function Discovery Service Elevation of Privilege Vulnerability Windows Function Discovery Service Elevation of Privilege Vulnerability Windows Remote Desktop Client Remote Code Execution Vulnerability Windows Function Discovery Service Elevation of Privilege Vulnerability Windows Installer Symbolic Link Elevation of Privilege Vulnerability LNK Remote Code Execution Vulnerability in Microsoft Windows Windows COM Server Elevation of Privilege Vulnerability Windows Installer Symbolic Link Elevation of Privilege Vulnerability Windows Font Library Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Software Secure Boot Security Feature Bypass Vulnerability DirectX Memory Object Handling Vulnerability Win32k Elevation of Privilege Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Cross-Origin Communication Spoofing Vulnerability in Microsoft Office Online Server Outlook URI Parsing Security Bypass Vulnerability Microsoft Office OLicenseHeartbeat Task Elevation of Privilege Vulnerability Telephony Service Memory Disclosure Vulnerability Win32k Kernel Information Disclosure Vulnerability Azure DevOps Server Cross-site Scripting Vulnerability Windows Client License Service Elevation of Privilege Vulnerability Credential Prompt Bypass Vulnerability in Surface Hub Windows Backup Service Elevation of Privilege Vulnerability Windows Wireless Network Manager Memory Handling Vulnerability Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Cross-Origin Information Disclosure Vulnerability in Microsoft Browsers Windows IME Elevation of Privilege Vulnerability Windows Imaging Library Remote Code Execution Vulnerability DirectX Elevation of Privilege Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability Memory Object Handling Vulnerability in DirectX Windows Graphics Component Elevation of Privilege Vulnerability Win32k Kernel Information Disclosure Vulnerability Win32k Kernel Information Disclosure Vulnerability Active Directory Integrated DNS Remote Code Execution Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Windows Modules Installer Service File Information Disclosure Vulnerability LNK Remote Code Execution Vulnerability in Microsoft Windows Symlink Exploitation in Windows User Profile Service: Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Windows Malicious Software Removal Tool Junction Handling Elevation of Privilege Vulnerability Windows Remote Desktop Client Remote Code Execution Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Kernel Memory Object Handling Vulnerability Tapisrv.dll Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Elevation of Privilege Vulnerability in dssvc.dll Connected Devices Platform Service Elevation of Privilege Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Windows GDI Object Memory Information Disclosure Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Memory Object Disclosure Vulnerability in Microsoft Graphics Components Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Windows SSH Elevation of Privilege Vulnerability Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Arbitrary Type Library Loading Vulnerability in Microsoft Office Active Directory Integrated DNS Remote Code Execution Vulnerability Windows Defender Security Center Elevation of Privilege Vulnerability Windows Defender Security Center Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in Windows Storage Services RDCMan XML External Entity (XXE) Information Disclosure Vulnerability Elevation of Privilege Vulnerability in Microsoft Store Runtime ChakraCore Scripting Engine Remote Code Execution Vulnerability Microsoft Browser Scripting Engine Memory Corruption Vulnerability Windows CSC Service Memory Handling Elevation of Privilege Vulnerability Windows ActiveX Installer Service Memory Handling Vulnerability Windows CSC Service Memory Handling Elevation of Privilege Vulnerability Windows Error Reporting Memory Handling Elevation of Privilege Vulnerability Windows ActiveX Installer Service Memory Handling Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Error Reporting File Operations Vulnerability Windows AppX Deployment Server File Operations Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Windows Installer Symbolic Link Processing Elevation of Privilege Vulnerability Windows Network List Service Elevation of Privilege Vulnerability Windows UPnP Service Elevation of Privilege Vulnerability Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability Windows UPnP Service Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Symlink Exploitation in Windows User Profile Service: Elevation of Privilege Vulnerability Windows Tile Object Service Denial of Service Vulnerability BITS Symbolic Link Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Visual Studio Extension Installer Service Denial of Service Vulnerability Local Elevation of Privilege Vulnerability in splwow64.exe Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability File Operations Elevation of Privilege Vulnerability in Diagnostics Hub Standard Collector Service Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Microsoft SharePoint Server Reflective XSS Vulnerability Windows SMBv3 Remote Code Execution Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Installer Insecure Library Loading Elevation of Privilege Vulnerability Symbolic Link Parsing Elevation of Privilege Vulnerability in Microsoft Windows Windows Work Folder Service Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Windows Projected Filesystem File Redirection Security Bypass Vulnerability Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Provisioning Runtime File Operations Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Chakra Scripting Engine Information Disclosure Vulnerability Windows Installer Filesystem Operations Elevation of Privilege Vulnerability Azure DevOps Server and Team Foundation Services Pipeline Job Token Elevation of Privilege Vulnerability Microsoft Edge Remote Code Execution Vulnerability Windows Device Setup Manager File Operations Elevation of Privilege Vulnerability Media Foundation Information Disclosure Vulnerability Windows Kernel Object Memory Handling Vulnerability Windows Language Pack Installer Elevation of Privilege Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability Internet Explorer Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers ChakraCore Scripting Engine Memory Corruption Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Windows ALPC Elevation of Privilege Vulnerability Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability Windows DNS Denial of Service Vulnerability Elevation of Privilege Vulnerability in Active Directory Federation Services (ADFS) Multi-Factor Authentication NTFS Access Control Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in dnsrslvr.dll Windows Hard Link Elevation of Privilege Vulnerability Windows Hard Link Elevation of Privilege Vulnerability Windows Installer Filesystem Operations Elevation of Privilege Vulnerability Windows Installer Filesystem Operations Elevation of Privilege Vulnerability File Operation Vulnerability in Connected User Experiences and Telemetry Service Windows Network Connections Service Elevation of Privilege Vulnerability VBScript Engine Memory Object Handling Remote Code Execution Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability Windows Hard Link Elevation of Privilege Vulnerability Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0851) Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0850) Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0850) Windows Imaging Component Memory Object Handling Vulnerability Windows Mobile Device Management Diagnostics Junction Handling Elevation of Privilege Vulnerability Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0850) Active Directory Integrated DNS Information Disclosure Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability in Public Account Pictures Folder Handling Junctions Windows Modules Installer Service File Information Disclosure Vulnerability Windows ActiveX Installer Service Memory Handling Vulnerability Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Windows Connected User Experiences and Telemetry Service Information Disclosure Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Elevation of Privilege Vulnerability in Shell Infrastructure Component Windows Network Connections Service Information Disclosure Vulnerability Application Inspector v1.0.23 Remote Code Execution Vulnerability Windows GDI Object Memory Information Disclosure Vulnerability Information Disclosure Vulnerability in splwow64.exe Kernel Information Disclosure Vulnerability in Win32k Component Win32k Memory Object Handling Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in Microsoft Browsers Windows GDI Object Memory Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability GDI+ Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability GDI+ Remote Code Execution Vulnerability Insecure Reply URL Vulnerability in Microsoft Visual Studio Windows GDI Memory Disclosure Vulnerability Elevation of Privilege Vulnerability in Windows Storage Services Win32k Memory Object Handling Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Jet Database Engine Remote Code Execution Vulnerability Denial of Service Vulnerability in Microsoft Hyper-V Microsoft SharePoint Server Reflective XSS Vulnerability Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0853) Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability VBScript Engine Remote Code Execution Vulnerability Windows Hard Link Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Visual Studio Updater Service File Permissions Vulnerability Visual Studio Extension Installer Service Elevation of Privilege Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Service Fabric File Store Service Elevation of Privilege Vulnerability Microsoft Exchange Server Spoofing Vulnerability Denial of Service Vulnerability in Microsoft Hyper-V Remote Code Execution Vulnerability in Microsoft Dynamics Business Central Microsoft Excel Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Graphics Components Windows Text Service Module Remote Code Execution Vulnerability Windows Hyper-V Denial of Service Vulnerability Hyper-V Remote Code Execution Vulnerability Elevation of Privilege Vulnerability in Windows Modules Installer Windows Function Discovery SSDP Provider Memory Handling Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Windows State Repository Service Information Disclosure Vulnerability Windows GDI Elevation of Privilege Vulnerability Windows GDI Elevation of Privilege Vulnerability Windows Hyper-V Memory Object Handling Elevation of Privilege Vulnerability Windows Hyper-V Memory Object Handling Elevation of Privilege Vulnerability Remote Desktop App for Mac Unsigned Binary Loading Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Graphics Component Denial of Service Vulnerability: Exploiting Flaws in Graphics Component to Cause System Crash Remote Code Execution Vulnerability in Microsoft COM for Windows Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Windows Kernel Information Disclosure Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Office SharePoint XSS Vulnerability Windows WpcDesktopMonSvc Memory Management Elevation of Privilege Vulnerability OneDrive for Windows Elevation of Privilege Vulnerability Windows Scheduled Task File Redirection Elevation of Privilege Vulnerability Media Foundation Information Disclosure Vulnerability Adobe Font Manager Library Remote Code Execution Vulnerability Media Foundation Information Disclosure Vulnerability Windows Push Notification Service Elevation of Privilege Vulnerability Win32k Information Disclosure Vulnerability Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Work Profile Notification Authentication Bypass in Microsoft YourPhoneCompanion for Android Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Media Foundation Information Disclosure Vulnerability Media Foundation Information Disclosure Vulnerability Media Foundation Information Disclosure Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability Windows GDI Memory Disclosure Vulnerability Jet Database Engine Remote Code Execution Vulnerability Microsoft Office SharePoint XSS Vulnerability Speculative Memory Access Vulnerability in Windows Kernel Win32k Kernel-Mode Driver Elevation of Privilege Vulnerability Win32k Kernel-Mode Driver Elevation of Privilege Vulnerability Win32k Kernel-Mode Driver Elevation of Privilege Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Access Connectivity Engine Remote Code Execution Vulnerability Win32k Kernel Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability GDI+ Remote Code Execution Vulnerability Windows Codecs Library Remote Code Execution Vulnerability VBScript Object Memory Handling Remote Code Execution Vulnerability VBScript Object Memory Handling Remote Code Execution Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Excel Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Word Windows Token Security Feature Bypass Vulnerability Microsoft Graphics Component Memory Object Handling Vulnerability Windows Delivery Optimization Service Elevation of Privilege Vulnerability Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Windows Update Stack Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Microsoft Graphics Component Memory Object Handling Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Mobile Device Management (MDM) Diagnostics Information Disclosure Vulnerability Microsoft Office Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows DNS Query Handling Denial of Service Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Update Stack Elevation of Privilege Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability Elevation of Privilege Vulnerability in Windows Graphics Component Jet Database Engine Remote Code Execution Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Memory Handling Vulnerability in macOS Big Sur 11.1 and Earlier Versions Improper File Access Vulnerability in macOS, watchOS, iOS, iPadOS, iCloud, tvOS, and iTunes Privilege Escalation Vulnerability in Path Validation Logic for Symlinks Vulnerability Patched: Logic Issue in File Handling Leading to Application Termination or Code Execution macOS Big Sur 11.0.1 Patch: Privileged Network Position Denial of Service Vulnerability macOS Big Sur 11.0.1 Patch: Enhanced Entitlements to Prevent Unauthorized File Access Improved State Management Addresses Logic Issue in macOS Big Sur 11.0.1, Preventing Kernel Memory Layout Disclosure Privilege Escalation Vulnerability in macOS Big Sur 11.0.1 Sandbox Circumvention Vulnerability in macOS Big Sur 11.0.1 Windows Push Notification Service Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in macOS and iOS Improper Bounds Checking in USD File Processing Leading to Arbitrary Code Execution Improved Access Restrictions in macOS Big Sur 11.0.1 Mitigate Cross-Site Scripting Vulnerability Arbitrary Code Execution Vulnerability in tvOS 14.0, iOS 14.0, and iPadOS 14.0 Directory Path Parsing Vulnerability in macOS Big Sur 11.0.1 Allows Sandbox Escape Arbitrary Code Execution Vulnerability in macOS Big Sur and Catalina Memory Corruption Vulnerability in macOS Big Sur 11.0.1, iOS 14.2, iPadOS 14.2, tvOS 14.2, and watchOS 7.1 Allows Arbitrary Code Execution Vulnerability: Out-of-Bounds Write in Audio File Processing Use-after-free vulnerability in WebKitGTK and WPE WebKit 2.26.4 and earlier versions Potential Buffer Overflow in USB DFU: Exploiting Unchecked wLength Parameter Microsoft Defender Elevation of Privilege: Arbitrary File Deletion Vulnerability USB Mass Storage MemoryWrite Handler Out-of-Bounds Write Vulnerability Memory Corruption Vulnerability in Zephyr OS via Malformed JSON Payload Buffer Overflow Vulnerability in Zephyr Shell Subsystem Privilege Escalation Vulnerability in Zephyr RTOS on ARM Platform Privilege Escalation Vulnerability in Zephyr RTOS Insufficient Argument Validation in Multiple Syscalls: NCC-ZEP-006 Stack Buffer Overflow in GNU C Library's Range Reduction during 80-bit Long Double Function Windows Kernel Object Handling Elevation of Privilege Vulnerability Uninitialized Memory Disclosure and Potential Code Execution in PowerDNS Recursor 4.1.0 - 4.3.0 Memory Disclosure Vulnerability in SICAM MMU, SGU, and T Unauthenticated Remote Command Execution in SICAM MMU, SGU, and T Man-in-the-Middle Attack Vulnerability in SICAM MMU, SGU, and T Windows Graphics Component Elevation of Privilege Vulnerability Clear Text Password Retrieval Vulnerability in SICAM MMU, SGU, and T Stored Cross-Site Scripting (XSS) Vulnerability in SICAM MMU, SGU, and T Buffer Overflow Vulnerability in SICAM MMU, SGU, and T Web Applications Cross-Site Scripting (XSS) Vulnerability in SICAM MMU, SGU, and T Web Servers Firmware Installation Vulnerability in SICAM MMU, SGU, and T Devices Authentication Replay Vulnerability in SICAM MMU, SGU, and T Insecure Password Verification Allows Unauthorized Access to Protected Files in SIMATIC PCS 7 and SIMATIC WinCC Arbitrary Command Execution Vulnerability in SIMATIC RTLS Locating Manager Microsoft Graphics Component Memory Handling Vulnerability Arbitrary Command Execution Vulnerability in SIMATIC RTLS Locating Manager (All versions < V2.10.2) Arbitrary Command Injection Vulnerability in SIMATIC RTLS Locating Manager Sensitive Data Exposure in SIMATIC RTLS Locating Manager (All versions < V2.12) Sensitive Data Exposure in SIMATIC RTLS Locating Manager (All versions < V2.12) Denial-of-Service Vulnerability in SIMATIC RTLS Locating Manager (All versions < V2.12) Remote Code Execution Vulnerability in Desigo CC and Desigo CC Compact Privilege Escalation Vulnerability in License Management Utility (LMU) (All versions < V2.4) User Privilege Escalation in GeniXCMS 1.1.7: Incomplete Fix for CVE-2015-2680 Insufficient Argument Validation in Kscan Subsystem Allows Privilege Escalation Vulnerability: Disabling DTLS Peer Checking in UpdateHub Module Windows Push Notification Service Elevation of Privilege Vulnerability Uninitialized Stack Memory Access Vulnerability in updatehub_probe Memory Corruption Vulnerability in Zephyr Bluetooth Implementation Off-by-one Error in Zephyr Project MQTT Packet Length Decoder Leads to Memory Corruption and Remote Code Execution Denial of Service Vulnerability in Zephyr Project RTOS (Versions 2.2.0 and Later) Stack-based and Heap-based Buffer Overflow Vulnerabilities in ieee802154 Processing in Zephyr versions >= v1.14.2, >= v2.2.0 (CWE-121, CWE-122) Improper Size Checks in Bluetooth HCI over SPI in Zephyr Versions >= v1.14.2, >= v2.2.0 (CWE-130) NULL Pointer Dereference Vulnerability in Bluetooth HCI Core of Zephyr versions >= v1.14.2, >= v2.2.0 (CWE-476) Integer Overflow Vulnerability in Zephyr Project RTOS Denial of Service Vulnerability in Zephyr Project Bluetooth Subsystem Zephyr Bluetooth Unchecked Packet Data Denial of Service Vulnerability Windows Kernel Object Memory Handling Vulnerability Improper Bounds Checking in Zephyr Project MQTT Code Leads to Memory Corruption and Remote Code Execution (NCC-ZEP-031) Buffer Overflow Vulnerability in Zephyr MQTT Parsing Code Allows Remote Code Execution Insufficient Permissions or Privileges Vulnerability in Zephyr GitLab EE 12.4.2 through 12.8.1 Denial of Service Vulnerability GitLab Account Takeover via Expired Link Vulnerability HTML Injection Vulnerability in GitLab 12.5 through 12.8.1 Stored Cross-Site Scripting (XSS) Vulnerability in GitLab 12.1 through 12.8.1 Server Side Request Forgery (SSRF) Vulnerability in GitLab EE 3.0 through 12.8.1 Stored Cross-Site Scripting (XSS) Vulnerability in GitLab 12.1 through 12.8.1 Merge Request Submission Form Incorrect Access Control: Two-Factor Authentication Bypass in GitLab 7.10 through 12.8.1 Jet Database Engine Remote Code Execution Vulnerability Information Disclosure Vulnerability in GitLab 8.3 through 12.8.1 Incorrect Access Control in GitLab LFS Import Process Denial of Service Vulnerability in GitLab 12.2 through 12.8.1: Impacting Public Issue Designs Insecure Permissions Vulnerability in GitLab 12.7 through 12.8.1 Information Disclosure in GitLab EE 11.6 through 12.8.1: Exposure of Private Project Namespace GitLab Merge Request Title Information Disclosure Vulnerability Arbitrary File Read Vulnerability in GitLab 10.4 through 12.8.1 GitLab before 12.8.2: Information Disclosure via Unproxied Badge Images Insecure Permissions in GitLab 12.5 through 12.8.1 Recursive Denial of Service Vulnerability in GitLab 8.11 through 12.8.1 Microsoft Store Install Service File Operations Elevation of Privilege Vulnerability Unintentional Information Disclosure in GitLab 11.7 through 12.8.1 Cross-Site Scripting (XSS) Vulnerability in GitLab 9.3 through 12.8.1 Cross-Site Scripting (XSS) Vulnerability in GitLab Grafana Integration View Cross-Site Scripting (XSS) Vulnerability in Lexmark Pro910 Series and Discontinued Inkjet Printers Cross-Site Scripting (XSS) Vulnerability in Lexmark Printers Browser Cache Information Disclosure Vulnerability in Zammad 3.0 through 3.2 Information Disclosure Vulnerability in Zammad 3.0 through 3.2 Zammad 3.0-3.2 XSS Vulnerability: Execution of Malicious JavaScript via Email Functionality Cross-Site Scripting (XSS) Vulnerability in Zammad 3.0 through 3.2 Allows Execution of Malicious Code Windows Block Level Backup Engine Service (wbengine) File Deletion Elevation of Privilege Vulnerability Improper Access Controls in Zammad 3.0 through 3.2 Allow Unauthorized Viewing of Ticket Customer Details WebSocket Server Crash Vulnerability in Zammad 3.0 through 3.2 User Enumeration and Brute Force Vulnerability in Zammad 3.0-3.2 XSS Vulnerability in Zammad File Upload Functionality Sensitive Information Disclosure in Zammad 3.0-3.2 Information Disclosure Vulnerability in Zammad 3.0 through 3.2 SQL Injection Vulnerability in PHPGurukul Daily Expense Tracker System 1.0 Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System 1.0 HTTP Request Splitting Vulnerability in Twisted Web HTTP Request Splitting Vulnerability in Twisted Web Windows System Assessment Tool File Operations Elevation of Privilege Vulnerability Non-sensitive Information Exposure Through Caching in Citrix Gateway Inconsistent Interpretation of HTTP Requests in Citrix Gateway 11.1, 12.0, and 12.1 Cache Poisoning Vulnerability in Citrix Gateway 11.1, 12.0, and 12.1 Self XSS vulnerability in cPanel before version 84.0.20 via temporary character-set specification (SEC-515) Stored Self-XSS Vulnerability in cPanel HTML File Editor (SEC-535) Arbitrary Code Execution as Root via dnsadmin in cPanel (SEC-537) Bypassing Feature Restrictions and Demo Accounts in cPanel via WebDisk UAPI Calls (SEC-541) Insecure Demo Check Enforcement in cPanel (SEC-542) cPanel Branding API Vulnerability: Unauthorized File Modification (SEC-543) Remote Code Execution Vulnerability in cPanel (SEC-544) Elevation of Privilege Vulnerability in Wininit.dll Remote Code Execution Vulnerability in cPanel (SEC-545) Code Execution Vulnerability in cPanel (SEC-546) Arbitrary File Deletion Vulnerability in cPanel (SEC-547) Vulnerability: Inadequate Authentication of Session Key Generation in NCR SelfSev ATMs Unencrypted Communication Vulnerability in NCR SelfServ ATMs: Exploiting Deposit Forgery Vulnerability: RSA Certificate Bypass and Arbitrary Code Execution in NCR SelfServ ATMs Vulnerability: Unvalidated Software Updates on NCR SelfServ ATMs Stored Cross-Site Scripting Vulnerability in SearchBlox Products (Versions before 9.2.1) Privileged Escalation: Lower User Access to Admin Functionality in SearchBlox before Version 9.2.1 Elevation of Privilege Vulnerability in Microsoft Windows Group Policy Updates Multiple Super Admin User Creation Vulnerability in SearchBlox before Version 9.1 CSV Macro Injection in Featured Results Parameter in SearchBlox before Version 9.2.1 Cross-Origin Resource Sharing Misconfiguration in SearchBlox before Version 9.1 Vulnerability: Credential Acquisition via Adjacent Access in Bluetooth Pairing Bluetooth BR/EDR Legacy Pairing Vulnerability IP-in-IP Traffic Decapsulation Vulnerability Z-Wave S2 Chipsets Vulnerability: Remote Denial of Service via FIND_NODE_IN_RANGE Injection Arbitrary Code Execution Vulnerability in Acronis Cyber Backup and Cyber Protect Arbitrary Code Execution Vulnerability in Acronis True Image 2021 Windows Update Client Privilege Escalation Vulnerability Arbitrary Code Execution with SYSTEM Privileges in Acronis True Image 2021 Arbitrary Code Execution Vulnerability in Macrium Reflect's OpenSSL Component Privilege Escalation Vulnerability in Adobe ColdFusion Installer Stored Cross-Site Scripting Vulnerability in Microsoft Teams Online Service SolarWinds Orion API Authentication Bypass Vulnerability Windows User-Mode Power Service (UMPS) Object Handling Elevation of Privilege Vulnerability Windows Push Notification Service Memory Object Handling Vulnerability Windows Push Notification Service Elevation of Privilege Vulnerability Multiple Authenticated Command Injection Vulnerabilities in Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m Devices via Ping and Traceroute Diagnostic Pages Race Condition Vulnerability in Timeshift Allows for Privilege Escalation Eval Injection Vulnerability in ASSA ABLOY Yale WIPC-301W Devices Out-of-Bounds Reads in Pillow's FliDecode.c (CVE-2020-5313) Microsoft Dynamics Business Central/NAV Masked Field Information Disclosure Vulnerability Vulnerability: Virus-Detection Bypass via Crafted BZ2 Checksum Field in ESET AV Parsing Engine Arbitrary User Creation with Elevated Privileges in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 SQL Injection Vulnerability in YubiKey Validation Server Replay Attack Vulnerability in YubiKey Validation Server Information Disclosure Vulnerability in Doorkeeper: Unauthorized Access to Client Secret Buffer Overflow Vulnerability in netkit telnetd Utility Remote Code Execution Vulnerability in Zoho ManageEngine Desktop Central Unsigned Binary Loading Vulnerability in Microsoft RMS Sharing App for Mac SQL Injection Vulnerability in MunkiReport before 5.3.0 Authenticated Cross-Site Scripting (XSS) Vulnerability in MunkiReport Unauthenticated Cross-Site Scripting (XSS) in Munkireport before 5.3.0.3923 Virus-Detection Bypass Vulnerability in ESET Archive Support Module Improper Domain Validation in AutoCompleteGal.java in Zimbra zm-mailbox Privilege Escalation and Information Disclosure in Popup-Builder Plugin for WordPress XSS Vulnerability in Popup-Builder Plugin for WordPress JavaEL Injection in Sonatype Nexus Repository (Issue 1 of 2) Adobe Font Manager Library Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Sonatype Nexus Repository Remote Code Execution in Sonatype Nexus Repository before 3.21.2 Hard-coded Password Vulnerability in Amino Communications Devices Allows Unauthorized Video Access Hard-coded Credentials Vulnerability in Amino Communications AK and Aria Series Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, and Kami7B: Remote Code Execution with Root Privileges CWMP Registration Command Injection Vulnerability in Amino Communications AK Series and Aria Series Devices Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Hard-coded SSH Keys in Amino Communications Devices Allow Remote Login Mitel MiVoice Connect UCB Component Remote Code Execution Vulnerability SSRF via URL Parameter in Responsive FileManager 9.13.4 and 9.14.0 Arbitrary Command Execution Vulnerability in D-Link DIR-825 Rev.B 2.10 and TRENDnet TEW-632BRP 1.010B32 Stack-based Buffer Overflow in D-Link DIR-825 Rev.B 2.10 httpd Binary Arbitrary Command Execution Vulnerability in D-Link DIR-825 Rev.B 2.10 and TRENDnet TEW-632BRP 1.010B32 Arbitrary Command Execution Vulnerability in D-Link DIR-825 Rev.B 2.10 and TRENDnet TEW-632BRP 1.010B32 Blind SQL Injection Vulnerability in Sapplica Sentrifugo 3.2 Critical Remote Code Execution Vulnerability in Microsoft Dynamics Business Central SQL Injection Vulnerability in rConfig Web Interface Arbitrary OS Command Execution in rConfig through 3.94 via ajaxAddTemplate.php Heap Corruption Vulnerability in Nitro Pro before 13.13.2.242 via crafted PDF document Heap Corruption Vulnerability in Nitro Pro's npdf.dll Unauthenticated File Upload Vulnerability in PHPGurukul Online Book Store 1.0 Unauthenticated File Upload Vulnerability in PHPGurukul Job Portal 1.0 Arbitrary JavaScript Injection via From Field in vtecrm vtenext 19 CE Messages Module Vulnerability: Remote Code Execution via File Upload in vtecrm vtenext 19 CE CSRF Vulnerability in vtecrm vtenext 19 CE Allows Unauthorized Actions Microsoft SharePoint Remote Code Execution Vulnerability SQL Injection Vulnerability in CentOS Web Panel (CWP) via loader_ajax.php term parameter Remote NULL Pointer Dereference Vulnerability in TP-Link NC Series Devices Stack Buffer Overflow Vulnerability in YAFFS File Timestamp Parsing Logic in The Sleuth Kit (TSK) Heap-Based Buffer Over-Read Vulnerability in The Sleuth Kit (TSK) Version 4.8.0 and Earlier NULL Pointer Dereference Vulnerability in AscRegistryFilter.sys Kernel Driver Arbitrary Code Execution via Unescaped Database Configuration Options in Froxlor Static File Creation Vulnerability in Froxlor Installation Insecure Handling of Sensitive Data in Froxlor Installer Unauthenticated Access Control Vulnerability in Joomla! com_templates Incorrect Access Control in SQL Fieldtype of com_fields in Joomla! before 3.9.16 Microsoft SharePoint Remote Code Execution Vulnerability User duplication vulnerability in Joomla! before 3.9.16 CSRF Vulnerability in Joomla! com_templates Image Actions Cross-Site Scripting (XSS) Vulnerability in Joomla! 3.9.16 and earlier SQL Injection Vulnerability in Joomla! Featured Articles Frontend Menutype Weak Hash Generation in JPaseto v2.local Tokens Buffer Overflow Vulnerability in CODESYS V3 Web Server Reflected XSS Vulnerability in MISP 2.4.122 via unsanitized URL parameters Persistent XSS Vulnerability in MISP 2.4.122 Sighting Popover Tool Password Disclosure Vulnerability in BWA DiREX-Pro 1.2181 Devices Full Path Disclosure Vulnerability in BWA DiREX-Pro 1.2181 Devices Elevation of Privilege Vulnerability in Microsoft SharePoint Server and Skype for Business Server Remote Command Execution in BWA DiREX-Pro 1.2181 Devices via uninstall.php3 Out-of-Bounds Read Vulnerability in ImageMagick's ReadHEICImageByID Function Blind SSRF and Denial of Service Vulnerability in ownCloud Authentication Bypass Vulnerability in ownCloud Image Preview TRRespass: Exploiting Vulnerabilities in Modern DRAM Chips Insecure Random Number Generator in 1Password Command-Line Tool and SCIM Bridge Unrestricted PHP Function Execution in ThemeREX Addons Plugin for WordPress MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability Vulnerability: Unauthorized Access and Control of XIAOMI XIAOAI Speaker Pro LX06 Root Shell Access and Multiple Exploitation Capabilities on XIAOMI XIAOAI Speaker Pro LX06 Authenticated and Unauthenticated Access to RTDE Interface on CB3 SW Version 3.3 and Upwards, e-series SW Version 5.0 and Upwards Unauthenticated Control of Universal Robots Robot Controllers via DashBoard Server Vulnerability: Lack of Integrity Checks in UR+ Components for Universal Robots Unencrypted Intellectual Property Exfiltration in Universal Robots Control Box CB 3.1 Vulnerability: Termination of Critical Services in Windows Task Manager Leads to Operational Halt and Brake Re-Calibration Default Wi-Fi Access Point Credentials Expose MiR Fleet Vehicles to Unauthorized Access Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Default Credentials and Hardcoded IP Address Vulnerability in MiR Fleet Vehicles Vulnerability: Unsecured ROS Computational Graph Exposes MiR Robots to Remote Control Unauthenticated Access Control Vulnerability in MiR Robots Unencrypted Intellectual Property Exfiltration in MiR Controllers Insecure Access Token Generation in REST API Allows Unauthorized Data Exfiltration Default Credentials Used to Generate Access Tokens for REST API Default Password Vulnerability in Safety PLC Allows Manipulated Program Upload and Disabling of Emergency Stop Live OS Boot Vulnerability: Unauthorized Access and Privilege Escalation Unprotected BIOS Allows Unauthorized Modification of Boot Order and Live Image Booting Insecure Defaults and Vulnerabilities in MiR Robot Controllers Running Ubuntu 16.04.2 Windows Media Foundation Memory Corruption Vulnerability Apache Server Vulnerable to DoS Attack via Incomplete HTTP Headers MAVLink Vulnerability: Remote Access to Sensitive Information via Insecure Communication Channels Lack of Authentication and Authorization in MAVLink Protocol Version 1.0 CVE-2020-10282: Authentication Bypass Vulnerability in MAVLink Protocol Unauthenticated Control and Missing Password Option Vulnerability in xArm Studio 1.3.0 Low Entropy Authentication Implementation on xArm Controller: Vulnerable to Brute-Force Attacks Privilege Escalation Vulnerability: Unrestricted Access via Sudoers Group Default Credentials Expose IRC5 Family with UAS Service Enabled Insecure FTP Authentication in IRC5 Unsafe YAML Load Vulnerability in ROS Actionlib Library Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Unrestricted Execution of URCaps: Exploiting Universal Robots Controller Vulnerability Unauthenticated Information Disclosure in Visual Components Network License Server Unauthenticated DoS Vulnerability in Visual Components Network License Server Windows Print Spooler Service Elevation of Privilege Vulnerability Windows Server DHCP Service Information Disclosure Vulnerability Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Kernel Elevation of Privilege Vulnerability VBScript Remote Code Execution Vulnerability Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Uncontrolled Resource Management Vulnerability in MikroTik Routers SQL Injection in LogicalDoc before 8.3.3: Unsanitized Parameters Allow Arbitrary Database Queries LogicalDoc before 8.3.3 - /servlet.gupld Directory Traversal Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Authenticated Stored XSS in Ramp AltitudeCDN Altimeter before 2.4.0 via vdms/ipmapping.jsp location field Unauthenticated Remote Command Execution in Paessler PRTG Network Monitor Insecure Password Storage in New Media Smarty Vulnerability: Password Discovery via Sniffing Authorization: Basic HTTP Header Mitel MiVoice Connect Client Weak Encryption Vulnerability Out-of-Bounds Read Vulnerability in libImaging/PcxDecode.c in Pillow Buffer Overflow Vulnerabilities in Pillow's libImaging/TiffDecode.c Windows Routing Utilities Denial of Service Vulnerability RMySQL 0.10.19 SQL Injection Vulnerability Unauthenticated SQL Injection Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Software Authenticated Remote Code Execution in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Software Unauthenticated Remote Code Execution in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Software Local Privilege Escalation Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Software Stored Cross-Site Scripting (XSS) Vulnerability in WPForms Contact Form Plugin Arbitrary Code Execution via File Upload in Chadha PHPKB Standard Multi-Language 9 Path Traversal Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized File Downloads Stored (Blind) XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Remote Code Execution in Chadha PHPKB Standard Multi-Language 9 via Injection in save-settings.php Windows Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution via OS Command Injection in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 SQL Server Reporting Services (SSRS) Attachment Upload Validation Bypass Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 ASP.NET Core Cookie Parser Encoded Name Bypass Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Path Traversal Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Arbitrary File Renaming Path Traversal Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Arbitrary Folder Deletion Path Traversal Vulnerability in Chadha PHPKB Standard Multi-Language 9 Remote Code Execution Vulnerability in Microsoft .NET Framework CSV Injection Vulnerability in Chadha PHPKB Standard Multi-Language 9 Stored (Blind) XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-field.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-template.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-article.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-category.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-glossary.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-comment.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-news.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-departments.php Windows Hyper-V Elevation of Privilege Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 via sort Parameter Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-articles.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-templates.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-categories.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-comments.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-tickets.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-glossary.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-news.php CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Global Settings Modification CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized News Article Addition Windows Print Spooler Arbitrary File Writing Vulnerability CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Category Addition CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Addition of Glossary Term CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Addition of Article Templates CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Posting CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Custom Field Creation CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Article Deletion CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Deletion CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Deletion of Glossary Term CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Deletion of News Articles CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Ticket Deletion Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Department Deletion CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Department Addition CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Deletion of Article Templates CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Glossary Term Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized News Article Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Article Template Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Article Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Category Deletion CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Category Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Ticket Closure Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Ticket Replies CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Department Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Approval CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Disapproval CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Editing SQL Injection Vulnerability in School Management System Developed by ALLE INFORMATION CO., LTD. Path Traversal Vulnerability in ALLE INFORMATION CO., LTD.'s School Management System (pre-2020) Unrestricted File Upload Vulnerability in ALLE INFORMATION CO., LTD.'s School Management System (Pre-2020) Allows Remote Code Execution Improper Storage of System Files in Sunnet eHRD: Exploiting Confidential Information Leakage Cross-Site Scripting (XSS) Vulnerability in Sunnet eHRD Human Training and Development Management System Jet Database Engine Remote Code Execution Vulnerability Broken Access Control Vulnerability in Sunnet eHRD: Unauthorized Access to Functionality and Data Insecure Configurations in HGiga C&Cmail CCMAILQ and CCMAILN SQL Injection Vulnerability in HGiga C&Cmail CCMAILQ and CCMAILN Remote File Manipulation Vulnerability in iCatch DVR Firmware Arbitrary Command Execution Vulnerability in iCatch DVR Firmware (pre-20200103) Binary Planting Vulnerability in STARFACE UCC Client on Windows (usd-2020-0006) GitHub Enterprise Server API Access Control Vulnerability GitHub Enterprise Server Improper Access Control Vulnerability GitHub Enterprise Server Remote Code Execution Vulnerability in GitHub Pages Building GitHub Enterprise Server Remote Code Execution Vulnerability in GitHub Pages Building Elevation of Privilege Vulnerability in ssdpsrv.dll Elevation of Privilege Vulnerability in DirectX Integer Overflow Leading to Heap-Based Buffer Overflow in ICU's UnicodeString::doAppend() Function Cleartext Password Exposure in WatchGuard Fireware AD Helper Component Privilege Escalation Vulnerability in GlobalBlocking Extension for MediaWiki Bypassing Email Domain Restrictions in GitLab 12.8.x Unauthenticated Access to Glassfish 4.1 Server on Epikur Insecure Password Storage in Epikur: MD5 Hashes without Salting Backdoor Password Vulnerability in Epikur Server Windows Kernel-Mode Driver Object Handling Elevation of Privilege Vulnerability CSRF Vulnerability in Untis WebUntis before 2020.9.6 Remote Code Execution Vulnerability in Zoho ManageEngine OpManager Heap-based Buffer Overflow in Perl's Nested Regular Expression Quantifiers Cross-Site Scripting (XSS) Vulnerability in PrimeFaces Tooltip Component Unauthenticated SQL Injection in rConfig 3.9.4 and Earlier Versions Allows Lateral Movement and Access to Network Devices Unauthenticated SQL Injection in rConfig 3.9.4 and Earlier Versions Allows Lateral Movement and Access to Network Devices Unauthenticated SQL Injection in rConfig 3.9.4 and Earlier Versions Allows Lateral Movement and Access to Network Devices Unauthenticated SQL Injection in rConfig 3.9.4 and Earlier Versions Allows Lateral Movement and Access to Network Devices Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability Privilege Escalation Vulnerability in QQBrowser Default Access to Firebird Database in Psyprax Insecure Lockscreen Configuration in Psyprax Insecure Password Encryption in Psyprax Arbitrary File Upload Vulnerability in AContent 1.4 Denial of Service Vulnerability in Tesla Model 3 Driving Interface Cross-Domain Policy Enforcement Bypass in Microsoft Edge Arbitrary File Read Vulnerability in Open Source Social Network (OSSN) Command Execution Vulnerability in Xiaomi Mi Jia Ink-Jet Printer < 3.4.6_0138 File Upload Vulnerability in DEVOME GRR before 3.4.1c SQL Injection Vulnerability in frmcontactlist.php Remote Code Execution via Directory Traversal in File Upload Plugin for WordPress Arbitrary Code Execution as Root in FreeBSD bhyve through grub2-bhyve Buffer Overflow Vulnerability in grub2-bhyve Arbitrary PHP Code Execution in Responsive Filemanager CSRF Vulnerability in WPML Plugin Allows Remote Code Execution SysAid On-Premise 20.1.11 Vulnerability: GhostCat Attack with Unauthenticated File Upload ChakraCore Scripting Engine Remote Code Execution Vulnerability Bypass of Passcode Feature in Telegram Android App Unvalidated RLE Decoding in psd-tools Double Mutex Unlock Vulnerability in Janus AudioBridge Typo in JSON Validation Leads to Missing String in Janus query_logger Admin API Request Race Condition in Janus VideoCall Plugin Leads to Session Management Vulnerability Race Condition Vulnerability in Janus VoiceMail Plugin Race Condition Vulnerability in Janus Arbitrary File Read Vulnerability in QCMS v3.0.1 Directory Traversal Vulnerability in Invigo Automatic Device Management (ADM) 5.0 VBScript Object Memory Handling Remote Code Execution Vulnerability Remote Command Injection in Invigo ADM 5.0 Session Validity Check Issues in Invigo ADM 5.0 Allow Remote Data Access SQL Injection Vulnerability in Invigo ADM 5.0's /admin/display_errors.php Script Arbitrary OS Command Execution in Invigo Automatic Device Management (ADM) through 5.0 Directory Traversal Vulnerability in Invigo Automatic Device Management (ADM) 5.0 Local Privilege Escalation in antiX and MX Linux via persist-config --command /bin/sh Privilege Escalation in v2rayL 2.1.3 via Sudo Misconfiguration Privilege Escalation in v2rayL 2.1.3 via Misconfigured Configuration File HTTP Content Parsing Vulnerability in Microsoft Edge Improperly Secured API Exposes Sensitive Data in Replicated Classic 2.x Versions CORS Misconfiguration in Walmart Labs Concord Allows Information Disclosure Denial of Service Vulnerability in Tor (TROVE-2020-002) Double Negotiation of Circuit-Padding Machine Vulnerability Token Refresh Vulnerability in drf-jwt 1.15.x Buffer Overflow Vulnerability in pam-krb5 Library Cross-Site Scripting (XSS) Vulnerability in OpenCart 3.0.3.2 Image Upload Section Multiple Out-of-Bounds Read Vulnerabilities in Delta Industrial Automation DOPSoft Restricted Desktop Environment Escape Vulnerability in BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1 Buffer Overflow Vulnerability in VISAM VBASE Editor and VBASE Web-Remote Module VBScript Object Memory Handling Remote Code Execution Vulnerability Memory Pressure Vulnerability in PI Archive Subsystem Weak Hashing Algorithm and Insecure Permissions in VISAM VBASE Editor and VBASE Web-Remote Module: Password Bypass Vulnerability Race Condition Vulnerability in OSIsoft PI System: Crashing PI Network Manager and Blocking Connections Remote Command Injection Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Remote Denial of Service Vulnerability in OSIsoft PI System Unauthenticated Access to Password Storage Files in Grundfos CIM 500 (before v06.16.00) Local Privilege Escalation Vulnerability in OSIsoft PI System Software Stack-based Buffer Overflow Vulnerability in Advantech WebAccess Versions 8.4.2 and Prior Privilege Escalation and Information Disclosure Vulnerability in OSIsoft PI System Insecure Storage of Credentials in Grundfos CIM 500 v06.16.00 Memory Object Handling Vulnerability in Microsoft Script Runtime Local Privilege Escalation in OSIsoft PI System Arbitrary Code Execution Vulnerability in Triangle MicroWorks SCADA Data Gateway Unrestricted Network Port Access in Opto 22 SoftPAC Project Version 9.6 and Prior Unauthenticated Information Disclosure in Triangle MicroWorks SCADA Data Gateway Code Injection Vulnerability in OSIsoft PI System PI Vision Denial-of-Service Vulnerability in Triangle MicroWorks SCADA Data Gateway SoftPAC Project Version 9.6 and Prior: Unspecified DLL Path Vulnerability WebAccess/NMS SQL Injection Vulnerability Sensitive Information Exposure in LCDS LAquis SCADA Versions 4.3.1 and Prior Arbitrary File Deletion Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Internet Explorer Remote Code Execution Vulnerability Unauthenticated Remote Communication Vulnerability in Opto 22 SoftPAC File Upload and Execution Vulnerabilities in WebAccess/NMS (Versions Prior to 3.0.2) Arbitrary File Creation Vulnerability in LCDS LAquis SCADA Versions 4.3.1 and Prior SQL Injection Vulnerability in WebAccess/NMS (Versions Prior to 3.0.2) Session Token Exposure in ControlEdge PLC and RTU Devices Unauthenticated Remote User Account Creation Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Uncontrolled Search Path Element Vulnerability in Fazecast jSerialComm Authentication and Authorization Vulnerability in Insulet Omnipod Insulin Management System: Potential Data Modification and Insulin Control Unencrypted Password Exposure in ControlEdge PLC and RTU Devices XML Injection Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Remote Code Execution Vulnerability in SAE IT-systems FW-50 Remote Telemetry Unit (RTU) Arbitrary File Access Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Folder Security Permissions Vulnerability in Emerson OpenEnterprise Versions through 3.3.4 Non-persistent XSS Vulnerability in eWON Flexy and Cosy Firmware File Structure Disclosure Vulnerability in SAE IT-systems FW-50 Remote Telemetry Unit (RTU) Plaintext Transmission of Simulation Models in KUKA.Sim Pro 3.1 Critical Vulnerability: Passwords at Risk in Emerson OpenEnterprise Versions through 3.3.4 Out-of-Bounds Read Vulnerability in Eaton HMiSoft VU3 Multiple Heap-Based Buffer Overflow Vulnerabilities in Advantech WebAccess Node Buffer Overflow Vulnerability in Eaton HMiSoft VU3 (Version 3.00.23 and prior) MSHTML Engine Remote Code Execution Vulnerability Arbitrary Command Execution and Remote Code Execution Vulnerability in Emerson OpenEnterprise Versions through 3.3.4 Unprotected Logging Route Vulnerability in Ignition 8 Gateway (versions prior to 8.0.10) Privilege Escalation via Registry Key Modification in Rockwell Automation RSLinx Classic Authenticated Remote URL Redirection Vulnerability in PI Vision 2019 Mobile Deserialization Vulnerability in Ignition Gateway Allows for Information Disclosure Heap Based Buffer Overflow in Fuji Electric V-Server Lite (Versions Prior to 4.0.9.0) Bypassing Verified Boot Restrictions in Das U-Boot through 2020.01 Unsigned Code Execution Vulnerability in ASUS Device Activation ChakraCore Scripting Engine Remote Code Execution Vulnerability Jackson-databind Deserialization Code Execution Vulnerability Heap Buffer Overflow in Ping Identity PingID SSH (CVE-2021-12345) Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Server Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Server Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Server Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Server SSL Certificate Validation Error in Entrust Entelligence Security Provider (ESP) on Windows .NET Framework Elevation of Privilege Vulnerability Inadvertent Group Membership Inclusion Vulnerability in HashiCorp Vault Vulnerability: Access Granting Issue in HashiCorp Vault and Vault Enterprise Unsafe Object Creation Vulnerability in JSON Gem for Ruby Vulnerability: NULL Pointer Dereference in VxWorks 6.8.3 IPNET CVE Patches (2019) Docker Desktop Local Privilege Escalation Vulnerability Remote Code Execution Vulnerability in Restapps Module for Sangoma FreePBX and PBXact Stored XSS Vulnerability in Canon Oce Colorwave 500 Printer's TemplateManager Reflected XSS Vulnerability in Canon Oce Colorwave 500 Printer (Version 4.0.0.0) Authentication Bypass Vulnerability in Canon Oce Colorwave 500 Printer Memory Object Handling Vulnerability in Windows: Remote Code Execution Reflected XSS Vulnerability in Canon Oce Colorwave 500 Printer (Version 4.0.0.0) CSRF Vulnerability in Canon Oce Colorwave 500 4.0.0.0 Printer's Web Application Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Arbitrary OS Command Execution Vulnerability in PerlSpeak 2.01 Denial of Service Vulnerability in buger jsonparser Library API Improper Authorization Check Allows Unauthorized Namespace Movement in Rancher 2.x Privilege Escalation Vulnerability in Octopus Deploy (CVE-2020-XXXX) Windows Media Service File Creation Elevation of Privilege Vulnerability Stored XSS Vulnerability in CMS Made Simple 2.2.13 Filemanager via .pxd File Remote Code Execution via Malicious .php.jpegd File in CMS Made Simple 2.2.13 XXE Vulnerability in dom4j Library Privilege Escalation and Code Injection Vulnerability in Ansible Engine Vulnerability: Unencrypted Decryption Temporary Directory in Ansible Engine and Ansible Tower User Registration Vulnerability in Keycloak 8.0.2 and 9.0.0 Allows Malicious Users to Remove MFA Devices Undertow HTTP Request Smuggling Vulnerability Cross-Site Scripting (XSS) Vulnerability in RESTEasy Insecure Access Control in Eclipse Che Allows Unauthorized Workspace Pod Access Unsafe ASP.Net web controls in Microsoft SharePoint Server can lead to remote code execution Race Condition Vulnerability in Kernel Versions Before 5.5: Use-After-Free in ptp_clock and cdev Resource Deallocation Archive Traversal Vulnerability in Ansible-Engine Collection Installation Vulnerability: Expression Language Injection in Hibernate Validator Privilege Escalation Vulnerability in redhat-sso-7 Container Path Traversal Vulnerability in Buildah Allows Arbitrary File Write Denial of Service Vulnerability in Ansible Tower's Memcached Integration Vulnerability: Information Disclosure in Ansible Tower Job Execution World-writable Socket Vulnerability in targetcli-fb Windows Print Spooler Arbitrary File Writing Vulnerability Use-after-free vulnerability in Samba AD DC LDAP servers allows for denial of service Missing Authorization Flaw in libvirt API Allows Denial of Service PAuth Signature Generation Flaw in QEMU NULL Pointer Dereference Vulnerability in libvirt API Stack Overflow Vulnerability in Samba Active Directory Domain Controller Undertow Expect: 100-continue Header Out of Memory Denial of Service Vulnerability Unencrypted OAuth Tokens in OpenShift Container Platform Unrestricted Access Vulnerability in Ansible Tower OAuth2 Token Authentication Windows Remote Access Common Dialog Elevation of Privilege Vulnerability Vulnerability: Disclosure of Plaintext Candlepin Password during Red Hat Satellite Update NULL Pointer Dereference Vulnerability in Linux Kernel's SELinux Subsystem Sensitive Information Exposure in OpenShift Container Platform Image Registry GRUB2 Secure Boot Bypass and Code Execution Vulnerability Session Fixation Vulnerability in WildFly Elytron OpenShift Console Content Spoofing Vulnerability Unrestricted User Input Access in Red Hat Satellite's Job Invocation Denial of Service Vulnerability in virtio-fs Shared File System Daemon Exposed Thread Context Classloader (TCCL) Setting in Wildfly Undertow HTTP Request Smuggling Vulnerability Windows Kernel Memory Object Handling Vulnerability Local Privilege Escalation Vulnerability in Linux Kernel's GRO Implementation Arbitrary Code Execution via Malicious YAML Configuration in fabric8-maven-plugin Integer Overflow Vulnerability in DPDK's vhost_user_set_log_base() Function Integer Truncation Vulnerability in DPDK Versions 17.05 and Above Information Leak Vulnerability in DPDK vhost-crypto Library Vulnerability: Segmentation Fault in DPDK vhost-user Backend Application Vulnerability: Denial of Service via Resource Leak in DPDK Plaintext Password Storage Vulnerability in ActiveMQ Artemis Management API Privilege Escalation Vulnerability in automationbroker/apb Container Insufficiently Random Password Generation in Ansible Engine ChakraCore Scripting Engine Remote Code Execution Vulnerability Samba AD LDAP Server Use-After-Free and NULL Pointer Dereference Vulnerability Vulnerability: Disabling of sVirt Isolation Mechanism in Red Hat OpenStack Platform 16 Linux Kernel Userspace Core Dump Vulnerability: Local Account Crash and Kernel Data Exfiltration Arbitrary Code Execution Vulnerability in PostgreSQL Windows Installer Vulnerability in Keycloak OIDC Logout Endpoint CSRF Protection Quadratic Time Complexity Vulnerability in Python's int() Function Authorization Bypass Vulnerability in Ceph Versions 15.2.0 - 15.2.2: Unauthorized Access to Resources Race Condition Vulnerability in mkhomedir Tool Remote Code Execution Vulnerability in Moodle Null Pointer Exception Denial of Service Vulnerability in Istio Telemetry v2 Windows Jet Database Engine Remote Code Execution Vulnerability Remote Deserialization Attack Vulnerability in Wildfly EJBs Linux Kernel Vulnerability: Index Buffer Overflow in Direct IO Write Leading to NFS Client Crash OpenShift Container Platform's Kibana Clickjacking Vulnerability Incomplete Fix for Insecure Temporary Directory Vulnerability in Ansible Engine and Ansible Tower Samba Vulnerability: Denial of Service via NetBios over TCP/IP Processing Local Access Control Vulnerability in Infinispan Server Runtime 10 Keycloak Data Filter Vulnerability: Cross-Site Scripting and URL Processing Container Networking Plugins Vulnerability: Man-in-the-Middle Attacks via Rogue IPv6 Router Advertisements Windows Subsystem for Linux Memory Object Handling Vulnerability Log File Exposure: Unauthorized Access to Kafka Credentials in Jaeger Tracing Vulnerability in Linux Kernel's SELinux LSM Hook Implementation OAuthToken Leakage in OpenShift API Server Logs CORS ExposeHeader Tag Injection Vulnerability in Red Hat Ceph Storage RadosGW Insecure Authentication in nmcli: Ignoring 802-1x.ca-path and 802-1x.phase2-ca-path Settings Insecure Credentials Exposure in OpenStack Cinder with Dell EMC ScaleIO/VxFlex OS Backend Storage Driver Out-of-Bounds Read Vulnerability in QEMU's SLiRP Networking Implementation Privilege Escalation Vulnerability in Linux Kernel's DAX Huge Pages Handling Keycloak DoS Vulnerability: Content-Length Header Exceeds Request Body PGP Signature Bypass Vulnerability in fwupd Allows Installation of Unsigned Firmware Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Use-After-Free Vulnerability in Samba LDAP Server Assertion Failure Vulnerability in QEMU Network Block Device (NBD) Server Sensitive Information Disclosure in gluster-block CLI Operations Logging Local Access Information Disclosure Vulnerability in Heketi Server Vulnerability: Logic Bug in Linux Kernel SSBD Protection Vulnerability in Linux Kernel's Enhanced IBPB Implementation Allows Spectre V2 Style Attack Linux Kernel Vulnerability: Prctl() Function Allows Indirect Branch Speculation and Spectre v2 Attacks Buffer Over-read Vulnerability in RH Kernel Versions before 5.0 in crypto_authenc_extractkeys Windows Runtime Object Handling Elevation of Privilege Vulnerability Server-side Request Forgery (SSRF) Vulnerability in Keycloak CSRF Vulnerability in Infinispan Version 10 Allows Unauthorized Actions via GET Requests Incomplete Fix for CVE-2020-12662 in Unbound Shipped in Red Hat Enterprise Linux 7 Stack Information Leak Vulnerability in Linux Kernel's Memory Manager Memory Disclosure Vulnerability in Linux Kernel's sysctl Subsystem Open Redirect Vulnerability in oVirt-Engine: Phishing Attack Vector Unsafe Redirect URI Parameter Allows Cross-site Scripting Attack in Keycloak Stored XSS Vulnerability in Red Hat CloudForms Report Menu Feature Business Logic Flaw: Unauthorized Editing of Read-Only Widgets in Red Hat CloudForms 4.7 and 5 Insecure Direct Object References (IDOR) and Access Control Bypass in Red Hat CloudForms 4.7 and 5 Windows Installer Elevation of Privilege Vulnerability CSV Injection Vulnerability in Red Hat CloudForms 4.7 and 5 ZRAM Device Node Creation Vulnerability Vulnerability: Sensitive Information Exposure in Ansible 3.7.0 Role-based Privilege Escalation Vulnerability in Red Hat CloudForms 4.7 and 5 Vulnerability: Remote Command Execution in Vesta Control Panel (0.9.8-26) via Cron Jobs Vulnerability: Elevation of Privilege in Vesta Control Panel via v-change-user-password Insecure API Key Generation in openITCOCKPIT before 3.7.3 Arbitrary OS Command Execution in openITCOCKPIT before 3.7.3 Windows Object Memory Handling Elevation of Privilege Vulnerability Unnecessary Files in openITCOCKPIT before 3.7.3 Web Root XSS Vulnerability SSRF Vulnerability in GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 Remote Configuration of self::DEVELOPMENT or self::STAGING Option in openITCOCKPIT Privilege Escalation via Modified Email ID in CodeIgniter Unauthenticated Path Traversal Vulnerability in Gira TKS-IP-Gateway 4.0.7.7 Authenticated Remote Code Execution in Gira TKS-IP-Gateway 4.0.7.7 via Web Frontend Backup Functionality XSS Vulnerability in pfsense diag_ping.php Page (Before 2.4.5) XXE Vulnerability in svglib Package for Python via svg2rlg Call Windows Hyper-V Elevation of Privilege Vulnerability Arbitrary Code Execution via Manipulated Location Header in Lix 15.8.7 SQL Injection Vulnerability in phpMyAdmin TableSearchController.php SQL Injection and Cross-Site Scripting (XSS) Vulnerability in phpMyAdmin SQL Injection Vulnerability in phpMyAdmin Arbitrary Code Execution via PHP Code Upload in eZ Publish and eZ Publish Legacy Authentication Bypass Vulnerability in Caldera (before 2.6.5) via Forged localhost HTTP Host Header Command Injection Vulnerability in Vesta Control Panel (VestaCP) Backup Listing Endpoint Heap-based Buffer Overflow in HDF5's Decompress() Function Windows Printer Service File Path Validation Vulnerability NULL Pointer Dereference in H5AC_unpin_entry() Function Leads to Denial of Service in HDF5 Heap-based Buffer Over-read in H5O__layout_decode() Function in HDF5 NULL Pointer Dereference in H5F_get_nrefs() Function Leads to Denial of Service in HDF5 Buffer Overflow Vulnerability in FTPDMIN 0.96 Allows Server Crash via Crafted Packet Buffer Overflow Vulnerability in Code::Blocks 17.12 Allows Arbitrary Code Execution via Crafted Project File Remote Unauthenticated Server Registration Vulnerability in Zoho ManageEngine Applications Manager SQL Injection Vulnerability in Custom Searchable Data Entry System Plugin for WordPress Remote Command Execution in Artica Proxy 4.26 via Shell Metacharacters in Modify the Hostname Field Cross-Site Scripting (XSS) Vulnerability in Nagios XI 5.6.11 via ldap_ad_integration username parameter Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Cross-Site Scripting (XSS) Vulnerability in Nagios XI 5.6.11 via ldap_ad_integration Password Parameter Cross-Site Scripting (XSS) Vulnerability in Nagios XI 5.6.11 via account/main.php theme parameter Stack-based Buffer Overflow in Draytek Vigor Devices (Issue 1 of 3) Stack-based Buffer Overflow in Draytek Vigor Devices (Issue 2 of 3) Stack-based Buffer Overflow in Draytek Vigor Devices: Remote Code Execution (Issue 3/3) Command Injection Vulnerability in Draytek Vigor3900, Vigor2960, and Vigor300B Devices Stack-based Buffer Overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B Devices before 1.5.1: Remote Code Execution Vulnerability Stack-Based Buffer Overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B Devices before 1.5.1 Allows Remote Code Execution Samsung Mobile Devices Broadcom Chipsets Kernel Driver Heap Overflow Vulnerability Information Disclosure Vulnerability in Microsoft Windows Graphics Component Lockdown Mode PIN Bypass Vulnerability on Samsung Mobile Devices Arbitrary Touch-Screen Firmware Update Vulnerability on Samsung Mobile Devices (SVE-2019-16013) Exynos Kernel Wi-Fi Driver Buffer Overflow Vulnerability DeX Lockscreen Vulnerability Allows Unauthorized Access to Quick Panel and Notifications on Samsung Mobile Devices Lock Screen Notification Disclosure Vulnerability on Samsung Mobile Devices with P(9.0) Software Buffer Overflow Vulnerability in Samsung Mobile Devices Widevine Trustlet Vulnerability on Samsung Mobile Devices with Exynos Chipsets Stack Overflow and Arbitrary Code Execution Vulnerability in Samsung Mobile Devices Use-after-free Vulnerability in Samsung Mobile Devices (SVE-2019-16132) Samsung Mobile Devices Vulnerability: SIM Card Bypass of Factory Reset Protection (SVE-2019-16193) Connected User Experiences and Telemetry Service Denial of Service Vulnerability Kernel Pointer Leak in Samsung Exynos 9610 Chipsets (SVE-2019-16293) Arbitrary kfree Vulnerability in Samsung Exynos 9610 Chipsets (SVE-2019-16294) Heap Out-of-Bounds Write Vulnerability in Samsung Mobile Devices (SVE-2019-16295) Race Conditions in Samsung Mobile Devices' HDCP2 Driver (SVE-2019-16296) Out-of-Bounds Read Vulnerability in Samsung Mobile Devices (SVE-2019-16333) Race Condition Leading to Use-After-Free Vulnerability in Samsung Mobile Devices (SVE-2019-16520) Samsung Mobile Devices OEM Unlock Feature Vulnerability Facial Recognition Spoofing Vulnerability on Samsung Galaxy S8 and Note8 (SVE-2019-16614) Arbitrary Memory Mapping Vulnerability in Samsung Exynos 9810 Chipsets (SVE-2019-16665) Brute-Force Attack Vulnerability on Samsung Mobile Devices (SVE-2019-14575) Windows Function Discovery Service Elevation of Privilege Vulnerability Buffer Overflow Vulnerability in Samsung Exynos Chipsets' Secure Bootloader Stack Overflow Vulnerability in Samsung Mobile Devices (SVE-2019-15876) Stack Overflow Vulnerability in Samsung Display Driver (SVE-2019-15877) Gallery Data Leakage Vulnerability on Samsung Mobile Devices with P(9.0) Software Kernel Stack Address Leakage Vulnerability on Samsung Mobile Devices (SVE-2019-16161) Bypassing Factory Reset Protection (FRP) via AppTray on Samsung Mobile Devices (SVE-2019-16192) Remote Code Execution in Zulip Desktop before 5.0.0 via Improper Use of shell.openExternal and shell.openItem Unauthenticated Webcam and Microphone Recording Vulnerability in Zulip Desktop Arbitrary File Writes Vulnerability in Zoho ManageEngine Desktop Central before 10.0.484 Windows Runtime Object Handling Elevation of Privilege Vulnerability Arbitrary Memory Address Overwrite Vulnerability in Avast Antivirus Leads to Denial of Service Arbitrary File Deletion Vulnerability in Avast Antivirus Local Privilege Escalation (LPE) Vulnerability in Avast Antivirus Avast Antivirus RPC Shutdown Vulnerability Remote Reboot Vulnerability in Avast Antivirus Arbitrary Changes to Components Section of Stats.ini File via Avast Antivirus RPC Endpoint Avast Antivirus Network Interface Enumeration Vulnerability Bypassing Access Restrictions in Avast Antivirus TaskEx Library Vulnerability: Privilege Escalation via Avast Antivirus Repair App RPC Call Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Predictable Temporary Directory Names in Zim: Denial of Service Vulnerability OpenWrt LuCI git-20.x Vulnerability: Unauthenticated Retrieval of Installed Packages and Services Remote Code Execution Vulnerability in Motorola FX9500 Devices Motorola FX9500 Devices: Absolute Path Traversal Vulnerability Vulnerability: Brute Force Attack on OKLOK (3.1.1) Mobile Companion App for Fingerprint Bluetooth Padlock FB50 (2.3) Integer Overflow and Instruction Injection Vulnerability in Perl Command Injection Vulnerability in rConfig before 3.9.5 Windows Error Reporting Elevation of Privilege Vulnerability Archer A7 Firmware Ver: 190726 AC1750 Router Remote Code Execution Vulnerability Archer A7 Firmware Ver: 190726 AC1750 Routers Remote Code Execution Vulnerability Privilege Escalation Vulnerability in TP-Link Archer A7 Firmware Ver: 190726 AC1750 Routers Archer A7 Firmware Ver: 190726 AC1750 Router Arbitrary Code Execution Vulnerability Archer A7 Firmware Ver: 190726 AC1750 Router Remote Code Execution Vulnerability Archer A7 Firmware Ver: 190726 AC1750 Routers Remote Code Execution Vulnerability Firewall Bypass Vulnerability in TP-Link Archer A7 Firmware Ver: 190726 AC1750 Routers Unauthenticated Remote Privilege Escalation in TP-Link Archer A7 Firmware Ver: 190726 AC1750 Routers Arbitrary Code Execution via Type Confusion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via ConvertToPDF Command in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via Type Confusion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via CombineFiles Command in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 via U3D Objects in PDF Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution via U3D Handling in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution via XFA Template Processing in Foxit Reader 9.7.1.29511 Windows Runtime Elevation of Privilege Vulnerability Arbitrary Code Execution Vulnerability in Foxit Reader 9.7.1.29511 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 via U3D Objects in PDF Files (ZDI-CAN-10461) Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 via U3D Object Handling Arbitrary Code Execution via U3D Handling in Foxit PhantomPDF 9.7.1.29511 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 via U3D Object Handling Arbitrary Code Execution Vulnerability in Foxit Reader 9.7.1.29511 Arbitrary Code Execution via XFA Forms Widget Handling in Foxit Reader 9.7.1.29511 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via AddWatermark Command in Foxit PhantomPDF 9.7.0.29478 Windows GDI Information Disclosure Vulnerability Arbitrary Code Execution via RotatePage Command in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via Type Confusion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via Type Confusion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via OCRAndExportToExcel Command in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution Vulnerability in VEEAM One Agent 9.5.4.4587 Remote Code Execution Vulnerability in VEEAM One Agent 9.5.4.4587 Authentication Bypass and Privilege Escalation Vulnerability in TP-Link TL-WA855RE Wi-Fi Extenders Remote Code Execution in NEC ESMPRO Manager 6.42 via RMI Service Deserialization Authentication Bypass Vulnerability in C-MORE HMI EA9 Firmware version 6.52 Unauthenticated Remote Disclosure of Sensitive Information in C-MORE HMI EA9 Firmware 6.52 Internet Explorer Remote Code Execution Vulnerability Unauthenticated Remote Code Execution in C-MORE HMI EA9 Firmware version 6.52 Unauthenticated Remote Command Execution in C-MORE HMI EA9 Firmware version 6.52 Denial-of-Service Vulnerability in C-MORE HMI EA9 Firmware version 6.52 Authentication Bypass Vulnerability in NETGEAR R6700 V1.0.4.84_10.0.58 Routers NETGEAR R6700 V1.0.4.84_10.0.58 Router Authentication Bypass via UPnP Service Vulnerability Unauthenticated Remote Code Execution via HTTPS Certificate Validation in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Unauthenticated Remote Code Execution in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Unauthenticated Remote Code Execution in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Arbitrary Code Execution Vulnerability in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Arbitrary Code Execution Vulnerability in NETGEAR R6700 V1.0.4.84_10.0.58 Routers VBScript Object Memory Handling Remote Code Execution Vulnerability Unauthenticated Information Disclosure Vulnerability in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Denial of Service Vulnerability in Memcached 1.6.x Vulnerability: Side-Channel Attack on ECDSA Private Key Recovery Heap Data Exposure in BasicSocket#read_nonblock Method File Upload Vulnerability in Acyba AcyMailing before 6.9.2 XSS Vulnerability in Zulip Server Allows Account Takeover via Markdown Link Privilege Escalation Vulnerability in Sympa before 6.2.56 Ephemeral Identity Poisoning: Exploiting IPFS Connection Management Reputation System Integer Overflow and Heap-Based Buffer Overflow in GraphicsMagick's HuffmanDecodeImage Local Privilege Escalation Vulnerability in PHOENIX CONTACT PC WORX SRT through 1.14 Windows Work Folder Service Elevation of Privilege Vulnerability Local Privilege Escalation Vulnerability in PHOENIX CONTACT PORTICO SERVER 3.0.7 Cache Side-Channel Attack in Arm Mbed TLS: Exposing RSA Private Key Kernel Stack Corruption Vulnerability in Linux Kernel's get_raw_socket Function Cross-Site Scripting Vulnerability in HashiCorp Nomad and Nomad Enterprise (CVE-2021-12345) Session ID Exposure in Centreon Server Responses Cross-site scripting (XSS) vulnerability in Centreon host-monitoring, service-monitoring, and tactical-overview widgets Privilege Escalation Vulnerability in Mac Endpoint for Sophos Central and Sophos Home Remote Command Execution Vulnerability in Jon Hedley AlienForm2 2.0.2 Clickjacking Vulnerability in Western Digital My Cloud Home and ibi Devices Unauthorized Docker Image Pull/Push by Blocked Users in GitLab EE/CE 8.11 through 12.9.1 Path Traversal Vulnerability in GitLab EE NPM Feature GitLab 12.9 and below: Repository Archive Download Denial of Service Vulnerability Unauthorized Access to Content via Parameter Tampering in GitLab Upload Feature SSRF Vulnerability in GitLab Project Import Note Feature NULL Pointer Dereference Vulnerability in Dovecot Submission Use-After-Free Vulnerability in Dovecot SMTP/LMTP Handling Remote Logout and External Redirection Vulnerability in MediaWiki Edge PDF Reader Remote Code Execution Vulnerability Arbitrary CSS Class Injection in MediaWiki Incorrect Access Control Vulnerability in PowerShell App Deployment Toolkit Unrestricted File Upload and Remote Code Execution in FrozenNode Laravel-Administrator (<=5.0.12) Arbitrary Code Execution Vulnerability in Serendipity before 2.3.4 on Windows Unauthenticated Password Reset Vulnerability in Teradici PCoIP Management Console Host Header Manipulation Vulnerability in VESTA and Hestia Control Panels Allows Account Takeover Dovecot 2.3.10.1 Vulnerability: Remote Crash via Empty Localpart in Mail FasterXML jackson-databind 2.x before 2.9.10.4 RCE Vulnerability FasterXML jackson-databind 2.x Vulnerability: Serialization Gadget Mishandling with javax.swing.JEditorPane Windows GDI Information Disclosure Vulnerability Command Execution Vulnerability on Wavlink Jetstream Devices Clear-text Administrator Password Exposure Vulnerability Unauthenticated Remote Configuration Disclosure in Wavlink Routers Unauthenticated Cleartext Password Disclosure in Wavlink and Jetstream Devices Unauthorized Access to Vulnerability Metadata and Comments in GitLab EE/CE 10.8 to 12.9 Information Leakage in GitLab EE/CE 8.17 to 12.9 Merge Request Widget Path Traversal Vulnerability in GitLab EE/CE 8.5 to 12.9: Issue Movement Allows Unauthorized File Access Information Leakage in GitLab: Public-to-Private Project Issue Transfer Vulnerability Unauthorized Access to Restricted CI Pipeline Metrics in GitLab EE/CE 11.10 to 12.9 Elevation of Privilege Vulnerability in Shell Infrastructure Component Blind SSRF Vulnerability in GitLab EE/CE FogBugz Integration Pipeline Trigger Description Modification Vulnerability SQL Injection Vulnerability in Gambio GX admin/gv_mail.php SQL Injection Vulnerability in Gambio GX admin/mobile.php CSRF Vulnerability in Gambio GX before 4.0.1.0 Cross-Site Scripting (XSS) Vulnerability in Gambio GX before 4.0.1.0 in admin/coupon_admin.php CSRF Vulnerability in Tenda AC15 AC1900 Version 15.03.05.19 Arbitrary Command Execution in Tenda AC15 AC1900 Version 15.03.05.19 Hard-coded Telnet Credential Vulnerability in Tenda AC15 AC1900 Version 15.03.05.19 Remote Code Execution via XSS in Tenda AC15 AC1900 Version 15.03.05.19 Microsoft Office SharePoint XSS Vulnerability XXE Vulnerability in Accenture Mercury Platform XXE (XML External Entity) Vulnerability in Mulesoft APIkit through 1.3.0 XML External Entity (XXE) Vulnerability in Azkaban 3.84.0 XXE Vulnerability in Osmand 2.0.0 through binary/BinaryMapIndexReader.java Out-of-Bounds Read Vulnerability in libImaging/Jpeg2KDecode.c in Pillow Amplification Attack Vulnerability in PowerDNS Recursor 4.1.0 - 4.3.0 Static Transition Key Vulnerability in Percona XtraDB Cluster Command Line Information Leakage in Percona XtraBackup Microsoft Office SharePoint XSS Vulnerability URL Parsing Vulnerability in GreenBrowser (pre-1.2) Allows Access Control Bypass Cross-Site Scripting (XSS) Vulnerability in Wagtail Admin Interface Remote Code Execution Vulnerability in dropwizard-validation Potential DNS Rebinding and CSRF Vulnerability in Oasis (Versions < 2.15.0) SQL Injection Vulnerability in Admidio before version 3.3.13 Unauthenticated Decryption Vulnerability in WindowsHello Open Source Library Script Injection Vulnerability in Shopizer (CVE-XXXX-XXXX) Unvalidated Negative Quantity Vulnerability in Shopizer Vulnerability: Git Credential Leakage via Blank Pattern Unauthorized Access to Execution Data and Job Details in Rundeck (CVE-2021-21290) Microsoft Office SharePoint XSS Vulnerability SQL Injection Vulnerability in Tortoise ORM Arbitrary Code Execution Vulnerability in Phproject (<=1.7.8) Authentication Bypass Vulnerability in MinIO Admin API Information Disclosure Vulnerability in Helm 3.1.0 and Earlier Versions Vulnerability in Electron-Cash-SLP Allows Unauthorized Token Minting and Destruction Vulnerability: MAC Address Spoofing in thinx-device-api IoT Device Management Server Arbitrary Code Execution Vulnerability in IntelMQ Manager Double Free Vulnerability in FreeRDP 2.0.0 and Below Resource Exhaustion Vulnerability in FreeRDP <= 2.0.0 Invalid Array Index Read Vulnerability in FreeRDP 2.0.0 Microsoft SharePoint Remote Code Execution Vulnerability Authentication Bypass Vulnerability in Faye (NPM, RubyGem) Authorization Header Disclosure in Actions Http-Client (NPM @actions/http-client) jQuery Untrusted HTML Code Execution Vulnerability jQuery DOM Manipulation Vulnerability: Untrusted Code Execution via <option> Elements Man-in-the-Middle Vulnerability in Moonlight iOS/tvOS Prior to v4.0.1 Cross-Site Scripting (XSS) Vulnerability in WordPress Customizer Navigation Section File Upload Script Execution Vulnerability in WordPress WordPress Password Reset Link Expiration Vulnerability Unauthenticated Disclosure of Private Posts in WordPress Cross-Site Scripting (XSS) Vulnerability in WordPress Object Cache Microsoft SharePoint Server Cross-Site Search Attack Vulnerability WordPress Block Editor Search Block Script Execution Vulnerability Insecure Encryption Algorithm in GLPI Prior to Version 9.5.0 SQL Injection Vulnerability in GLPI Helpdesk Instances (Versions Prior to 9.4.6) User Enumeration and Privilege Escalation in GLPI API Open Redirect Bypass Vulnerability in GLPI (Versions Prior to 9.4.6) Insecure CSRF Token Generation in GLPI Versions 0.83.3 to 9.4.5 GLPI before version 9.4.6 - Multiple Stored XSS Vulnerabilities in Knowledge Base Comments Timing Attack Vulnerability in Wagtail's Privacy Controls Integer Overflow to Buffer Overflow in FreeRDP 2.0.0 and below Arbitrary Memory Access Vulnerability in FreeRDP 2.0.0 Microsoft SharePoint Server Spoofing Vulnerability Out-of-Bound Data Read Vulnerability in FreeRDP 2.0.0 Unchecked Array Index Vulnerability in FreeRDP 2.0.0 and Below Out-of-Bounds Read Vulnerability in FreeRDP 1.1 to 2.0.0 Out-of-Bounds Read Vulnerability in FreeRDP 2.0.0 Double Free Vulnerability in FreeRDP 1.2 - 2.0.0 Out-of-Bound Read Vulnerability in FreeRDP Stream Out-of-Bounds Seek Vulnerability in FreeRDP (1.0 - 2.0.0) Out-of-Bounds Read Vulnerability in FreeRDP Out-of-Bounds Read Vulnerability in FreeRDP (1.0 - 2.0.0) Out-of-Bound Read Vulnerability in FreeRDP (Versions 1.1 - 2.0.0) Microsoft SharePoint Server Spoofing Vulnerability Improper Validation of Certificate with Host Mismatch in Java-WebSocket 1.4.1 and below Stored XSS vulnerability in Wiki.js Markdown Editor Brute Force Vulnerability in Sorcery Password Authentication Open Redirect Vulnerability in OAuth2 Proxy before 5.1.1 Misleading URL Color Display Vulnerability in qutebrowser XSS Vulnerability in Comment Creation in BookStack (0.18.0 - 0.29.1) Server-Side Template Injection in Sprout Forms Notification Emails Unrestricted Script Execution in XWiki Personal Dashboards Out-of-Bounds Seek Vulnerability in FreeRDP Environment Variable Leakage in AEgir 21.7.0 - 21.10.1 Microsoft Office SharePoint XSS Vulnerability Command Execution via Backup Functionality in GLPI Heap Overflow Vulnerability in Bareos Director Reflexive XSS Vulnerability in GLPI Dropdown Endpoints Time-Based User Enumeration Vulnerability in TYPO3 CMS 10.4.0 and 10.4.1 Cross-Site Scripting (XSS) Vulnerability in TYPO3 CMS 9.0.0 - 9.5.17 and 10.0.0 - 10.4.2 Cross-Site Scripting (XSS) Vulnerability in TYPO3 CMS 9.5.12 - 9.5.17 and 10.2.0 - 10.4.2 Arbitrary Directory Deletion and Email Message Submission Vulnerability in TYPO3 CMS Insecure Deserialization Vulnerability in TYPO3 CMS Backend User Settings Reception Buffer Overflow Vulnerability in LoRaMac-node Same-Site Request Forgery (SSRF) Vulnerability in TYPO3 CMS Microsoft SharePoint Server Spoofing Vulnerability Cross-Site Scripting Vulnerability in SVG Sanitizer Extension for TYPO3 False-Negative Validation Vulnerability in SLPJS npm Package (slpjs) Prior to 0.27.2 False-Negative Validation Vulnerability in SLP Validate (CVE-2020-11071) Arbitrary Code Execution via Malicious .venv File in Autoswitch Python Virtualenv Stored XSS Vulnerability in PrestaShop Versions 1.5.3.0 to 1.7.6.6 Shell Escape Vulnerability in Anchore Engine 0.7.0 HTTP Response Smuggling Vulnerability in Puma RubyGem Proxy Response Smuggling Vulnerability in Puma RubyGem Unescaped URI Manipulation Vulnerability in httplib2 Arbitrary Command Execution Vulnerability in node-dns-sync (npm module dns-sync) through 0.2.0 .NET Web Request Denial of Service Vulnerability Denial of Service Vulnerability in nghttp2 before version 1.41.0 Privilege Escalation via DLL Hijacking in osquery Arbitrary Code Injection Vulnerability in Kaminari Pagination Links Stored XSS vulnerability in Markdown FormWidget in versions 1.0.319 to 1.0.466 Command Injection Vulnerability in iPear's eval() Function Out-of-Bounds Read Vulnerability in FreeRDP before 2.1.0 Out-of-Bound Read Vulnerability in FreeRDP 2.0.0 and Below Out-of-Bound Read Vulnerability in FreeRDP 2.0.0 and Below Out-of-Bound Read Vulnerability in FreeRDP 2.0.0 and Below Out-of-Bound Read Vulnerability in FreeRDP Windows Update Stack Elevation of Privilege Vulnerability Uncontrolled Resource Consumption Vulnerability in Indy Node 1.12.2 Weave Net DNS Hijacking Vulnerability Unauthenticated Ledger Modification in Hyperledger Indy Node Vulnerability: Unauthenticated Access to Request Information in October CMS Debugbar Plugin Out-of-Bounds Read Vulnerability in FreeRDP Global OOB Read Vulnerability in FreeRDP before Version 2.1.2 Out of Bounds Read Vulnerability in FreeRDP Out-of-Bound Read Vulnerability in FreeRDP Glyph Cache Out of Bounds Read Vulnerability in FreeRDP Windows Update Stack Elevation of Privilege Vulnerability Arbitrary Heap Write Vulnerability in HAProxy HPACK Decoder Unauthenticated Session Hijacking in Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 Buffer Overflow in QEMU 4.2.0: Unvalidated Frame Size in hw/net/tulip.c Remote Code Execution Vulnerability in JsLink in Webswing Memory Leakage in USC iLab Cereal Serialization Memory Layout Dependency in USC iLab Cereal Caching Vulnerability Stored XSS vulnerability in Responsive Filemanager through 9.14.0 Arbitrary Command Execution Vulnerability in XAMPP on Windows Arbitrary File Upload and Remote Code Execution in Pi-hole Gravity Updater Windows Clipboard Service Elevation of Privilege Vulnerability Stored XSS Vulnerability in Grafana OriginalUrl Field Deserialization Vulnerability in FasterXML Jackson-databind 2.x Remote Code Execution Vulnerability in FasterXML Jackson-Databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Buffer overflow vulnerability in Bluetooth devices in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344 Buffer Over Read Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables Out of Bound Write Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables Arbitrary File Overwrite and Remote Code Execution Vulnerability in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980 Improper Check of Beacon IE Frame in Snapdragon Processors Buffer Over-read Vulnerability in Multiple Snapdragon Platforms Windows Background Intelligent Transfer Service (BITS) IIS Module Content Handling Elevation of Privilege Vulnerability Use After Free Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in WIFI Hal Process in Snapdragon Chips Critical Null Pointer Exception Vulnerability in Snapdragon Auto, Consumer IOT, and Mobile Devices Gatekeeper TrustZone Implementation Vulnerability in Snapdragon Processors Use-after-free vulnerability in diag client map table in multiple Snapdragon platforms Out of Bound Access Vulnerability in MHI Command Process in Multiple Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms Vulnerability in Snapdragon Processors: Integer Overflow Leading to Buffer Overflow in Extensible Boot Loader Out of Bound Access Vulnerability in Multiple Snapdragon Platforms Memory Use-After-Free Vulnerability in Snapdragon Consumer IOT, Snapdragon Mobile Windows Task Scheduler RPC Verification Bypass Vulnerability Possible Buffer Overflow Vulnerability in WIFI HAL Process in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile Integer Overflow Vulnerability in WMA Message Processing in Snapdragon Platforms Buffer Over Read Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Multiple Chipsets Out-of-Bound Array Write Vulnerability in rxdco cal Utility in Snapdragon Processors Stack Out-of-Bound Write Vulnerability in Snapdragon Platforms Vulnerability: Reachable Assertion in Ape Clip Parser in Snapdragon Processors Buffer Over-read Vulnerability in Audio Driver in Snapdragon Platforms Critical Integer Multiplication Overflow Vulnerability in Multiple Snapdragon Platforms Uninitialized Pointer Vulnerability in Multiple Snapdragon Platforms Critical Vulnerability: Out of Bound Memory Access in Multiple Snapdragon Platforms Windows Kernel Object Handling Elevation of Privilege Vulnerability ALAC Modified Content Vulnerability in Snapdragon Platforms Buffer Over-read Vulnerability in Bluetooth Estack Critical Vulnerability: Out of Bound Memory Access in Snapdragon Platforms during Music Playback Buffer Over-read Vulnerability in Snapdragon Platforms Improper Validation of Master and Extension Header SN Leads to Divide by Zero Vulnerability in Snapdragon Platforms Critical Out-of-Bound Write Vulnerability in Snapdragon Platforms Use After Free Vulnerability in Audio Modules during Object Removal in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile Use After Free Vulnerability in HIDL Callbacks in Snapdragon Platforms Out-of-Range Pointer Offset Vulnerability in Snapdragon Platform Elevation of Privilege Vulnerability in Windows Common Log File System (CLFS) Driver Critical Out-of-Bounds Memory Access Vulnerability in Snapdragon Platform Camera Driver Race Condition in User Space IOCTL Leads to Use After Free Vulnerability in Snapdragon Platforms Race condition vulnerability in HAL layer of Snapdragon platforms Critical Remote Code Execution Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Bluetooth PDU Packet Processing in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 Buffer Over-read Vulnerability in Bluetooth Estack: Lack of Length Validation in L2cap Packet Handling Denial of Service Vulnerability in Snapdragon Platforms Denial of Service Vulnerability in HP OfficeJet Pro 8210 JBIG2 Filter Buffer Over-read Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wired Infrastructure and Networking Windows CSRSS Information Disclosure Vulnerability Resource Leakage Issue in Snapdragon Platforms during DCI Client Registration Vulnerability: Out-of-Bounds Memory Access in Snapdragon Platforms Possible buffer overflow vulnerability in MHI driver in multiple Snapdragon platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms during IKEv2 Parameter Update Improper Access Control in Perfdump Broadcasts: Privilege Escalation Vulnerability Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Padding Octets in ROHC Header Can Trigger Out of Bound Read Exception in Snapdragon Platforms L2CAP Packet Length Memory Corruption Vulnerability in Snapdragon Platforms Null-pointer dereference vulnerability allows buffer access beyond its size in Snapdragon processors Critical Buffer Over-read Vulnerability in Multiple Snapdragon Platforms ICM32.dll Remote Code Execution Vulnerability Vulnerability: Out of Bound Memory Access in Snapdragon Platforms during Music Playback with Crafted Vorbis Content Buffer Over-read Vulnerability in Snapdragon Platforms Stack Overflow Vulnerability in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980 Race Condition Vulnerability in FastRPC Driver in Snapdragon Platforms Array index underflow vulnerability in adsp driver Use After Free Vulnerability in Bluetooth Transport Driver in Snapdragon Devices Heap Overflow Vulnerability in Snapdragon Platforms Insecure Validation Allows Overwriting Security Code NV Item in Snapdragon Devices Memory Overwrite Vulnerability in Multiple Snapdragon Platforms Kernel Address Overwrite Vulnerability in Snapdragon Platforms Windows TLS Key Exchange Denial of Service Vulnerability Critical Out-of-Bound Access Vulnerability in Snapdragon Platforms' Computer Vision Control Improper Validation of Buffer Pointer in Snapdragon Process Control Command Handling Heap Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Services Enables Privilege Escalation Buffer overflow vulnerability in video parsing of mp4 clips with crafted esds atom size WLAN Driver Out-of-Bounds Vulnerability in Snapdragon Platforms Infinite Loop Vulnerability in Snapdragon Auto, Compute, Connectivity, and Mobile Modems Memory Corruption Vulnerability in Snapdragon Auto, Connectivity, and Mobile Modules Buffer Over-read Vulnerability in Snapdragon Platforms Buffer Over-read Vulnerability in Snapdragon Platforms Information Disclosure Vulnerability in StartTileData.dll Buffer Over-read Vulnerability in Snapdragon Platforms Null String Out-of-Bound Read Vulnerability in Multiple Snapdragon Platforms Critical Out-of-Bound Write Vulnerability in Snapdragon Platforms Improper Typecasting Vulnerability in Snapdragon Processors Improper Length Check Vulnerability in Snapdragon Platforms Improper Length Check Vulnerability in Snapdragon Platforms Integer Overflow to Buffer Overflow Vulnerability in Snapdragon Processors Integer Overflow Vulnerability in Stream Info Update in Snapdragon Platforms Insecure Wiping of Key Material in Multiple Snapdragon Platforms Stack Canary Information Exposure Vulnerability in Multiple Snapdragon Platforms Connected User Experiences and Telemetry Service Denial of Service Vulnerability Unvalidated Input in Snapdragon Platforms Leads to Buffer Over-read Vulnerability Arbitrary Access to DSP Memory: Improper Check in Loaded Library Vulnerability in Snapdragon Platforms Buffer Overflow/Underflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, and Mobile Processors Potential Stack Overflow Vulnerability in Snapdragon Platforms due to Large GSM/WCDMA Broadcast Config Size Critical Vulnerability: Memory Corruption and Information Leakage in Multiple Snapdragon Sub-Systems Critical Heap Overflow Vulnerability in Snapdragon Auto, Compute, and Mobile Processors Possible Buffer Overflow Vulnerability in Fastrpc Critical Buffer Overflow Vulnerability in LibFastCV Library in Snapdragon Devices Critical Out of Bounds Vulnerability in DSP Services: Improper Length Validation in Multiple Qualcomm Chipsets Vulnerability: Unauthorized Downgrade of Library Versions in Qualcomm Chipsets Windows Clipboard Service Elevation of Privilege Vulnerability Memory Corruption Vulnerability in Snapdragon Chipsets: Improper XPU Configuration in Multiple Product Lines Improper Length Field Check Vulnerability in Snapdragon Platforms Improper Validation of Length Fields in Snapdragon Platforms: Out-of-Bound Read Vulnerability Critical Buffer Over-read Vulnerability in Snapdragon Platforms Improper Minimum Length Check Vulnerability in Snapdragon Platforms Critical Buffer Over Read Vulnerability in Snapdragon Video Driver Critical Vulnerability in Audio Driver: Double Free or Invalid Memory Access in Snapdragon Compute, Connectivity, Industrial IOT, and Mobile Denial of Service Vulnerability in Snapdragon Platforms due to Lack of Data Validation in LTE betaOffset-RI-Index Configuration Elevation of Privilege Vulnerability in Windows Language Pack Installer Time of Check/Time of Use Vulnerability in Snapdragon Platforms Insecure Syscall Handling Leads to Clear Text Extraction of Secure QTEE Diagnostic Information Improper Length Check in Snapdragon Platforms Leads to Buffer Over Read Vulnerability Critical Out-of-Bounds Vulnerability in Snapdragon Camera Driver Critical Out-of-Bound Access Vulnerability in Snapdragon WLAN Driver Critical Memory Read Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Improper Policy Allows Unprivileged Access in Multiple Snapdragon Platforms Connected User Experiences and Telemetry Service Denial of Service Vulnerability Critical Vulnerability: Arbitrary Memory Corruption in qseecom Driver Exposing Physical Addresses in Snapdragon Platforms Concurrent Function Call Vulnerability in Snapdragon Platforms Time-of-Check Time-of-Use Race Condition in Snapdragon Platforms Use After Free Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Invalid total dimension value in non-histogram KPIs leading to memory corruption vulnerability in Snapdragon Auto, Compute, Connectivity, and Mobile Unprotected Access to Histogram Definition Leads to Memory Crash in Snapdragon Platforms Buffer Over-read Vulnerability in Snapdragon Platforms Importing DMA Buffer: Use After Free Vulnerability in Snapdragon Platforms Windows State Repository Service Elevation of Privilege Vulnerability Memory Corruption Vulnerability in Snapdragon Platforms Vulnerability: Out-of-Bound Read in EAPOL Key Length Processing Memory Access Vulnerability in Snapdragon Industrial IOT and Snapdragon Mobile Denial of Service Vulnerability in Snapdragon Auto, Compute, Connectivity, and Mobile due to RRC Connection Establishment Flaw Lack of Input Validation in Snapdragon Platforms' Access Control Driver Leads to Unintended Reads and Writes by NS EL2 Double Free Vulnerability in Snapdragon Devices during Secure Playback Critical Vulnerability: Out-of-Bound Memory Read in Snapdragon Platforms Windows Runtime Object Handling Elevation of Privilege Vulnerability Race condition vulnerability leading to use after free in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, Wired Infrastructure and Networking device drivers DTMF Payload Out-of-Bounds Read Vulnerability in Snapdragon Platforms Vulnerability: TrustZone Initialization Code Enables Information Disclosure in Multiple Snapdragon Platforms Critical Vulnerability: Arbitrary Memory Write Exploit in Snapdragon Drivers Memory Corruption Vulnerability in Snapdragon Platforms: Unchecked Dereferencing of Session Context Pointer Memory Leakage Vulnerability in Snapdragon Platforms Unvalidated Pointer Vulnerability in Snapdragon Wired Infrastructure and Networking Unvalidated Pointer Arguments in Snapdragon Wired Infrastructure and Networking Lead to Memory Corruption Vulnerability Unvalidated Pointer Arguments in Snapdragon Wired Infrastructure and Networking Trustzone BSP Leading to Memory Corruption Unvalidated Pointer Arguments in Snapdragon Wired Infrastructure and Networking Trustzone BSP Leading to Memory Corruption Windows Media Foundation Memory Corruption Vulnerability Uninitialized Memory Vulnerability in Snapdragon Compute, Industrial IOT, and Mobile Devices' DIAG Services Critical Memory Corruption Vulnerability in Snapdragon Platforms Race Condition Vulnerability in Snapdragon Platforms Integer Overflow Vulnerability in Snapdragon Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Wired Infrastructure, and Networking Vulnerability: Arbitrary Network Packet Injection in Snapdragon Devices Pointer Validation Vulnerability in Snapdragon Wired Infrastructure and Networking Potential QSEE Information Leakage in Snapdragon Wired Infrastructure and Networking due to Image Address Dereferencing Vulnerability Stack Out-of-Bounds Write Vulnerability in Snapdragon Devices Denial of Service Vulnerability in Snapdragon Auto and Snapdragon Mobile: UE Reset via Crafted SIB1 or Unsupported SIB Scheduling Memory Corruption Vulnerability in Multiple Snapdragon Platforms Denial of Service Vulnerability in Multiple Snapdragon Platforms Race condition vulnerability in multiple Snapdragon platforms allows out-of-bounds access to global control elements Use After Free Vulnerability in Snapdragon Platforms Null Pointer Access Vulnerability in Snapdragon Auto, Compute, Connectivity, and Mobile: Histogram Type KPI Teardown Critical Vulnerability: Denial of Service Exploit in Snapdragon Chipsets Buffer Over-read Vulnerability in Rx Beacon Frame Parsing in Snapdragon Platforms Improper Validation of P2P IE and NOA Attribute Lengths in Snapdragon Platforms Race Condition Vulnerability in Async FastRPC Session in Snapdragon Compute, Snapdragon Industrial IOT, and Snapdragon Mobile Improper Validation in Snapdragon Platforms Leads to Denial of Service Vulnerability Improper Length Check in SDES Packets Leads to Memory Corruption in Snapdragon Devices Improper Error Handling in Snapdragon Platforms Leads to Denial of Service in Fine Timing Measurement Request (FTMR) Frame Processing Vulnerability: Information Disclosure via RTT Frame Linking with Non-Randomized MAC Address GPU Memstore Mapping Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms when Playing MKV Clips Vulnerability: Untrusted Input Source in Snapdragon Platforms Buffer Over-read Vulnerability in Snapdragon Platforms Untrusted Pointer Dereference Vulnerability in Multiple Snapdragon Platforms Vulnerability: Information Disclosure via RTT Frame Linking with Non-Randomized MAC Address Vulnerability: Out-of-Bound Write in PlayReady Command Processing Vulnerability: Out of Bound Write in TZ Command Handler in Multiple Snapdragon Platforms Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Race condition vulnerability in ioctl events leads to use after free in Snapdragon devices Buffer Overflow Vulnerability in IKEv2 Parameter Update in Snapdragon Platforms Critical Buffer Overflow Vulnerability in QMI Voice API: Snapdragon Devices at Risk Vulnerability: Out of Bound Read in Widevine TA in Multiple Snapdragon Platforms Unvalidated Prefix Size Leads to Out of Bound Write Vulnerability in Snapdragon Platforms Use After Free Vulnerability in Camera Thread Manager of Snapdragon Platforms Arithmetic Overflow Vulnerability in Snapdragon Platforms Improper Subtype Check Leading to Denial of Service in Snapdragon Devices Shared Memory Buffer Permission Vulnerability Critical Buffer Overflow Vulnerability in Snapdragon Platforms: Exploiting Non-Standard Video Clips Elevation of Privilege Vulnerability in Diagnostics Hub Standard Collector Unencrypted Wi-Fi Frame Authentication Vulnerability in Snapdragon Devices Vulnerability: Information Disclosure via Mismatched AMSDU Frame Addresses in Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms' DRM Critical Integer Overflow Vulnerability in Snapdragon Consumer IOT, Industrial IOT, Voice & Music Integer Overflow Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms GPU Driver Use After Free Vulnerability Windows State Repository Service Elevation of Privilege Vulnerability Windows Error Reporting Manager File and Folder Link Handling Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in Diagnostics Hub Standard Collector Windows State Repository Service Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Push Notification Service Elevation of Privilege Vulnerability Windows Storage Service Elevation of Privilege Vulnerability Windows Runtime Object Handling Elevation of Privilege Vulnerability DirectX Memory Handling Vulnerability Windows GDI Information Disclosure Vulnerability Arbitrary File Upload Vulnerability in Progress Telerik UI for Silverlight LDAP Server Credentials Disclosure in Sonatype Nexus Repository Manager Stored XSS Vulnerability in JetBrains Space Chats Windows GDI Object Memory Handling Elevation of Privilege Vulnerability Directory Traversal Vulnerability in UPS Adapter CS141 before 1.90 Win32k Kernel-Mode Object Handling Elevation of Privilege Vulnerability Directory Traversal Vulnerability in i-net Clear Reports, HelpDesk, and PDFC Arbitrary Action Exploit: XSS Vulnerability in LibreHealth EMR v2.0.0 SQL Injection Vulnerability in LibreHealth EMR v2.0.0 Allows Database Enumeration by Low-Privilege Authenticated Users Systemic CSRF Vulnerability in LibreHealth EMR v2.0.0 Local File Inclusion Vulnerability in LibreHealth EMR v2.0.0 Windows State Repository Service Elevation of Privilege Vulnerability Unrestricted File Access in WebCLI of Wind River VxWorks CRLF Injection Vulnerability in phpMyAdmin 5.0.2 Privilege Escalation Vulnerability in Zoom IT Installer for Windows Incorrect Access Control in Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 TP-Link Cloud Cameras Authentication Bypass Vulnerability (CNVD-2020-04855) Privilege Escalation via Hard Links in ESET Antivirus and Antispyware Module Information Leakage: Remote Retrieval of Serial Number on Bell HomeHub 3000 SG48222070 Devices Cross-Site Scripting (XSS) Vulnerability in Bell HomeHub 3000 SG48222070 Devices Technicolor TC7337 8.89.17 Backup File Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Information Disclosure Vulnerability in Microstrategy Web 10.4 Arbitrary File Upload Vulnerability in Microstrategy Web 10.4 Admin Panel SSRF and File Leakage Vulnerability in Microstrategy Web 10.4 Server-Side Request Forgery (SSRF) Vulnerability in Microstrategy Web 10.4 Stored XSS Vulnerability in Microstrategy Web 10.4 Allows Creation of Malicious Dashboards Path Traversal Vulnerability in LimeSurvey FileManager Stored XSS Vulnerability in LimeSurvey Survey Groups Stored XSS in pfSense WebGUI via User Full Name Parameter Arbitrary File Ingestion Vulnerability in MISP (CVE-2021-XXXX) Elevation of Privilege Vulnerability in Microsoft Store Runtime OpenVPN Access Server XML Entity Expansion (XEE) DoS Vulnerability Cleartext Credential Retrieval Vulnerability in Deskpro Information Disclosure Vulnerability in Deskpro API Endpoint Privilege Escalation and Information Leakage in Deskpro API Endpoints Privilege Escalation and Information Leakage in Deskpro Remote Code Execution Vulnerability in Deskpro Zoom Client for Meetings on macOS Vulnerability: Local Privilege Escalation via runwithroot XML Markup Remote Code Execution Vulnerability Unprompted Microphone and Camera Access Vulnerability in Zoom Client for Meetings on macOS Symbolic Link Attack on enumusb.reg via Support Assistant in NCP Secure Enterprise Client Unrestricted File Upload Vulnerability in Concrete5 before 8.5.3 Microsoft SharePoint Server Spoofing Vulnerability Hard-coded Credentials Vulnerability in NVIDIA DGX Servers' AMI BMC Firmware Vulnerability: Information Disclosure in NVIDIA DGX-1 BMC Firmware Cross-Site Request Forgery (CSRF) Vulnerability in NVIDIA DGX-1 BMC Firmware Vulnerability: Remote Code Execution in NVIDIA DGX-1 Servers with BMC Firmware Vulnerability: Weak Cipher Usage in NVIDIA DGX Servers' BMC Firmware Vulnerability in NVIDIA DGX Servers: Insecure RSA 1024 Public Key Validation in AMI BMC Firmware Default SNMP Community Strings Vulnerability in NVIDIA DGX Servers Windows Runtime Object Handling Elevation of Privilege Vulnerability Arbitrary OS Command Execution in Zen Load Balancer 3.10.1 via Manage::Certificates Absolute Path Traversal Vulnerability in Zen Load Balancer 3.10.1 Privilege Escalation via Named Pipe Interception in Docker Desktop on Windows Uninitialized Object Information Disclosure Vulnerability in Foxit Reader and PhantomPDF Uninitialized Data Leak Vulnerability in Linux Kernel's slc_bump Arbitrary Code Execution in Sprecher SPRECON-E Firmware Arbitrary Bank Transaction ID Bypass in NAB Transact Extension for WooCommerce Relative Path Vulnerability in Slack Nebula through 1.1.0 Allows Code Execution as Root User Stored XSS Vulnerability in FACT 3 via Localhost Web Request Windows Media Foundation Memory Corruption Vulnerability Insecure Encryption: Zoom Client for Meetings Uses ECB Mode for Video and Audio Encryption GnuTLS DTLS Client Vulnerability: Lack of Randomness in Negotiation Heap-based Buffer Overflow in Sophos XG Firewall v17.5 MR11 and Older: Remote Code Execution Vulnerability GitLab Workhorse Bypass Vulnerability: NuGet Package and File Disclosure GitLab Workhorse Bypass: Job Artifact Uploads and File Disclosure via Request Smuggling Untrusted Search Path Vulnerability in Malwarebytes AdwCleaner 8.0.3 Allows Arbitrary Code Execution XSS Vulnerability in WP Lead Plus X Plugin Allows Arbitrary JavaScript Execution Arbitrary JavaScript Upload Vulnerability in WP Lead Plus X Plugin Windows Runtime Object Handling Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in LearnPress Plugin for WordPress Stored XSS in IMPress for IDX Broker WordPress Plugin Allows Creation of Administrator-Level Accounts Unauthenticated Remote Attackers Can Escalate Privileges in Rank Math Plugin for WordPress Arbitrary URI Creation Vulnerability in Rank Math WordPress Plugin Stored XSS in Contact Form 7 Datepicker Plugin through 2.6.0 for WordPress Unauthenticated Remote Code Execution in Zoho ManageEngine ADSelfService Plus Privilege Escalation via SDDisk2k.sys Driver in WinMagic SecureDoc v8.5 and Earlier Win32k.sys Elevation of Privilege Vulnerability Arbitrary Kernel Memory Write Vulnerability in WinMagic SecureDoc v8.5 and Earlier Out-of-bounds Write Vulnerability in libfreerdp/codec/planar.c Out-of-bounds Read Vulnerability in FreeRDP Integer Overflow Vulnerability in libfreerdp/gdi/region.c Out-of-bounds Write Vulnerability in libfreerdp/codec/interleaved.c Out of Bounds Read Vulnerability in libfreerdp/cache/bitmap.c Out-of-bounds Read Vulnerability in FreeRDP versions > 1.1 through 2.0.0-rc4 Arbitrary File Read Vulnerability in Zoho ManageEngine OpManager Stack-Based Buffer Overflow in conv_bitmap via Long Line in Bitmap File Open Redirect Vulnerability in Grav CMS Memory Object Handling Vulnerability in Microsoft Graphics Components Blind SQL Injection Vulnerability in Chop Slider 3 WordPress Plugin Arbitrary Code Execution via Directory Traversal in Zoho ManageEngine DataSecurity Plus Default Admin Credentials Bypass in Zoho ManageEngine DataSecurity Plus Sensitive Information Disclosure in Ivanti Workspace Control with SCCM Integration Remote Code Execution via Malicious .docx File in ONLYOFFICE Document Server 5.5.0 XML Injection Vulnerability in ONLYOFFICE Document Server 5.5.0 Remote Code Execution via Malicious .docx File in ONLYOFFICE Document Server 5.5.0 SQL Injection Vulnerability in ONLYOFFICE Document Server 5.5.0 via Websocket API Out-of-Bounds Reads in SGI Image File Parsing in Pillow through 7.0.0 Unauthenticated Control and Data Exposure Vulnerability in Tata Sonata Smart SF Rush 1.12 Devices Windows Common Log File System Driver Elevation of Privilege Vulnerability XML External Entity (XXE) Injection Vulnerability in TechSmith SnagIt Authentication Bypass Vulnerability in 3xLOGIC Infinias eIDC32 2.213 Devices Backdoor Account Vulnerability in OpsRamp Gateway Arbitrary File Upload Vulnerability in Project Worlds Official Car Rental System Multiple SQL Injection Vulnerabilities in Project Worlds Official Car Rental System 1 Remote Code Execution Vulnerability in SuperWebMailer 7.21.0.01526 via Language Parameter in mailingupgrade.php Information Disclosure Vulnerability in PRTG Network Monitor Remote Code Execution via CSV Injection in Search Meter Plugin for WordPress Vulnerability: Remote Code Execution with Root Privileges on NETGEAR Orbi Tri-Band Business WiFi Devices Windows Runtime Elevation of Privilege Vulnerability Unauthenticated Remote Leak of Sensitive Wi-Fi Information in NETGEAR Orbi Tri-Band Business WiFi Devices Unauthenticated Remote Write Vulnerability in NETGEAR Orbi Tri-Band Business WiFi Devices Elevation of Privilege Vulnerability in ManageEngine ADSelfService Plus CSRF Vulnerability in Castle Rock SNMPc Online 12.10.10 Sensitive Information Disclosure in Castle Rock SNMPc Online 12.10.10 Sensitive Credential Information Disclosure in Castle Rock SNMPc Online 12.10.10 Multiple Persistent and Reflected XSS Vulnerabilities in Castle Rock SNMPc Online 12.10.10 Clear-text Transmission of Username and Password in Castle Rock SNMPc Online 12.10.10 Use-after-free vulnerability in libgpac.a in GPAC 0.8.0 Windows Runtime Object Handling Elevation of Privilege Vulnerability Local Privilege Escalation: Cleartext Password Exposure in NCH Express Invoice 7.25 Configuration File Privilege Escalation Vulnerability in NCH Express Invoice 7.25 Stack-based Out-of-Bounds Write Vulnerability in Linux Kernel's mpol_parse_str Function (CID-aa9f7d5172fa) Windows Runtime Object Handling Elevation of Privilege Vulnerability User Enumeration Vulnerability in Argo v1.5.0 Remote File Disclosure Vulnerability in Chadha PHPKB 9.0 Enterprise Edition Windows Runtime Object Handling Elevation of Privilege Vulnerability Arbitrary SSL Certificate Acceptance Vulnerability in Pulse Secure Pulse Connect Secure (PCS) Pulse Secure Pulse Connect Secure (PCS) OS Command Injection Vulnerability Pulse Secure Pulse Connect Secure (PCS) Vulnerability: Applet TCP Server Accepts Local Connections GET-based XSS Reflected Vulnerability in Plesk Obsidian 18.0.17 Reflected XSS Vulnerability in Plesk Onyx 17.8.11 via GET Parameter Information Disclosure Vulnerability in DNN 9.5 Activity-Feed/Messaging/Userid/Message Center Module CIPPlanner CIPAce 9.1 Build 2019092801 XXE Vulnerability Unauthenticated API Request Vulnerability in CIPPlanner CIPAce 9.1 Build 2019092801 Unauthenticated Access to Customer Data and Application Paths in CIPPlanner CIPAce 9.1 Build 2019092801 Insecure Direct Object Reference Vulnerability in CIPPlanner CIPAce 9.1 Build 2019092801 Elevation of Privilege Vulnerability in StartTileData.dll Information Disclosure: Server Name Exposure in CIPPlanner CIPAce 9.1 Build 2019092801 Unauthenticated Information Disclosure in CIPPlanner CIPAce 9.1 Build 2019092801 Unauthenticated API Request Vulnerability in CIPPlanner CIPAce 9.1 Build 2019092801 Unauthenticated HTML Injection Leading to Email Spoofing in CIPPlanner CIPAce 9.1 Unauthenticated API Request Stack Error Disclosure in CIPPlanner CIPAce 9.1 Build 2019092801 CIPPlanner CIPAce 9.1 Build 2019092801 - Unauthenticated API Request Path Disclosure Vulnerability CIPPlanner CIPAce 9.1 Build 2019092801 Directory Traversal Vulnerability SQL Injection Vulnerability in CIPPlanner CIPAce 9.1 Build 2019092801 Arbitrary Code Execution via ASHX File Upload in CIPPlanner CIPAce 9.1 Build 2019092801 CIPPlanner CIPAce 6.80 Build 2016031401 - GetDistributedPOP3 Username and Password Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Samsung Fingerprint Trustlet (SVE-2019-16587, SVE-2019-16588, SVE-2019-16589) Unauthorized Access to Applications in Secure Folder via Floating Icons Clipboard Content Leakage on Locked Samsung Devices Type Confusion Vulnerability in Samsung Mobile Devices with P(9.0) and Q(10.0) Software (SVE-2020-16599) Out-of-bounds read vulnerability in Samsung mobile devices with TEEGRIS software Sensitive Information Exposure in NFC Logs on Samsung Mobile Devices (SVE-2019-16359) Secure Folder Application Preview Information Leakage Vulnerability Notification Exposure Vulnerability in Samsung Mobile Devices with P(9.0) and Q(10.0) Software NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints NULL pointer dereference in stv06xx subsystem of Linux kernel (CVE-2020-12345) ASP.NET Core Denial of Service Vulnerability Cross-Origin PostMessage Vulnerability in xdLocalStorage Cross-Origin Communication Vulnerability in xdLocalStorage Unbounded Memory Allocation Vulnerability in Netty's ZlibDecoders Elevation of Privilege Vulnerability in Mids' Reborn Hero Designer 2.6.0.7 Insecure Update Process and File Tampering Vulnerability in Mids' Reborn Hero Designer 2.6.0.7 Hard-coded RC4 Cipher Key Vulnerability in NVIDIA DGX Servers' BMC Firmware Weak Pseudo-Random Number Generator in NVIDIA DGX Servers' BMC Firmware SSL Certificate Validation Vulnerability in THOMSON THT741FTA and Philips DTR3502BFTA Set-Top Boxes Hardcoded TELNET Service Vulnerability in Thomson and Philips Set-Top Boxes Deserialization Vulnerability in FasterXML Jackson-databind 2.x Windows Security Health Service Elevation of Privilege Vulnerability Deserialization Vulnerability in FasterXML Jackson-databind 2.x Vulnerability in Arista's Cloud EOS VM / vEOS Router Code with TCP MSS Options Configuration Vulnerability: Unauthorized Access to Diagnostic and Configuration Functionalities in AvertX IP Cameras Default password vulnerability in AvertX Auto focus Night Vision HD Cameras Vulnerability: User Enumeration via Failed Login Attempts in AvertX IP Cameras Cross-Site Scripting (XSS) Vulnerabilities in EJBCA Public Web and Certificate/CRL Download Servlets Cross Site Request Forgery (CSRF) Vulnerability in EJBCA CA UI Bypassing Remote Protocol Restrictions in EJBCA External Command Certificate Validator Allows Upload of Malicious Scripts Windows Defender Arbitrary File Deletion Elevation of Privilege Vulnerability Insecure Deserialization Vulnerability in EJBCA Privilege Escalation and Remote Code Execution via CA UI Error State Unquoted Service Path Vulnerability in Zscaler Client Connector Stack-Based Buffer Overflow in Zscaler Client Connector for Windows DLL Hijacking Vulnerability in Zscaler Client Connector for Windows Insufficient Validation of RPC Clients in Zscaler Client Connector Prior to 3.1.0 Memory Leak Vulnerability in B&R Automation Runtime TFTP Service Windows Runtime Object Handling Elevation of Privilege Vulnerability Local File Inclusion Vulnerability in B&R SiteManager Versions <9.2.620236042 Allows Unauthorized Access to Sensitive Files Authenticated Local File Inclusion Vulnerability in B&R SiteManager <9.2.620236042 Information Disclosure Vulnerability in B&R GateManager Allows Unauthorized Access to Foreign Domain Device Information Authenticated User Information Disclosure Vulnerability in B&R GateManager GateManager Denial of Service Vulnerability Log Information Disclosure Vulnerability in B&R GateManager Versions <9.0.20262 and <9.2.620236042 BACapp Dissector Recursion Crash Vulnerability Persistent Access Vulnerability in GitLab CE and EE 8.15 through 12.9.2 Windows Clipboard Service Elevation of Privilege Vulnerability Denial of Service Vulnerability in iXsystems FreeNAS and TrueNAS Unauthenticated Remote Code Execution in SaltStack Salt Arbitrary Directory Access Vulnerability in SaltStack Salt TLS Termination Proxy Vulnerability in Varnish Cache SQLite Denial of Service Vulnerability via Malformed Window-Function Query Use-after-free vulnerability in SQLite ALTER TABLE implementation Insecure Handling of Shared Secret Keys in CA API Developer Portal 4.3.1 and Earlier Allows Authorization Bypass Privileged User Access Control Flaw in CA API Developer Portal 4.3.1 and Earlier Windows Clipboard Service Elevation of Privilege Vulnerability Access Control Flaw in CA API Developer Portal 4.3.1 and Earlier Allows Privileged Users to View Restricted Sensitive Information Access Control Flaw in CA API Developer Portal 4.3.1 and Earlier: Privileged User Data Exposure and Manipulation Vulnerability Cross-Origin Resource Sharing Vulnerability in CA API Developer Portal 4.3.1 and Earlier Open Redirect Vulnerability in CA API Developer Portal 4.3.1 and Earlier Insecure HomeRedirect Handling in CA API Developer Portal 4.3.1 and Earlier: Open Redirect Vulnerability Open Redirect Vulnerability in CA API Developer Portal 4.3.1 and Earlier Access Control Flaw in CA API Developer Portal 4.3.1 and Earlier Allows Privilege Escalation Xirlink Camera USB Driver Invalid Descriptor Vulnerability Missing save/restore functionality for power management registers in powerpc/kernel/idle_book3s.S (CID-53a712bae5dd) Remote Code Execution Vulnerability in Microsoft Graphics Components Unrestricted Access to TeamPass Administrator Privileges via REST API Unauthenticated User Manipulation of Responsive Polls in WordPress Variable Reuse Vulnerability in Cerner Medico 26.00: Potential Data Corruption Risk Local Buffer Overflow in Cerner Medico 26.00 (Issue 1 of 3) Local Buffer Overflow in Cerner Medico 26.00 (Issue 2 of 3) Local Buffer Overflow in Cerner Medico 26.00 Privilege Escalation in Castel NextGen DVR v1.0.0 through Adminstrator/Users/Edit/:UserId Functionality Authorization Bypass Vulnerability in Castel NextGen DVR v1.0.0 Clear-text Storage of SMTP Credentials in Castel NextGen DVR v1.0.0 CSRF Vulnerability in Castel NextGen DVR v1.0.0 Allows Unauthorized State Changes Timing Side Channel Vulnerability in AT91bootstrap before 3.9.2 Allows Arbitrary Code Execution Insecure Key Handling in AT91bootstrap Insecure Plugin Repository Access in JetBrains GoLand Information Disclosure Vulnerability in JetBrains TeamCity Unmasked Password Vulnerability in JetBrains TeamCity Persistent Application State in JetBrains TeamCity before 2019.2.1 Unauthorized Import of Settings.kts File in JetBrains TeamCity Windows Runtime Elevation of Privilege Vulnerability Untrusted Host Resolution Vulnerability in JetBrains IntelliJ IDEA Content Spoofing Vulnerability in JetBrains Hub OAuth Error Message Vulnerability: Unauthorized Access to DB Export in JetBrains YouTrack Denial of Service Vulnerability in JetBrains YouTrack before 2020.1.659 via Malformed TIFF File Attachment Inclusion of Apple Notarization Service Credentials in JetBrains PyCharm 2019.2.5 and 2019.3 on Windows Stored XSS Vulnerability in Combodo iTop Menu Shortcut Reflective XSS Vulnerability in Combodo iTop Dashboard IDs Command Injection Vulnerability in Titan SpamTitan 7.07 Remote Code Execution Vulnerability in Titan SpamTitan 7.07 Windows Defender Arbitrary File Deletion Vulnerability Arbitrary File Retrieval Vulnerability in Titan SpamTitan 7.07 CSRF Vulnerability in ProVide User Web Interface Allows Unauthorized Filesystem Access Multiple Stored and Reflected XSS Vulnerabilities in ProVide User Web Interface HTTP Response Splitting Vulnerability in ProVide (formerly zFTPServer) through 13.1 Multiple Stored and Reflected XSS Vulnerabilities in ProVide (formerly zFTPServer) Admin Web Interface Arbitrary Certificate Loading and File Overwrite Vulnerability in ProVide CSRF Vulnerability in ProVide Admin Interface Allows Unauthorized Actions Windows Symlink and Junction Vulnerability in ProVide (formerly zFTPServer) Privilege Escalation via /ajax/SetUserInfo Messages Parameter in ProVide CRLF Injection and HTTP Response Splitting Vulnerability in cpp-httplib Visual Studio Code Python Extension Configuration File Remote Code Execution Vulnerability Vulnerability: Unauthorized Access to Kong Admin API Authenticated Stored XSS in Stormshield SNS 3.8.0 Allows SSL VPN Credential Theft Cross-Site Scripting (XSS) Vulnerability in Open Upload 0.4.3 via index.php?action=u and filename Field Timing Side-Channel Vulnerability in wolfSSL 4.3.0's wc_ecc_mulmod_ex Function XSS Vulnerability in Eten PSG-6528VM 1.1 Devices via System Contact or System Location End-of-Support Access Control Vulnerability in Panasonic P99 Devices Insecure Permissions in Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro Devices Multiple SQL Injection Vulnerabilities in Programi 014 31.01.2020 Cleartext HTTP Software Update Vulnerability Weak and Guessable Static Encryption Key Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability Default Administrative Access with Weak Password Uninitialized Pointer Vulnerability in libsixel 1.8.6 Arbitrary Code Execution via Lua Bytecode in Dungeon Crawl Stone Soup (DCSS) 0.25 and earlier Hardcoded RSA Private Keys in Cellebrite UFED: A Forensic Extraction Vulnerability HTTP Request Smuggling Vulnerability in OpenResty Potential Privilege Escalation in Linux Kernel's snd_ctl_elem_add Function Cross-Site Scripting (XSS) Vulnerability in AlgolPlus Advanced Order Export For WooCommerce Plugin 3.1.3 for WordPress Session Impersonation Vulnerability in DAViCal Andrew's Web Libraries (AWL) Insecure Generation of Long-Term Session Cookies in DAViCal Andrew's Web Libraries (AWL) Content-Type Spoofing Vulnerability in Microsoft Power BI Report Server Multiple XSS Vulnerabilities in Media Library Assistant Plugin for WordPress Local File Inclusion Vulnerability in Media Library Assistant Plugin for WordPress Root Access Vulnerability in Spirent TestCenter and Avalanche Appliance Admin Interface Firmware Cross-Site Scripting (XSS) Vulnerability in CyberSolutions CyberMail 5 or Later via ACTION Parameter in cgi-bin/go Projective Coordinates Leak in ECC Private-Key Operations Directory Traversal Vulnerability in GNOME file-roller through 3.36.1 Cross-Site Scripting (XSS) Vulnerability in Zimbra 9.0 Web Client Allows Remote Code Execution Directory Traversal Vulnerability in Snap Creek Duplicator Plugin for WordPress Missing Memory Barriers in Read-Write Unlock Paths in Xen: Denial of Service and Privilege Escalation Vulnerability Jet Database Engine Remote Code Execution Vulnerability Unprivileged Guest Information Disclosure Vulnerability in Xen Xenoprof Privilege Escalation and Denial of Service Vulnerability Denial of Service Vulnerability in Xen's GNTTABOP_copy Denial of Service Vulnerability in Xen's GNTTABOP_map_grant Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in Pandora FMS 7.0 NG <= 746 Jet Database Engine Remote Code Execution Vulnerability Unauthenticated Scripting Vulnerability in Sonatype Nexus Repository Manager Out-of-Bounds Read Vulnerability in OpenEXR Integer Overflow Vulnerability in OpenEXR Jet Database Engine Remote Code Execution Vulnerability Out-of-Bounds Read Vulnerability in OpenEXR's RLE Uncompression Out-of-Bounds Read Vulnerability in OpenEXR's Huffman Uncompression Out-of-Bounds Read and Write Vulnerability in OpenEXR's DwaCompressor Out-of-bounds Read and Write Vulnerability in OpenEXR Out-of-Bounds Write Vulnerability in OpenEXR's copyIntoFrameBuffer Off-by-one Error in OpenEXR's ImfXdr.h Read Function Authenticated Command Injection in sendfax.php in iFAX AvantFAX and HylaFAX Enterprise Web Interface Data-leak issue in Istio and Envoy allows sensitive data to be sent to the wrong server Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Microsoft Office SharePoint XSS Vulnerability Command Injection Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Microsoft SharePoint Server Elevation of Privilege Vulnerability Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Authentication Bypass Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Routers Windows GDI Memory Disclosure Vulnerability Remote Code Execution Vulnerability in NETGEAR R7800 Devices Reflected XSS Vulnerability in NETGEAR JGS516PE Devices TLS Certificate Private Key Disclosure in NETGEAR R8900, R9000, RAX120, and XR700 Devices Use-After-Free Vulnerability in WebKitGTK and WPE WebKit (CVE-2021-30663) Improper Session Timeout Configuration in JetBrains Space Insecure Password Authentication Implementation in JetBrains Space (through 2020-04-22) Mitel MiCollab AWV Authentication Bypass Vulnerability Mitel MiCollab AWV Directory Traversal Vulnerability Privilege Escalation Vulnerability in Z-Cron 5.6 Build 04 ChakraCore Scripting Engine Remote Code Execution Vulnerability Arbitrary Code Execution Vulnerability in Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 PHP Code Evaluation Vulnerability in Titan SpamTitan 7.07 Code Injection Vulnerability in Titan SpamTitan 7.07 Incorrect UDP Access Control in Pexip Reverse Proxy and TURN Server Lack of Certificate Validation in MailStore Outlook Add-in Arbitrary Code Execution through Unrestricted File Upload in Sourcefabric Newscoop 4.4.7 Unsafe ASP.Net web controls in Microsoft SharePoint Server can lead to remote code execution OpenVPN 2.4.x Vulnerability: Denial of Service via Injected Data Channel Packet Arbitrary Command Execution via Profile Photo Upload in qdPM 9.1 SQL Injection Vulnerability in Rukovoditel 2.5.2 Stored XSS Vulnerability in Rukovoditel 2.5.2 via Copyright Text Input Host Header Injection Vulnerability in qdPM 9.1: Spoofing and Malicious Website Redirection Arbitrary File Upload Vulnerability in Rukovoditel 2.5.2 SQL Injection Vulnerability in Rukovoditel 2.5.2 due to Improper Handling of reports_id Parameter Arbitrary File Upload and Command Execution Vulnerability in Rukovoditel V2.5.2 Maintenance Mode CSRF Vulnerability in Rukovoditel 2.5.2 Allows Privilege Escalation Arbitrary PHP File Injection Vulnerability in Rukovoditel 2.5.2 Remote Code Execution Vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 SQL Injection Vulnerability in Rukovoditel 2.5.2 Weak Password Storage in Rukovoditel 2.5.2 Stored XSS Vulnerability on Rukovoditel 2.5.2 User Access Groups Page Stored XSS Vulnerability on Dolibarr 10.0.6 Admin Tools Audit Page CSRF Tokens Vulnerability in Dolibarr 10.0.6: Cross-User Session Exploitation Unencrypted Password-Protected Notes Vulnerability in Memono Version 3.8 Privilege Escalation Vulnerability in GOG Galaxy 1.2.67 Uninitialized RGB Stack Variable Information Leakage Vulnerability in ColorOS Elevated Privileges Vulnerability in com.coloros.codebook V2.0.0_5493e40_200722 Backup and Restore SDK Microsoft Office SharePoint XSS Vulnerability Arbitrary System Command Execution Vulnerability in QualityProtect V2.0 Arbitrary File Write Vulnerability in OvoiceManager (com.oppo.ovoicemanager V2.0.1) Unvalidated Parameter Input Vulnerability in charging_limit_current_write and charging_limit_time_write Functions Unvalidated Parameter Length in mp2650_data_log_write Function Unvalidated Parameter Length in proc_fastchg_fw_update_write Function Unvalidated Input in proc_work_mode_write Function Leads to Vulnerability Information Leak Vulnerability in OPPO Android Phones with MTK Chipset and Android 8.1/9/10/11 Versions Remote Cross-Site Scripting (XSS) Vulnerability in Micro Focus ArcSight Management Center Remote Cross-Site Scripting (XSS) Vulnerability in Micro Focus ArcSight Logger Versions 6.6.1 to 7.0.1 Windows State Repository Service Elevation of Privilege Vulnerability Remote Unauthorized Information Disclosure Vulnerability in Micro Focus ArcSight Management Center Remote Unauthorized Information Disclosure Vulnerability in Micro Focus ArcSight Management Center Unauthenticated Information Disclosure Vulnerability in Micro Focus Verastream Host Integrator (VHI) Product CVE-2020-11843 Incorrect Authorization Vulnerability in Micro Focus Container Deployment Foundation Component Arbitrary Web Script Injection Vulnerability in Micro Focus Service Manager Critical Denial of Service Vulnerability in Micro Focus ArcSight Management Center Critical Elevation of Privilege and Unauthorized Access Vulnerability in Micro Focus Identity Manager Windows State Repository Service Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in Micro Focus ArcSight Logger (Versions < 7.1.1) DKIM Key Injection Vulnerability in Micro Focus Secure Messaging Gateway (SMG) Arbitrary Code Execution Vulnerability in Multiple Micro Focus Products Arbitrary Code Execution Vulnerability in Micro Focus Products Authorization Bypass Vulnerability in Micro Focus Operation Bridge Reporter (OBR) 10.40 and Earlier Critical Arbitrary Code Execution Vulnerability in Micro Focus Operation Bridge Reporter (OBR) v10.40 and Earlier Authorization Bypass Vulnerability in Micro Focus Operation Bridge Reporter (OBR) 10.40 and Earlier Privilege Escalation Code Execution Vulnerability in Micro Focus Operation Bridge Manager and Operation Bridge (containerized) Windows State Repository Service Elevation of Privilege Vulnerability Remote Cross-Site Scripting (XSS) Vulnerability in Micro Focus ArcSight Logger Versions Prior to 7.1.1 Root Access Vulnerability in Micro Focus Operation Agent Unrestricted Resource Allocation Vulnerability in NetIQ Privileged Account Manager Denial of Service Vulnerability in libEMF (aka ECMA-234 Metafile Library) 1.0.11 Denial of Service Vulnerability in libEMF (aka ECMA-234 Metafile Library) 1.0.11 Out-of-Bounds Memory Access Vulnerability in libEMF Use-after-free vulnerability in libEMF (aka ECMA-234 Metafile Library) 1.0.11 Insecure Temporary File Handling in Audacity Off-Path Attacker Can Block Unauthenticated Synchronization in ntpd Integer Overflow in QEMU ATI VGA Emulation Windows State Repository Service Elevation of Privilege Vulnerability Fabrication Attacks in OpenTrace 1.0 Cloud Functions Subsystem LG Mobile Devices Stack-Based Buffer Overflow Vulnerability LG Mobile Devices with Android OS 8.0-10 Factory Reset Protection Bypass Vulnerability Privilege Escalation Vulnerability in LG Mobile Devices with MTK Chipsets Insecure Initialization of OpenSSL EVP AES-256 CBC Context in Zoom Client for Meetings 4.6.11 Weak Initialization Vector (IV) Usage in Zoom Client for Meetings 4.6.11 Default Password Vulnerability in Jitsi Meet Docker Stack Unauthenticated File Attachment Vulnerability in GNOME Evolution Windows State Repository Service Elevation of Privilege Vulnerability KDE KMail Attachment Vulnerability Array Index Error in MikroTik RouterOS: SUP-12964 Unvalidated Deeplink Handling in O2 Business Android App Allows for Unauthorized Redirects Error Stack Trace Disclosure in Divante Vue Storefront API Race condition vulnerability in Linux kernel 4.19 through 5.6.7 on s390 platform allows for code execution and potential crashes (CID-3f777e19d171) XML External Entity (XXE) Vulnerability in WSO2 Enterprise Integrator 6.6.0: Unintended Network Invocations and SSRF via XML Validator HQL Injection Vulnerability in OpenNMS Horizon and Meridian XSS and SSRF Vulnerability in svg2png 4.1.1 XSS Vulnerability in python-markdown2 through 2.3.8 Unauthenticated Deletion of Usergroups in Joomla! Windows State Repository Service Elevation of Privilege Vulnerability Improper Input Validation in Joomla Usergroup Table Class Leads to Broken ACL Configuration Unauthenticated Usergroup Editing Vulnerability in Joomla! Heap-Based Buffer Over-read in Ming (libming) 0.4.8's decompileIF() Function Heap-Based Buffer Over-read in Ming (libming) 0.4.8's decompileIF() Function IPv4 Tunneling Remote Code Execution Vulnerability Out-of-Bounds Write Vulnerability in Treck TCP/IP Stack IPv4/ICMPv4 Length Parameter Inconsistency Vulnerability IPv6 Out-of-bounds Read Vulnerability in Treck TCP/IP Stack Windows State Repository Service Elevation of Privilege Vulnerability IPv4 Tunneling Double Free Vulnerability Remote Code Execution Vulnerability in Treck TCP/IP Stack IPv6OverIPv4 Tunneling Out-of-bounds Read Vulnerability DHCP Out-of-bounds Read Vulnerability in Treck TCP/IP Stack Integer Overflow in Treck TCP/IP Stack Leads to Out-of-Bounds Write Vulnerability DHCPv6 Out-of-bounds Read Vulnerability in Treck TCP/IP Stack Ethernet Link Layer Integer Underflow in Treck TCP/IP Stack TCP Length Parameter Inconsistency Vulnerability in Treck TCP/IP Stack DHCP '\0' Termination Mishandling in Treck TCP/IP Stack IPv4 Integer Underflow Vulnerability in Treck TCP/IP Stack Windows State Repository Service Elevation of Privilege Vulnerability ICMPv4 Out-of-bounds Read Vulnerability in Treck TCP/IP Stack ICMPv4 Access Control Vulnerability in Treck TCP/IP Stack TCP Out-of-bounds Read Vulnerability in Treck TCP/IP Stack IPv6 Out-of-bounds Read Vulnerability in Treck TCP/IP Stack ARP Out-of-bounds Read Vulnerability in Treck TCP/IP Stack Vulnerability: Unauthorized Telnet Access on Svakom Siime Eye Devices Visual Studio Code Python Extension Workspace Settings Remote Code Execution Vulnerability Command Injection Vulnerability in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14 Privacy Leakage in WiZ Colors A60 1.14.0: Unnecessary Transmission of Local IP Address and Wi-Fi SSID Local Logging of API Credentials in WiZ Colors A60 1.14.0 Clear-text Storage of Wi-Fi Credentials in WiZ Colors A60 1.14.0 Default Root Credentials in Luvion Grand Elite 3 Connect Devices Remote Code Execution Vulnerability in Media Library Assistant Plugin for WordPress Remote Code Execution Vulnerability in Microsoft Excel Software Reflected XSS Vulnerability in GTranslate WordPress Plugin Bypass of Access Restriction for Snap-packaged Applications in Ubuntu's Modified Pulseaudio Subiquity Installer Vulnerability: LUKS Full Disk Encryption Password Logging Vulnerability: Unrestricted Execution of cloud-init on Ubuntu Core Devices Snapd Vulnerability: Privilege Escalation via snapctl user-open Improper Inode Reference Count Management in aufs vfsub_dentry_open() Method Memory Leak DoS Vulnerability in whoopsie's parse_report() Function Password Scrambling Vulnerability in JetBrains TeamCity 2018.2 through 2019.2.1 Remote Code Execution Vulnerability in nDPI SSH Protocol Dissector Registry Filesystem Operations Denial of Service Vulnerability Out-of-Bounds Read Vulnerability in nDPI's SSH Protocol Handling OS Command Injection Vulnerability in Open-AudIT 3.2.2 Discovery Multiple SQL Injections in Open-AudIT 3.2.2 Arbitrary File Upload Vulnerability in Open-AudIT 3.2.2 Cross-Site Scripting (XSS) Vulnerability in Abe (aka bitcoin-abe) Digest Authentication Replay Vulnerability in Squid Unauthenticated API Key Retrieval Vulnerability in Zoho ManageEngine OpManager Heap-Based Buffer Over-read in QEMU 4.1.0's iscsi_aio_ioctl_cb Function Arbitrary File Access Vulnerability in VIVOTEK Network Cameras Improper Input Validation in Microsoft Edge (Chromium-based) Feedback Extension Authenticated Remote Code Execution in VIVOTEK Network Cameras Backdoor Root Account Vulnerability in Rittal PDU and CMCIII Devices Bypassing CLI Menu on Rittal PDU and CMCIII-PU Devices Remote Code Execution Vulnerability in Rittal PDU-3C002DEC and CMCIII-PU-9333E0FB Devices Insecure Permissions Vulnerability in Rittal PDU-3C002DEC and CMCIII-PU-9333E0FB Devices Least Privilege Violation in Rittal PDU-3C002DEC and CMCIII-PU-9333E0FB Devices Insufficient Entropy in Cypress PSoC Creator BLE 4.2 Component Allows MITM Attack during Pairing Heap-Based Buffer Overflow in re2c 1.3's Scanner::fill in parse/scanner.cc Information Leakage Vulnerability in Xiaomi Router R3600 ROM before 1.0.50 due to Unsafe Nginx Configuration Printconfig.dll Elevation of Privilege Vulnerability Xiaomi Router R3600 ROM < 1.0.50 Backup File Extraction Vulnerability Insecure Interface in Xiaomi Router R3600 ROM Allows Sensitive Information Leakage Remote Code Execution Vulnerabilities in Unconfigured IQrouter Web-Panel due to Bash Shell Metacharacter Injection Arbitrary Root Password Change Vulnerability in IQrouter through 3.3.1 Unsecured Root User Access in IQrouter through 3.3.1 Arbitrary Root Password Change Vulnerability in IQrouter Remote Control Vulnerability in IQrouter through 3.3.1: Incorrect Access Control Incorrect Access Control in IQrouter Web-Panel Allows Remote Reading of System Logs Unauthenticated JMX Port Vulnerability in Apache TomEE Windows Error Reporting Manager Elevation of Privilege Vulnerability Apache Camel's JMX Vulnerability: Rebind Flaw Java Deserialization Vulnerability in Apache Camel RabbitMQ Apache Camel Netty Java Deserialization Vulnerability Remote Code Execution Vulnerability in DolphinScheduler 1.2.0 and 1.2.1 with MySQL Connector/J Apache Unomi OGNL Scripting Vulnerability Apache Wicket Unprocessed HTML Template Disclosure Vulnerability Vulnerability: Apache Syncope 2.1.X Flowable Extension Shell Service Tasks Privilege Escalation Remote Code/Command Injection Vulnerability in Apache Airflow Example DAG Insecure Temporary File Handling in Apache Ant 1.10.8 Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Privilege Escalation via SSRF-style Attack in Karaf JMX Authentication Arbitrary Command Injection in Apache Airflow with CeleryExecutor Deserialization Attack via Direct Broker Connection in Apache Airflow Stored XSS Vulnerability in Apache Airflow's Admin Management Screens Apache HTTP Server mod_proxy_uwsgi Info Disclosure and Potential RCE (CVE-XXXX-XXXX) Vulnerability: IP Address Spoofing in Apache HTTP Server Unauthenticated Execution of Potentially Malicious Code in Apache NetBeans Apache Batik 1.13 Server-Side Request Forgery Vulnerability Server-Side Request Forgery Vulnerability in Apache XmlGraphics Commons 2.4 and Earlier Authentication Bypass Vulnerability in Apache Shiro with Spring Dynamic Controllers Windows Feedback Hub Elevation of Privilege Vulnerability Camera Plugin Vulnerability Allows Unauthorized Access to Captured Photos in Cordova (Android) Applications XML External Entity (XXE) Injection Vulnerability Apache HTTP Server HTTP/2 Module Memory Pool Vulnerability Exploiting Server-Side Template Injection and Arbitrary File Disclosure in Camel Templating Components Dubbo Deserialization Remote Code Execution Vulnerability HTTP/2 Request Denial of Service Vulnerability in Apache Tomcat Inconsistent User Visibility in Apache Guacamole 1.2.0 and Earlier Vulnerability: JMX Re-bind Regression in Apache ActiveMQ Unsanitized File Processing Vulnerability in Rockwell Automation Software Remote Code Execution Vulnerability in Microsoft SharePoint Unvalidated Serialized Data Deserialization Vulnerability in Ignition Gateway File System Traversal and Code Execution Vulnerability in Rockwell Automation Software Multiple Stack-Based Buffer Overflow Vulnerabilities in Advantech WebAccess Node File System Traversal Vulnerability in Rockwell Automation Software Authentication Bypass Vulnerability in Ignition Gateway (Versions prior to 8.0.10 and 7.9.14) Denial-of-Service Vulnerability in FactoryTalk Linx and Related Software Multiple Relative Path Traversal Vulnerabilities in Advantech WebAccess Node Deserialization Vulnerability in Mitsubishi Electric MC Works64, MC Works32, and ICONICS GenBroker ClearText Communication Vulnerability in Baxter ExactaMix EM 2400 and EM1200 Systems Deserialization Vulnerability in Mitsubishi Electric MC Works64, MC Works32, and ICONICS GenBroker Windows Now Playing Session Manager Elevation of Privilege Vulnerability Multiple Relative Path Traversal Vulnerabilities in Advantech WebAccess Node Versions 8.4.4 and Prior, 9.0.0 Remote Code Execution and Denial-of-Service Vulnerability in Mitsubishi Electric MC Works64, MC Works32, ICONICS GenBroker64, GenBroker32 Hard-coded Administrative Account Credentials in Baxter ExactaMix EM 2400 & EM 1200 Remote SQL Injection Vulnerability in Mitsubishi Electric MC Works64, MC Works32, and ICONICS GenBroker SQL Injection Vulnerability in Advantech WebAccess Node Improper Deserialization Vulnerability in Mitsubishi Electric MC Works64, MC Works32, and ICONICS GenBroker Hard-coded administrative account credentials in Baxter ExactaMix EM 2400 & EM 1200 GE Grid Solutions Reason RT Clocks Firmware Vulnerability: Unauthenticated Command Execution and Configuration Modification Out-of-Bounds Vulnerability in Advantech WebAccess Node Stack-Based Buffer Overflow in WebAccess Node Version 8.4.4 and Prior: Remote Code Execution Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Vulnerability: Unrestricted Access to Operating System and Startup Script Alteration in Baxter ExactaMix EM 2400 and ExactaMix EM1200 Cross-Site Scripting (XSS) Vulnerability in OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and Earlier Versions Improper Validation Vulnerability in Advantech WebAccess Node Unencrypted User Credentials Logged in Philips IntelliBridge Enterprise Unrestricted USB Interface Access Vulnerability in Baxter ExactaMix EM 2400 and EM1200 XML External Entity (XXE) Vulnerability in Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 Multiple Relative Path Traversal Vulnerabilities in Advantech WebAccess Node Information Disclosure Vulnerability in FactoryTalk View SE Vulnerability: Unauthorized Data Interaction in FactoryTalk View SEA Remote Remote Code Execution (RCE) Vulnerability in FactoryTalk View SE Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Vulnerability: Disabling Internal Gateway Firewall via VLAN Configuration Arbitrary Code Execution Vulnerability in FactoryTalk View SE Unencrypted Database Storage of Sensitive Data in Baxter ExactaMix EM Systems Unauthenticated Remote Code Execution in Rockwell Automation FactoryTalk Services Platform Vulnerability: SQL Injection in EDS Subsystem Hard-coded Service Password Vulnerability in Baxter PrismaFlex and PrisMax Devices Lack of Data-in-Transit Encryption in Baxter PrismaFlex and PrisMax Devices Lack of Data-in-Transit Encryption in Baxter PrismaFlex and PrisMax Devices Memory Corruption Vulnerability in EDS Subsystem: Denial-of-Service Exploit Hardcoded Password Vulnerability in Baxter Sigma Spectrum Infusion Pumps Windows Mobile Device Management Diagnostics Junction Handling Elevation of Privilege Vulnerability Unauthenticated Clear-Text Communication Vulnerability in Sigma and Baxter Spectrum Infusion Systems Baxter Spectrum WBM Telnet Command-Line Interface Vulnerability Arbitrary File Write Vulnerability in Opto 22 SoftPAC Project Version 9.6 and Prior Persistent FTP Service Vulnerability in Baxter Spectrum WBM Hard-coded Credentials in Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) Telnet Service Firmware Signature Verification Bypass in Opto 22 SoftPAC Project Hard-coded Credentials Vulnerability in Baxter Spectrum WBM Lack of Data-in-Transit Encryption in Phoenix Hemodialysis Delivery System File Descriptor Leakage in DBusServer Spoofing Vulnerability in Microsoft SharePoint Server Allows Cross-Site Scripting Attacks Race Condition Vulnerability in SQLiteODBC 0.9996-4 Allows Root Privilege Escalation Sensitive Account Information Disclosure in CentralAuth Extension for MediaWiki Grafana Annotation Popup XSS Vulnerability Certificate-Based Authorization Bypass in Unisys Stealth Versions 3.4.x-5.x Reflected XSS Vulnerability in Catch Breadcrumb Plugin and Affected Themes Multiple XSS Vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 Ceph RGW Process Crash Vulnerability Windows SMBv3 Information Disclosure Vulnerability Insecure Communication in Nitrokey FIDO U2F Firmware Allows Secret Extraction and Firmware Manipulation Arbitrary File Overwrite Vulnerability in OpenSSH 8.2 SCP Client Homoglyph Spoofing Vulnerability in Postfix 2.10.1-7 Package Remote Code Execution Vulnerability in Teeworlds 0.7.x Server Password Change Vulnerability in Pilz PMC Programming Tool 3.x Privilege Escalation Vulnerability in CODESYS WebVisu and Remote TargetVisu Weak Hashing Algorithm Used for Storing Online Communication Passwords in CODESYS V3 Products Win32k Elevation of Privilege Vulnerability Sensitive Information Disclosure Vulnerability in Advanced Woo Search Plugin for WordPress XSS Vulnerability in Anchor 0.12.7 via Crafted Post Content Improper Access Control in Responsive-Add-Ons Plugin for WordPress CSV Import Vulnerability in Users-Customers-Import-Export-for-WP-WooCommerce Plugin Lack of Capability Checks in data-tables-generator-by-supsystic Plugin for WordPress Stored XSS vulnerability in data-tables-generator-by-supsystic plugin for WordPress Remote Code Execution Vulnerability in Mappress Google Maps for WordPress Plugin Shell Metacharacter Injection in Open-AudIT 3.3.1 via open-audit/configuration/ URI Prototype Pollution Attack in Beaker before 0.8.9 Allows Sandbox Escape and System Access Jet Database Engine Remote Code Execution Vulnerability FlexNet Publisher's lmadmin.exe 11.16.6 Denial of Service Vulnerability FlexNet Publisher lmadmin.exe 11.14.0.2 - Web Portal Information Disclosure Vulnerability Stored Cross-Site Scripting Vulnerability in Code Insight v7.x Releases Vulnerability in Spring MVC Calls Allows for Elevated Privileges in Code Insight v7.x Windows Network List Service Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in Microsoft SharePoint Uncontrolled Recursion in Dovecot Allows Denial of Service via Crafted E-mail Message Address Manipulation Vulnerability in xt:Commerce 5.1 to 6.2.2 Path Traversal Vulnerability in Tiny File Manager 2.4.1 Allows Unauthorized File Enumeration Vulnerability in Tiny File Manager 2.4.1 Allows Unauthorized File Backup Copies Authenticated SQL Injection Vulnerability in wp-advanced-search Plugin 3.3.6 for WordPress via Import Feature OpenConnect X509_check_ Function Vulnerability Unauthenticated Remote Administrative Access Vulnerability in VPNCrypt M10 2.6.5 Command Injection Vulnerability in VPNCrypt M10 2.6.5 WiFi Module Web Portal Arbitrary Content Injection Vulnerability in GNU Mailman before 2.1.31 Title: Command Injection Vulnerability in TP-Link Devices (NC200, NC210, NC220, NC230, NC250, NC260, NC450) Memory Object Handling Vulnerability in Connected Devices Platform Service Hardcoded Encryption Key Vulnerability in TP-Link Devices Command Injection Vulnerability in TP-Link NC260 and NC450 Devices Local File Inclusion Vulnerability in BigBlueButton before 2.2.5 XSS Vulnerability in BigBlueButton Prior to 2.2.4 via Closed Captions Pivot_root Race Condition Denial of Service Vulnerability in Linux Kernel Arbitrary File Read Vulnerability in Zoho ManageEngine OpManager Sensitive Configuration Value Disclosure in Moxa NPort 5150A Firmware Vulnerability: Keygen Protocol Implementation in Binance tss-lib Allows Compromise and Information Disclosure Vulnerability in Ledger Live: Unconfirmed Transaction Balance Increase OLE Automation Memory Handling Vulnerability Correos Express Addon for PrestaShop: Remote Information Disclosure and Order Modification Vulnerability Denial of Service Vulnerability in Max Secure Max Spyware Detector 1.0.0.044 CSRF Vulnerabilities in WAVLINK WN530H4 M30H4.V5030.190403 Router's /cgi-bin/ Directory Allow Remote Access Remote Command-Line Injection Vulnerability in WAVLINK WN530H4 M30H4.V5030.190403 Remote Buffer Overflow Vulnerability in WAVLINK WN530H4 M30H4.V5030.190403 WAVLINK WN530H4 M30H4.V5030.190403 Multiple Authentication Bypass Vulnerabilities Information Disclosure Vulnerability in WAVLINK WN530H4 M30H4.V5030.190403 Router Directory Traversal Vulnerability in DONG JOO CHO File Transfer iFamily 2.1 XSS Vulnerability in AirDisk Pro App 5.5.3 for iOS VBScript Remote Code Execution Vulnerability XSS Vulnerability in AirDisk Pro App 5.5.3 for iOS XSS Vulnerability in AirDisk Pro App 5.5.3 for iOS via devicename Parameter Unauthenticated Stored XSS Vulnerability in Fifthplay S.A.M.I before 2019.3_HP2 Remote Code Execution Vulnerability in Apros Evolution, ConsciusMap, and Furukawa Provisioning Systems through 2.8.1 Access Control Bypass in Nanometrics Centaur and TitanSMA Syslog Log Integer Overflow in bson_ensure_space() Parameter bytesNeeded XSS Vulnerability in GNU Mailman 2.x before 2.1.30 Privilege Escalation via AMD ATI atillk64.sys Driver Routines VBScript Remote Code Execution Vulnerability Buffer Overflow Vulnerability in Contiki-NG BLE Stack Allows Arbitrary Code Execution via Malicious L2CAP Frames Out-of-Bounds Read Vulnerability in Contiki-NG SNMP Stack Vulnerability: Admin Access Allows Retrieval of IPSec Key Material for Decryption Unvalidated Certificate Vulnerability in Orchestrator-EdgeConnect TLS Connection Unvalidated Certificate Vulnerability in Silver Peak Cloud Portal Authentication Bypass Vulnerability in Silver Peak Unity Orchestrator Authenticated User File Access and Modification Vulnerability in Silver Peak Unity Orchestrator Unauthorized MySQL Query Vulnerability in Silver Peak Unity Orchestrator Command Injection Vulnerability in Silver Peak Unity ECOS Appliance Software Command Injection Vulnerability in Silver Peak Unity ECOS Appliance Software VBScript Remote Code Execution Vulnerability VBScript Remote Code Execution Vulnerability Windows Runtime Object Handling Vulnerability Microsoft Word Remote Code Execution Vulnerability Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution IE Mode Spoofing Vulnerability in Microsoft Edge (Chromium-based) Microsoft Store Runtime Memory Handling Vulnerability Word for Android Remote Code Execution Vulnerability Microsoft Excel Memory Disclosure Vulnerability Privilege Escalation in Valve Source via /tmp/hl2_relaunch File Execution Denial of Service Vulnerability in OpenLDAP's slapd Vulnerability: DNSSEC Bypass in PowerDNS Recursor 4.1.0 - 4.3.0 Cross-Site Scripting (XSS) Vulnerability in Grafana before 6.7.3 OS Command Injection in Beeline Smart Box 2.0.38 Routers via Diagnostics Settings Out-of-Bounds Read and Information Disclosure Vulnerability in Foxit Reader and PhantomPDF Heap-based Buffer Overflow in Foxit Reader and PhantomPDF Microsoft Excel Remote Code Execution Vulnerability Directory Traversal Vulnerability in Gigamon GigaVUE 5.5.01.11 Arbitrary File Upload Vulnerability in Gigamon GigaVUE 5.5.01.11 Symlink Abuse Vulnerability in Avira Antivirus on Windows Remote Code Execution in rConfig 3.9.4 via Improper Validation in File Upload Functionality Reflected XSS vulnerability in rConfig 3.9.4 via devicemgmnt.php CSRF Vulnerability in rConfig 3.9.4 Allows Unauthorized User Actions Session Fixation Vulnerability in rConfig 3.9.4: Mishandling of Session Expiry and Randomization Reflected XSS Vulnerability in rConfig 3.9.4 Microsoft Excel Remote Code Execution Vulnerability XSS Vulnerability in Open-AudIT 3.3.0 After Login Cross-Site Scripting (XSS) Vulnerability in Intelbras TIP200, TIP200LITE, and TIP300 Devices Arbitrary File Write Vulnerability in decompress package for Node.js Unauthenticated Access to Externally Accessible Pages on Wavlink and Jetstream Devices Use-after-free vulnerability in Qt's setMarkdown function prior to version 5.14.2 Heap-Based Buffer Overflow in jbig2_image_compose in jbig2dec Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Insecure Alphanumeric IDs in React Native Bluetooth Scan: Exploiting COVID-19 Contact Tracing in Bluezone 1.0.0 Sophos XG Firewall SQL Injection Vulnerability OpenDMARC Vulnerability: Domain Spoofing via Incorrect Parsing and Interpretation of Authentication Results Cleartext Credential Exposure in TestLink 1.9.20's login.php Viewer Parameter Unrestricted goback_url Parameter in TestLink 1.9.20's cfieldsExport.php Privilege Escalation Vulnerability in GitLab 12.6-12.9: Unauthorized Creation of Personal Snippets via API Stored XSS Vulnerability in GitLab Admin Notification Feature Unauthenticated Repository Mirroring Vulnerability in GitLab 10.8 through 12.9 Remote Code Execution Vulnerability in libgit2 Remote Code Execution Vulnerability in libgit2 Windows DNS Denial of Service Vulnerability CSRF Vulnerability in iSmartgate PRO 1.5.9 Allows Unauthorized Garage Door/Gate Access CSRF Vulnerability in iSmartgate PRO 1.5.9 Allows Remote User Creation CSRF and Reflected XSS Vulnerability in iSmartgate PRO 1.5.9 Improper Validation in SafeRedirectURL Method in Sourcegraph before 3.15.1 Heap-based Buffer Overflow in FFmpeg's JPEG Marker SOS Handling Unscoped TaskView Permission in Octopus Deploy Privilege Escalation Vulnerability in Intel(R) Distribution of OpenVINO(TM) Toolkit Vulnerability: Denial of Service via Local Access in Intel Thunderbolt Controllers Authenticated User Denial of Service Vulnerability in Intel Thunderbolt Controllers Outlook Security Settings Bypass Vulnerability Intel Thunderbolt Controllers: Local Access Denial of Service Vulnerability Denial of Service Vulnerability in Intel(R) Thunderbolt(TM) Controllers Improper Conditions Check in Intel Thunderbolt Controllers: Local Access Denial of Service Vulnerability Denial of Service Vulnerability in Intel Thunderbolt Controllers Denial of Service Vulnerability in Intel(R) Thunderbolt(TM) Controllers Improper Input Validation in Intel Thunderbolt Controllers: Local Access Denial of Service Vulnerability Denial of Service Vulnerability in Intel(R) Thunderbolt(TM) Controllers Privilege Escalation Vulnerability in Intel(R) CSME Driver Installer Privilege Escalation Vulnerability in Intel(R) Server Board Firmware VBScript Remote Code Execution Vulnerability Uninitialized Pointer Vulnerability in Intel(R) Server Board Firmware: Potential Privilege Escalation via Local Access BIOS Firmware Vulnerability in Intel(R) Server Board Families S2600ST, S2600BP, and S2600WF: Local Privilege Escalation Privilege Escalation Vulnerability in Intel(R) Driver & Support Assistant Use After Free Vulnerability in Intel(R) CSME and Intel(R) TXE Subsystems Privilege Escalation Vulnerability in Intel(R) DAL SDK Installer Privilege Escalation Vulnerability in Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool Privilege Escalation Vulnerability in Intel(R) High Definition Audio Drivers Improper Access Control in Intel(R) Computing Improvement Program: Potential Information Disclosure via Network Access Vulnerability: Insufficiently Protected Credentials in Intel SSDs Windows Runtime Object Handling Elevation of Privilege Vulnerability Insufficient Control Flow Management in Intel SSD Firmware: Potential Information Disclosure via Physical Access Insufficient Control Flow Management in Intel SSD Firmware: Potential Information Disclosure via Physical Access Buffer Overflow Vulnerability in Intel(R) Stratix(R) 10 FPGA Firmware Insufficient Control Flow Management in Intel(R) PROSet/Wireless WiFi Products: Potential Privilege Escalation via Adjacent Access Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products Path Traversal Vulnerability in Intel(R) EMA (CVE-2021-XXXX) Intel(R) EMA Version 1.3.3 Vulnerability: Insufficient Credential Protection Buffer Overflow Vulnerability in Intel(R) PROSet/Wireless WiFi Products Vulnerability in Intel(R) PROSet/Wireless WiFi Products Allows Privilege Escalation via Local Access Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products Media Foundation Information Disclosure Vulnerability Uncontrolled Search Path Vulnerability in Intel(R) SCS Add-on for Microsoft* SCCM Buffer Overflow Vulnerability in Intel(R) Wireless Bluetooth(R) Products Denial of Service Vulnerability in Intel(R) Wireless Bluetooth(R) Products Privilege Escalation Vulnerability in Intel(R) ADAS IE Vulnerability in Intel Thunderbolt DCH Drivers for Windows Allows Privilege Escalation Buffer Overflow Vulnerability in Intel Thunderbolt DCH Drivers for Windows Improper Initialization in Intel Thunderbolt DCH Drivers for Windows* Allows Local Information Disclosure Insecure Default Variable Initialization in Intel Thunderbolt DCH Drivers for Windows* Vulnerability: Information Disclosure in Intel Thunderbolt DCH Drivers Uncontrolled Search Path Vulnerability in Intel(R) VTune(TM) Profiler Windows Runtime Object Handling Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in Intel(R) Falcon 8+ UAS AscTec Thermal Viewer Installer Privilege Escalation Vulnerability in Intel Unite(R) Cloud Service Client Privilege Escalation Vulnerability in Intel(R) HID Event Filter Driver Installer Credential Vulnerability in Intel(R) QAT for Linux Privilege Escalation Vulnerability in Intel(R) Advisor Tools Installer Privilege Escalation Vulnerability in Intel(R) Processor Identification Utility Installer Default Variable Initialization Vulnerability in Intel(R) NUC Firmware Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows Privilege Escalation via Local Access Open WebRTC Toolkit: Insufficient Control Flow Management Vulnerability Privilege Escalation via Insufficient Control Flow Management in Intel(R) Collaboration Suite for WebRTC API Windows Error Reporting Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in Intel(R) Data Center Manager Console Installer Privilege Escalation Vulnerability in Intel(R) Battery Life Diagnostic Tool Installer Privilege Escalation Vulnerability in Intel(R) Data Center Manager Console Information Disclosure Vulnerability in Intel(R) Data Center Manager Console Windows Runtime Object Handling Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in Intel(R) XTU BlueZ Vulnerability: Unauthenticated Privilege Escalation via Improper Input Validation BlueZ Vulnerability: Unauthorized Information Disclosure via Adjacent Access Improper Permissions in Intel(R) Data Center Manager Console: Potential Denial of Service Vulnerability Privilege Escalation Vulnerability in Intel AMT SDK Versions Before 14.0.0.1 RPMB Protocol Message Authentication Subsystem Authentication Bypass Vulnerability Intel(R) AMT Subsystem Out-of-Bounds Read Vulnerability Firmware Vulnerability in Intel(R) Processors Allows Privilege Escalation via Local Access Intel(R) Processor Firmware Out of Bounds Write Vulnerability: Local Denial of Service Exploit Intel(R) Processors Firmware Vulnerability: Unauthorized Privilege Escalation via Physical Access Jet Database Engine Remote Code Execution Vulnerability Intel(R) Processors Firmware Out of Bounds Read Vulnerability Use After Free Vulnerability in Intel Graphics Drivers: Potential Denial of Service via Local Access Integer Overflow Vulnerability in Intel Graphics Drivers for Windows and Linux Denial of Service Vulnerability in Intel Graphics Drivers for Windows and Linux Null Pointer Dereference Vulnerability in Intel Graphics Drivers for Windows and Linux Untrusted Pointer Dereference Vulnerability in Intel Graphics Drivers Privilege Escalation Vulnerability in Intel Graphics Drivers Privilege Escalation via Integer Overflow in Intel Graphics Drivers Integer Overflow Vulnerability in Intel Graphics Drivers: Potential Privilege Escalation via Local Access Escalation of Privilege Vulnerability in Intel Graphics Drivers Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Untrusted Pointer Dereference Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel(R) Graphics Drivers: Divide by Zero Exploit Denial of Service Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel Graphics Drivers BMC Firmware Buffer Overflow Vulnerability BMC Firmware Heap Overflow Vulnerability Hard-coded Key Vulnerability in Intel Server Boards, Systems, and Compute Modules BMC Firmware Vulnerability: Local Privilege Escalation in Intel Server Boards Windows Media Foundation Memory Corruption Vulnerability BMC Firmware Out of Bounds Read Vulnerability Intel Graphics Drivers Vulnerability: Local Access Privilege Escalation Privilege Escalation Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel Graphics Drivers Race Condition in Web Worker Shutdown Code: Use-After-Free Vulnerability in Firefox and Thunderbird Windows Sandbox Escape Vulnerability in Firefox ESR < 68.8 and Firefox < 76 Windows Sandbox Escape Vulnerability in Firefox ESR < 68.8 and Firefox < 76 Windows Media Foundation Memory Corruption Vulnerability IPv6 Address Origin Serialization Vulnerability in Firefox < 76 Insecure Inheritance of Content Security Policy (CSP) in Firefox < 76 Command Injection Vulnerability in Devtools' 'Copy as cURL' Feature Command Injection Vulnerability in Firefox's 'Copy as cURL' Feature Location Bar Spoofing Vulnerability in Firefox < 76 Memory Corruption Vulnerabilities in Firefox 75 and Firefox ESR 68.7 Memory Corruption Vulnerability in Firefox 75 Email Spoofing Vulnerability in Thunderbird < 68.8.0 Allows Sender Address Spoofing STARTTLS Bypass Vulnerability in Thunderbird < 68.9.0 Timing-based Side Channel Attack in NSS Library Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Timing-based Side Channel Attack in Coordinate Conversion of Firefox < 80 and Firefox for Android < 80 ECDSA Signature Generation Vulnerability in Firefox < 80 and Firefox for Android < 80 Electromagnetic Side Channel Attack on RSA Key Generation in Firefox < 78 Vulnerability: Out-of-Bounds Read in CHACHA20-POLY1305 Implementation in NSS Token Leakage Vulnerability in Firefox for iOS < 26 Race Condition in SharedWorkerService: Exploitable Crash Vulnerability in Thunderbird and Firefox Unboxed Objects Removal Vulnerability in Thunderbird and Firefox Arbitrary GPU Memory Leak in Firefox WebRender (CVE-2020-12345) Address Bar Spoofing Vulnerability in Firefox < 77 URL Blank Character Rendering Vulnerability in Firefox < 77 Windows Kernel Security Feature Bypass Vulnerability Memory Corruption Vulnerabilities in Firefox 76 and Firefox ESR 68.8 Memory Corruption Vulnerabilities in Firefox 76: Potential Arbitrary Code Execution Address Bar Spoofing Vulnerability in Firefox < 70 The Raccoon Attack: Timing Vulnerability in DHE Ciphersuites Unintended Persistence of IndexedDB in Firefox for iOS < 27 AppCache Confusion: Subdirectory Manifest Vulnerability in Firefox < 78 Use-after-free vulnerability in VideoStreamEncoder in Firefox < 78 ValueTags Confusion Vulnerability in Firefox on ARM64 Platforms URL Object Out-of-Bounds Read Vulnerability Use-after-free vulnerability in window flushing callback processing Cross-Origin Information Disclosure Vulnerability in Microsoft Edge Race Condition Vulnerability in STUN Server Connection Certificate Chain Rejection Vulnerability in Firefox and Thunderbird JavaScript-Generated JPEG Image Triggers Memory Corruption in Firefox < 78 Arbitrary Code Execution via Malicious webauthn.dll in Firefox on Windows WebRTC Permission Prompt Bypass in Firefox < 78 Hyphen Character Processing Vulnerability in Date.parse() in Firefox < 78 Memory Corruption Vulnerability in Firefox 77 CSRF Vulnerability in Western Digital WD Discovery Application Allows Data Theft and Disk Manipulation Multiple SQL Injections in Online Course Registration 2.0: Database Compromise and Authentication Bypass Vulnerabilities Denial of Service Vulnerability in Microsoft Hyper-V Memory Leak in virDomainListGetStats API in libvirt Windows Privilege Escalation Vulnerability in Splashtop Software Updater Vulnerability: XSS Account Credential Theft via WOPI API Integration XSS Vulnerability in PHP-Fusion 9.03.50 Allows JavaScript Execution via HTML Event Handlers Data Availability Vulnerability in Grin before 3.1.0 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Buffer Overflow Vulnerability in Ivanti Service Manager HEAT Remote Control 7.4 Vulnerability in Ivanti Avalanche 6.3: SQL Injection Exploit (Bug 683250) Arbitrary File Read Vulnerability in BigBlueButton before 2.2.6 Privilege Escalation Vulnerability in G.SKILL Trident Z Lighting Control Onkyo TX-NR585 LFI Vulnerability: Unauthorized Access to Sensitive Files Unauthorized Access to Sensitive Information via NuGet in GitLab EE 12.8 and later Windows Elevation of Privilege Vulnerability Mitel MiVoice Connect Client Remote Code Execution Vulnerability Denial of Service Vulnerability in wolfSSL TLS 1.3 ChangeCipherSpec Message Processing Grafana Information Disclosure Vulnerability World Readable Configuration Files in Red Hat Grafana Packages Windows Kernel Object Handling Elevation of Privilege Vulnerability Heap Overflow Vulnerability in OpenDMARC XML Parsing SQL Injection in PHP-Fusion 9.03.50 via Insufficient Protection Mechanism in maincore.php CSRF with Resultant XSS in Ninja Forms Plugin for WordPress Avira Software Updater 2.0.6.27476 Local Privilege Escalation Vulnerability Use-after-free vulnerability in usb_sg_cancel in Linux Kernel Array Overflow Vulnerability in mt76_add_fragment in Linux Kernel Session Fixation Vulnerability in Subrion CMS 4.2.1 CSV Injection Vulnerability in Subrion CMS 4.2.1 PHP Object Injection and File Deletion Vulnerability in Subrion CMS 4.2.1 Win32k Elevation of Privilege Vulnerability Arbitrary Code Execution via ASPX Template Modification in MonoX Remote Code Execution Vulnerability in MonoX through 5.1.40.5152 via HTML5Upload.ashx and PhotoGallery.aspx Stored XSS Vulnerabilities in MonoX through 5.1.40.5152 Arbitrary Program Execution Vulnerability in MonoX 5.1.40.5152 IDN Homograph Attack: Exploiting Punycode in Telegram URLs Directory Traversal Vulnerability in TP-Link Omada Controller Software 3.2.6 Bypassing IP Address Whitelist Restrictions in TeamPass 2.1.27.36 REST API Unauthenticated File Retrieval Vulnerability in TeamPass 2.1.27.36 TeamPass 2.1.27.36 PHP File Include Vulnerability via Directory Traversal GDI+ Remote Code Execution Vulnerability CSRF Filter Bypass via CORS Simple Requests with Unparseable Content Types Remote Code Execution Vulnerability in Appstore 8.12.0.0 Parameter Length Validation Vulnerability in Frame Touch Module Unauthorized Access to Sensitive Information in jovi Smart Scene Module Windows Runtime Elevation of Privilege Vulnerability Root Access Vulnerability in SWARCOs CPU LS4000 Series: Exploiting Debugging Port for Unauthorized Device Access Memory Disclosure Vulnerability in Beckhoff's TwinCAT RT Network Driver Improper Privilege Management in Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) Firmware V2.0.0 and Earlier Access Control Vulnerability in Endress+Hauser Ecograph T and Memograph M with Firmware V2.0.0 and Above Stack-based Overflow in PLCopen XML File Parsing in Phoenix Contact PC Worx and PC Worx Express v1.87 and Earlier Out-of-Bounds Read Remote Code Execution in Phoenix Contact PC Worx and PC Worx Express Improper Path Sanitation Vulnerability in PHOENIX CONTACT PLCnext Engineer Version 2020.3.1 and Earlier Win32k Information Disclosure Vulnerability Unauthenticated Device Administration Vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx Series Undocumented Account Access Vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx Devices Unauthenticated Device Administration Vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx and ICRL-M Series Multiple Authenticated Command Injection Vulnerabilities in Pepperl+Fuchs P+F Comtrol RocketLinx Devices Active TFTP-Service Vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx and ICRL-M Devices Authentication Bypass Vulnerability in WAGO 750-8XX Series Firmware <= FW07 Authentication Bypass Vulnerability in WAGO 750-8XX Series with FW Version <= FW03 SQL Injection Vulnerability in s::can moni::tools (<= 4.2) Allows Database Access and Potential Data Loss Path Traversal Vulnerability in s::can moni::tools Image-Relocator Module Path Traversal Vulnerability in s::can moni::tools (Versions below 4.2) Allows Unauthorized Access to Device Files Win32k Elevation of Privilege Vulnerability Insecure Default Installation Path and Execution Vulnerability in TwinCAT XAR 3.1 Software CSRF Vulnerability in Pepperl+Fuchs Comtrol IO-Link Master Version 1.5.48 and Below Authenticated Reflected POST Cross-Site Scripting Vulnerability in Pepperl+Fuchs Comtrol IO-Link Master Version 1.5.48 and Below Authenticated Blind OS Command Injection in Pepperl+Fuchs Comtrol IO-Link Master (Version 1.5.48 and below) NULL Pointer Dereference Vulnerability in Pepperl+Fuchs Comtrol IO-Link Master Version 1.5.48 and Below Denial of Service Vulnerability in WAGO PLC Family 750-88x and 750-352 Firmware Versions FW1-FW10 Local Privilege Escalation Vulnerability in Phoenix Contact PLCnext Control Devices Information Disclosure Vulnerability in Phoenix Contact PLCnext Control Devices Root Privilege Escalation Vulnerability in Phoenix Contact PLCnext Control Devices Remote Code Execution Vulnerability in Windows Vulnerability: Denial of Service and System Reboot via Crafted LLDP Packet on Phoenix Contact PLCnext Control Devices Remote Code Execution Vulnerability in WAGO Series PFC and Touch Panel Devices Vulnerability: Missing Initialization of Resource in Phoenix Contact mGuard Devices Uncontrolled Resource Consumption Vulnerability in Phoenix Contact HMIs BTP 2043W, BTP 2070W, and BTP 2102W Deserialization Vulnerability in M&M Software fdtCONTAINER Component Denial of Service Vulnerability in TwinCAT and IPC Diagnostics OPC UA Servers Improper Access Validation Allows Unauthorized Shutdown and Reboot in MB connect line mymbCONNECT24, mbCONNECT24, and Helmholz myREX24 and myREX24.virtual Improper Access Validation Allows Unauthorized Session Termination SSRF Vulnerability in MB connect line mymbCONNECT24 and mbCONNECT24 Software Win32k Elevation of Privilege Vulnerability XSS Vulnerability in MB connect line mymbCONNECT24 and mbCONNECT24 Software Windows Modules Installer Service Elevation of Privilege Vulnerability Windows Background Intelligent Transfer Service (BITS) IIS Module Content Handling Elevation of Privilege Vulnerability Windows GDI Information Disclosure Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability DirectX Memory Object Handling Vulnerability Hash Logging Vulnerability in Windows Host Guardian Service Information Disclosure Vulnerability in Symantec Endpoint Detection & Response (prior to 4.5) Privilege Escalation Vulnerability in SMG Appliance (Versions prior to 10.7.4) Information Disclosure Vulnerability in SMG Web UI Allows Unauthorized Access to Remote SCP Backup Server Password VBScript Remote Code Execution Vulnerability Excessive Memory Consumption in Envoy Proxy for HTTP/2 Requests and Responses with Small Data Frames HTTP/2 Memory Exhaustion Vulnerability in Envoy Memory Consumption Vulnerability in Envoy HTTP/1.1 Header Processing Arbitrary SQL Command Execution in DB Soft SGLAC Web Frontend Vulnerability: Mishandling of Point at Infinity in ECDSA Implementation Insecure File Permissions in SolarWinds MSP PME Cache Service Leading to Code Execution Windows Error Reporting (WER) Object Handling Information Disclosure Vulnerability Privilege Escalation via Environment Variable Manipulation Privilege Escalation via User Retention in BeyondTrust Privilege Management for Windows Elevation of Privileges Vulnerability in BeyondTrust Privilege Management for Windows Privilege Escalation Vulnerability in BeyondTrust Privilege Management for Windows Automatic S/MIME Certificate Replacement Vulnerability in eM Client S/MIME Certificate Replacement Vulnerability in MailMate Windows Kernel Object Handling Elevation of Privilege Vulnerability Command Injection Vulnerability in Pi-hole 4.4 Allows Privilege Escalation via /etc/pihole/dns-servers.conf Physical Proximity Exploit in Teamwire Application 5.3.0 for Android: Pass-code Component Vulnerability Session Hijacking Vulnerability in League Application on Android Cross-Site Scripting (XSS) Vulnerability in Roundcube Webmail before 1.4.4 CSRF Vulnerability in Roundcube Webmail: Unauthorized Logout via POST Ignorance Authentication Bypass Vulnerability in Calibre-Web 0.6.6 Cross-Site Scripting (XSS) Vulnerability in osTicket before 1.14.2 via SLA Name Windows Error Reporting Memory Object Handling Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in WebForms Pro M2 Extension for Magento 2 Missing SSL Certificate Validation in Zulip Desktop before 5.2.0 Vulnerability: Encryption Bypass via Forged Beacon Frames XSS Vulnerability in phpList before 3.5.3 Allows Privilege Elevation via lists/admin/template.php Windows Kernel Object Handling Elevation of Privilege Vulnerability Local File Inclusion and Code Execution in Roundcube Webmail Plugin API Arbitrary Code Execution in Roundcube Webmail via Configuration Setting Vulnerability XXE and SSRF Vulnerability in Report Portal via JUnit XML Launch Import Incorrect Access Control in OX App Suite 7.10.3 and earlier via /api/subscriptions request SSRF Vulnerability in OX App Suite 7.10.3 and Earlier Improper Input Validation and Memory Consumption Vulnerabilities in OX App Suite 7.10.1 to 7.10.3 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.3 and Earlier Unisys ALGOL Compiler Multiple Versions Code Emission Vulnerability Arbitrary Web Script Injection Vulnerability in TinyMCE 5.2.1 and Earlier Directory Traversal Vulnerability in Gurbalib through 2020-04-30: Unauthorized Access to Administrative Paths Windows Runtime Object Handling Elevation of Privilege Vulnerability Integer Overflow and Buffer Overflow in SecureCRT: Remote Code Execution Vulnerability Race condition vulnerability in __mptctl_ioctl function in Linux kernel before 5.4.14 (CID-28d76df18f0a) Buffer Overflow Vulnerability in Linux Kernel's mwifiex_cmd_append_vsie_tlv() Function Heap-based Buffer Overflow in mwifiex_ret_wmm_get_status() in Linux Kernel (CVE-2020-12345) Excessive Duration Sync Vulnerability in XFS v5 Image Handling Memory Leak in gss_mech_free Function in Linux Kernel Use-after-free vulnerability in Linux kernel's bfq-iosched.c gssproxy before 0.8.3 Denial of Service Vulnerability Out-of-Bounds Write Vulnerability in xdp_umem_reg Windows Kernel Object Handling Elevation of Privilege Vulnerability NXNSAttack: Unbound DNS Server Vulnerability Allows Insufficient Control of Network Message Volume Infinite Loop Vulnerability in Unbound DNS Server (CVE-2020-12662) Open Redirect Vulnerability in Macaron before 1.3.7 NXNSAttack: Traffic Amplification Vulnerability in Knot Resolver Arbitrary File Disclosure Vulnerability in Jinjava before 2.5.4 Bypassing Access Restrictions in Dolibarr Core/get_menudiv.php LSASS Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Webmin 1.941 and Earlier: Unsanitized SCRIPT Elements in Read User Email Module Heap-Based Buffer Overflow in GraphicsMagick's ReadMNGImage Function Dovecot NTLM Request Out-of-Bounds Read Vulnerability Zero-Length RPA Request Vulnerability in Dovecot Incomplete Fix for Remote Code Execution Vulnerability in Mappress Google Maps for WordPress Plugin FusionAuth SAMLv2 Signature Exclusion Vulnerability Unsanitized Input Vulnerability in Progress MOVEit Automation Web Admin Mitel ShoreTel Conference Web Application 19.50.1000.0 XSS Vulnerability Memory Object Handling Vulnerability in Windows Service Local Credential Discovery in Avira Free Antivirus TLS Certificate Validation Bypass Vulnerability in 3xLogic Infinias eIDC32 Devices Multiple Stored XSS Vulnerabilities in Katyshop2 before 2.12 XXE Injection Vulnerability in i-net Clear Reports 2019 19.0.287 (Designer) Cross-Site Scripting (XSS) Vulnerability in Interchange Admin Help System Unauthenticated User Can Access All Attachments in Serpico OpenStack Keystone Vulnerability: Privilege Escalation via EC2 Credential Creation Windows Kernel Object Handling Elevation of Privilege Vulnerability OAuth1 Access Token Role Assignment Bypass Vulnerability OpenStack Keystone Vulnerability: Unauthorized EC2 Credential Manipulation OpenStack Keystone EC2 API Authorization Header Sniffing Vulnerability Authentication Bypass via Race Condition in Slurm CallStranger: Vulnerability in UPnP Specification Allows Cross-Network Segment Subscription Requests Unsanitized URL Vulnerability in WordPress iframe Plugin Denial of Service Vulnerability in TYPO3 Direct Mail Extension Broken Access Control in TYPO3 Direct Mail Extension Open Redirect Vulnerability in TYPO3 Direct Mail Extension WLAN Service Elevation of Privilege Vulnerability in Windows Information Disclosure Vulnerability in TYPO3 Direct Mail Extension Quick Pairing Mode Vulnerability in eWeLink Mobile App: Eavesdropping on Wi-Fi Credentials and Sensitive Information XSS Vulnerability in UliCMS PackageController Uninstall (pre-2020.2) Stored XSS Vulnerability in UliCMS before 2020.2 LeptonCMS 4.6.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities Multiple Cross-site Scripting Vulnerabilities in PHP-Fusion 9.03.50 XSS Vulnerability in LeptonCMS 4.5.0 Allows Execution of JavaScript via HTML Event Handlers Cross-Site Scripting Vulnerabilities in PHP-Fusion 9.03.50 Windows Backup Service Elevation of Privilege Vulnerability Insecure User/Password Encryption Vulnerability in JOE Component of SOS JobScheduler Privilege Escalation Vulnerability in CipherMail Gateways and Webmail Messenger Insufficient Size Diffie-Hellman Parameter Vulnerability in CipherMail Products RainbowFish PacsOne Server 6.8.4 Incorrect Access Control Vulnerability Bluetooth Advertisement Crash Vulnerability in COVID-19 Contact Tracing Apps Stored XSS Vulnerability in PHP-Fusion 9.03.50's Preview Comment Feature XML External Entity (XXE) Vulnerability in WSO2 Products Windows Installer Insecure Library Loading Elevation of Privilege Vulnerability Incorrect Access Control in vBulletin Versions 5.5.6pl1, 5.6.0pl1, and 5.6.1pl1 Buffer Overflow in regcomp.c Allows Remote Code Execution in Perl Authenticated Server-Side Request Forgery (SSRF) Vulnerability in Redash Open-Source 8.0.0 and Prior Critical Vulnerability: Unrestricted Access to Device Descriptors in MagicMotion Flamingo 2 Windows Kernel Object Handling Elevation of Privilege Vulnerability Unencrypted BLE in MagicMotion Flamingo 2 allows data sniffing and packet forgery Insecure Data Storage Vulnerability in MagicMotion Flamingo 2 Android App Default SSID and Password Vulnerability in DEPSTECH WiFi Digital Microscope 3 Vulnerability: Unauthenticated TELNET Access to DEPSTECH WiFi Digital Microscope 3 Remote Code Execution Vulnerability in DEPSTECH WiFi Digital Microscope 3 Insufficient Entropy in Password Reset Requests in DomainMOD 4.13.0 Allows Account Takeover Remote Code Execution via Email Subject Line Injection Path Traversal Vulnerability in Maxum Rumpus before 8.2.12 on macOS Denial-of-Service Vulnerability in Fanuc i Series CNC: Remote Attackers Can Render CNC Inaccessible Windows Kernel Object Handling Elevation of Privilege Vulnerability Heap-Based Buffer Over-read in Tcprewrite's get_ipv6_next() Function Insecure URL Sanitization in iubenda-cookie-law-solution Plugin for WordPress Unauthenticated Arbitrary PHP File Inclusion in Gazie 7.32 Privilege Escalation Vulnerability in Verint Desktop Resources 15.2 MSI Installer Clipboard Content Access Vulnerability on Samsung Mobile Devices with Q(10.0) Software Heap-based Buffer Overflow Vulnerability in Samsung Mobile Devices with Exynos Chipsets Heap-based Buffer Overflow in Samsung Mobile Devices with Q(10.0) Software Vulnerability: SIM Card Bypass on Samsung Mobile Devices with Q(10.0) Software (SVE-2020-16594) Buffer Overflow Vulnerability in Samsung Mobile Devices with P(9.0) (Exynos Chipsets) Software Windows Kernel Object Handling Elevation of Privilege Vulnerability SPEN Bypass Vulnerability in Samsung Q(10.0) Software Quram Image Codec Library Vulnerability: Memory Overwrite and Arbitrary Code Execution on Samsung Mobile Devices (SVE-2020-16943) Gatekeeper Trustlet Brute-Force Vulnerability on Samsung Mobile Devices LG Mobile Devices Bootloader Arbitrary Code Execution Vulnerability LG Mobile Devices Input Control Vulnerability Unintended KWallet Password Storage Vulnerability in KDE kio-extras GCP Secrets Engine Credential Generation Time-to-Live Lease Duration Misconfiguration Vulnerability Crash Vulnerability in HashiCorp Consul and Consul Enterprise with Abnormally-Formed Service-Router Entry Reflected XSS Vulnerability in Zulip Server via Dropbox Webhook Windows Kernel Object Handling Elevation of Privilege Vulnerability Arbitrary Deserialization Vulnerability in OpenNMS Horizon and Meridian Integer Overflow Vulnerability in imlib2 1.6.0's loader_ico.c Integer Overflow and Out-of-Bounds Write Vulnerability in json-c through 0.14 Unauthenticated Stack-Based Buffer Overflow in TRENDnet ProView Wireless Camera TV-IP512WN 1.0R 1.0.4 Directory Traversal Vulnerability in Gnuteca 3.8 Directory Traversal Vulnerability in Solis Miolo 2.0 SQL Injection Vulnerability in Gnuteca 3.8 via exemplaryStatusId Parameter Divide-by-Zero Error in exif_entry_get_value in libexif 0.6.21 Memory Leak in svm_cpu_uninit in Linux Kernel Linux Kernel Panic Vulnerability in drivers/spi/spi-dw.c (CID-19b61392c5a8) Windows Installer Filesystem Operations Privilege Escalation Vulnerability Missing sg_remove_request call in sg_write function Deadlock Vulnerability in Linux Kernel's btree_gc_coalesce Function Remote Code Execution via Image Tag in Ignite Realtime Spark 2.8.3 Remote Command Execution Vulnerability in Realtek ADSL/PON Modem SoC Firmware Arbitrary Command Injection Vulnerability in D-Link DSL-7740C Command Injection Vulnerability in Hicos Citizen Certificate Client-Side Component Broken Access Control Vulnerability in Openfind Mail2000 Broken Access Control Vulnerability in Combodo iTop Allows Unauthorized Command Injection and System Information Disclosure Unvalidated Input Parameters in Combodo iTop Allow for Command Injection and XSS Attacks Stored Cross-site Scripting Vulnerability in Combodo iTop Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Combodo iTop Security Misconfiguration Vulnerability CSRF Vulnerability in Combodo iTop Allows Command Execution via Malicious Site Request Forgery Command Injection Vulnerability in Openfind MailGates Allows Unauthorized Access to System Files Exim 4.93 Out-of-Bounds Read Vulnerability in SPA Authenticator Remote Bandwidth Suspension Vulnerability in cPanel (SEC-505) Account Backup Directory Disclosure Vulnerability Vulnerability: Bypassing Applet Handling Security Mechanisms in Microchip Atmel ATSAMA5 Products Timing and Power Analysis Vulnerability in Microchip Atmel ATSAMA5 CMAC Verification Functionality Hardcoded Key Vulnerability in Microchip Atmel ATSAMA5 Secure Monitor Spotlight Image Loading Vulnerability in Windows Lockscreen Server-Side Template Injection and Credentials Disclosure in SEOmatic Plugin for Craft CMS Legacy ACL Token Rule Propagation Failure in HashiCorp Consul and Consul Enterprise Cellebrite UFED 5.0 to 7.5.0.845 Vulnerability: Command Prompt Access via Wireless Network Connection Screen Windows Bluetooth Service Elevation of Privilege Vulnerability Unrestricted File Upload and Remote Code Execution in Contact Form 7 Plugin Vulnerability: Unintentional Unencryption of Recovered Documents in LibreOffice Remote Graphic Links Omission Vulnerability in LibreOffice Vulnerability: Arbitrary File Overwrite via Form Submission in LibreOffice Windows OLE Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in FortiManager and FortiAnalyzer Case Insensitive Authentication Bypass in FortiOS SSL VPN Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiAnalyzer Versions 6.0.6 and below, 6.4.4 HTML Injection Vulnerability in FortiTester before 3.9.0 Stored Cross-Site Scripting (XSS) Vulnerability in FortiNAC before 8.7.2 HTML Injection Vulnerability in FortiAnalyzer Storage Connectors Insufficient Logging Vulnerability in FortiGate: Unauthenticated Traffic to Fortinet IP Addresses Goes Unnoticed Windows Runtime Object Handling Elevation of Privilege Vulnerability Vulnerability: Gossipsub 1.0 Susceptible to Eclipse and Sybil Attacks Buffer Overflow Vulnerability in OpenConnect 8.09 RTP Software Abort Vulnerability in Pexip Infinity 23.x before 23.3 Excessive Recursion Vulnerability in libcroco through 0.6.13 Signal Access-Control Issue in Linux Kernel: Integer Overflow Exploitation (CID-7395ea4e65c2) Path Traversal Vulnerability in MJML Prior to 4.6.3 Privilege Escalation via AnchorFree VPN SDK Integer Overflow in SM501 Display Driver Implementation Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Critical Stack Buffer Overflow Vulnerabilities in Western Digital My Cloud Devices World-readable default permissions in FRRouting split-config feature leading to potential information leak Arbitrary File Deletion Vulnerability in WordPress Plugin Simple File List Remote Code Execution in eQ-3 Homematic Central Control Unit (CCU)2 and CCU3 through JSON API Method ReGa.runScript Remote Code Execution via Unsafe Java RMI Configuration in SmartBear ReadyAPI SoapUI Pro 3.2.5 Vulnerability: Malicious File Uploads via Garage Door Image Upload in iSmartGate PRO 1.5.9 Privilege Escalation Vulnerability in iSmartGate PRO 1.5.9 via /cron/mailAdmin.php Privilege Escalation Vulnerability in ismartgate PRO 1.5.9 via /cron/checkExpirationDate.php Windows SMBv3 Denial of Service Vulnerability CSRF Vulnerability in iSmartGate PRO 1.5.9 Allows Remote Sound File Upload CSRF Vulnerability in iSmartGate PRO 1.5.9 Allows Remote Image Upload Privilege Escalation Vulnerability in ismartgate PRO 1.5.9 via /cron/checkUserExpirationDate.php Vulnerability: Malicious File Uploads via Garage Door Sound Upload Form in iSmartGate PRO 1.5.9 Cherokee Server Denial of Service Vulnerability Remote Code Execution via Avatar File Upload in Zimbra Webmail Subsystem Arbitrary Binary Execution in Pydio Cells 2.0.4 Hidden User Account Creation and Unauthorized Access Vulnerability in Pydio Cells 2.0.4 Unauthenticated Profile Image Access Vulnerability in Pydio Cells 2.0.4 Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability Privilege Escalation Vulnerability in Pydio Cells Enterprise OVF 2.0.3 Arbitrary File Write Vulnerability in Pydio Cells 2.0.4 Arbitrary Code Execution via Pydio Cells Update Feature Cross-Site Scripting (XSS) Vulnerability in Pydio Cells 2.0.4 Remote Code Execution Vulnerability in SecZetta NEProfile 3.3.11 via Crafted JPEG File Upload Host Header Injection Vulnerability in SecZetta NEProfile 3.3.11 Bluetooth-based Re-Identification Vulnerability in COVID-19 Contact Tracing Apps Remote Re-identification Vulnerability in COVIDSafe v1.0.15 and v1.0.16 Re-identification of Android Devices in COVIDSafe through Unreinitialized Random Data in Advertising Payload Device Model Identification Vulnerability in OpenTrace/BlueTrace Protocol in COVIDSafe v1.0.17 Windows Shell Remote Code Execution Vulnerability Remote Device Re-identification and Owner Identification Vulnerability in COVIDSafe v1.0.17 Heap Buffer Overflow in SANE Backends: GHSL-2020-080 SANE Backends Out-of-Bounds Read Vulnerability (GHSL-2020-082) SANE Backends Out-of-Bounds Read Vulnerability (GHSL-2020-083) SANE Backends Out-of-Bounds Read Vulnerability (GHSL-2020-081) Heap Buffer Overflow in SANE Backends: Remote Code Execution Vulnerability NULL Pointer Dereference Vulnerability in SANE Backends 1.0.30 and Earlier NULL Pointer Dereference Vulnerability in SANE Backends (GHSL-2020-075) XSS Vulnerability in RainbowFish PacsOne Server 6.8.4 Windows WalletService Elevation of Privilege Vulnerability SQL Injection Vulnerability in RainbowFish PacsOne Server 6.8.4 Signup Page Obsolete TLS Ciphers in Yaws: Sweet32 Vulnerability Arbitrary Code Execution Vulnerability in Alfresco ECM Authentication Bypass Vulnerability in Veritas APTARE versions prior to 10.4 Inadequate Authorization Checks in Veritas APTARE Versions Prior to 10.4 Unintended File Access Vulnerability in Veritas APTARE Versions Prior to 10.4 (Windows Server Only) Unauthenticated Access to Sensitive Information in Veritas APTARE Versions Prior to 10.4 Privilege Escalation via Symlink Attack in Digi ConnectPort X2e Root Shell Access Vulnerability in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance XSS Vulnerability in Submitty 20.04.01 via SVG Document Upload Buffer Over-read Vulnerability in Arm Mbed OS 5.15.3 CoAP Library Buffer Over-read Vulnerability in Arm Mbed OS 5.15.3 CoAP Library Infinite Loop Vulnerability in Arm Mbed OS 5.15.3 CoAP Library Buffer Over-read Vulnerability in Arm Mbed OS 5.15.3 CoAP Library Memory Leak Vulnerability in Arm Mbed OS 5.15.3 CoAP Library VFIO PCI Driver in Linux Kernel: Disabled Memory Space Access Vulnerability MISP MISP-maltego 1.4.4 Remote-Transform Vulnerability Microsoft SharePoint Server Spoofing Vulnerability SMM Pointer Manipulation Vulnerability in AGESA DLL Hijacking Vulnerability in AMD Radeon Software Untrusted Search Path Vulnerability in AMD Radeon Settings Installer Critical Stack Buffer Overflow Vulnerability in AMD Graphics Driver for Windows 10 in Escape 0x15002a Escape 0x40010d: Arbitrary Write Vulnerability in AMD Graphics Driver for Windows 10 AMD Graphics Driver for Windows 10 Escape 0x110037 Vulnerability: Pool/Heap Overflow Kernel Pool Address Disclosure Vulnerability in AMD Graphics Driver for Windows 10: Potential KASLR Bypass Critical Stack Buffer Overflow Vulnerability in AMD Graphics Driver for Windows 10 Critical Vulnerability in AMD Graphics Driver for Windows 10: KASLR Bypass and Denial of Service Risk Kernel Information Disclosure Vulnerability in Win32k Component Escalation of Privileges and Denial of Service Vulnerability in AMD Radeon Graphics Driver for Windows 10 KASLR Bypass and Information Disclosure Vulnerability in AMD Graphics Driver for Windows 10 Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 Escalation of Privilege and Denial of Service Vulnerability in AMD Graphics Driver for Windows 10 AMD Graphics Driver Out of Bounds Read Vulnerability in Windows 10 Escape 0x3004203 AMD Graphics Driver Out of Bounds Read Vulnerability in Windows 10 Escape 0x3004403 Windows Network Connections Service Elevation of Privilege Vulnerability Denial of Service Vulnerability in AMD ATIKMDAG.SYS (Version 26.20.15029.27017) Privilege Escalation Vulnerability in AMD RAPL Interface for Linux hwmon Service OpenSSH for Windows Configuration Access Vulnerability Vulnerability in AMD Display Driver Escape 0x130007 Call Handler Allows for Denial of Service Attack Vulnerability: TPM Reference Software Failure to Track Failed Shutdowns Privilege Escalation Vulnerability in AMD VBIOS Flash Tool SDK Privilege Escalation Vulnerability in AMD Ryzen Master V15 AMD Graphics Driver Local Privilege Escalation Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in AMD Secure Processor (ASP) Drivers Privilege Escalation Vulnerability in AMD Secure Processor (ASP) Kernel Denial of Service Vulnerability in AMD ATIKMDAG.SYS (Version 26.20.15029.27017) Windows WalletService Elevation of Privilege Vulnerability ASP Firmware Vulnerability: Arbitrary Code Execution via Insufficient BIOS Image Length Validation Vulnerability: Insufficient Input Validation in ASP Firmware for Discrete TPM Commands SharePoint Elevation of Privilege Vulnerability ASP Firmware Race Condition Vulnerability Exploiting Integrated Chipset Option to Bypass SPI ROM Protections and Enable Unauthorized Modification Memory Object Handling Vulnerability in Windows Diagnostics & Feedback Settings App Denial of Service Vulnerability in AMD Graphics Driver for Windows 10 Zeroing Privileged Registers: Bypassing SPI ROM Protections in AMD Platform Security Processor (PSP) Privilege Escalation Vulnerability in AMD Graphics Driver for Windows Insufficient Pointer Validation Vulnerability in AMD Graphics Driver for Windows Vulnerability in AMD Radeon Kernel Mode Driver Allows Privilege Escalation and Denial of Service Transient Execution of Non-Canonical Loads and Stores in AMD CPUs: A Potential Data Leakage Vulnerability AMD EPYC™ Processors: Information Disclosure Vulnerability in SEV-ES and SEV-SNP Nested Page Table Vulnerability in AMD SEV/SEV-ES: Potential Arbitrary Code Execution Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Critical Out of Bounds Write and Read Vulnerability in AMD Graphics Driver for Windows 10 Unprivileged User Exploit: AMD Graphics Driver Vulnerability in Windows 10 AMD Graphics Driver for Windows 10: Invalid Object Pointer Free Vulnerability AMD Graphics Driver for Windows 10 Out of Bounds Write Vulnerability Insufficient Pointer Validation Vulnerability in AMD Graphics Driver for Windows 10 Insufficient Pointer Validation Vulnerability in AMD Graphics Driver for Windows 10 AMD Graphics Driver Vulnerability: Heap Information Leak and KASLR Bypass Integrated Chipset Denial of Service (DoS) Vulnerability: System Hang on Reboot LNK Remote Code Execution Vulnerability in Microsoft Windows Cabinet File Remote Code Execution Vulnerability Windows SMB Remote Code Execution Vulnerability Windows Installer Filesystem Operations Privilege Escalation Vulnerability Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Object Handling Elevation of Privilege Vulnerability Windows State Repository Service Elevation of Privilege Vulnerability Windows Runtime Object Handling Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in DirectX Microsoft Store Runtime Memory Handling Vulnerability Untrusted File Execution Vulnerability in pandas through 1.0.3 Untrusted File Execution via joblib.load() in scikit-learn (aka sklearn) Directory Traversal Vulnerability in iSpyConnect.com Agent DVR before 2.7.1.0 Cross-Site Scripting (XSS) Vulnerability in Dolibarr before 11.0.4 Privilege Escalation Vulnerability in Little Snitch Versions 4.5.1 and Older Win32k Elevation of Privilege Vulnerability Denial of Service Vulnerability in Arista's CloudVision eXchange (CVX) Server XML Signature Validation Bypass in OASIS DSS 1.0 Stack-based Buffer Overflow in Morita Shogi 64 for Nintendo 64 Devices COM Special Case IID Elevation of Privilege Vulnerability Arbitrary Code Execution and Privilege Escalation Vulnerability in Kerberos Package for Node.js Denial of Service Vulnerability in NaviServer 4.99.4 to 4.99.19 Buffer Over-read Vulnerabilities in libexif before 0.6.22 Uninitialized Memory Vulnerability in libexif before 0.6.22 Unrestricted Size Vulnerability in libexif: Potential Denial of Service XSS Vulnerability in OpenText Carbonite Server Backup Portal (CVE-2021-XXXX) Unauthenticated Remote Command Injection in Wavlink WN575A4 and WN579X3 Devices SQL Injection Vulnerability in Mikrotik-Router-Monitoring-System Critical Clickjacking Vulnerability in ismartgate PRO 1.5.9 Windows Installer Filesystem Operations Elevation of Privilege Vulnerability Open Redirect Vulnerability in Submitty 20.04.01 via authentication/login?old= Command Injection Vulnerability in NoviFlow NoviWare CLI Command Injection Vulnerability in SABnzbd Web Configuration Interface Unauthenticated User Creation Vulnerability in Ultimate Addons for Elementor Plugin Arbitrary File Upload Vulnerability in Elementor Pro Plugin SQL Injection Vulnerability in Loway QueueMetrics Denial of Service Vulnerability in Manolo GWTUpload 1.0.3 Sensitive Information Exposure via GET Method in Stashcat App Windows Update Orchestrator Service Elevation of Privilege Vulnerability Vulnerability: Memory Leakage in Yubico libykpiv Denial of Service Vulnerability in Yubico libykpiv Stored XSS Vulnerability in Tufin SecureChange Prior to R19.3 HF3 and R20-1 HF1 Stored XSS Vulnerability in Tufin SecureChange Prior to R19.3 HF3 and R20-1 HF1 Local Network Information Disclosure Vulnerability in D-Link DSP-W215 1.26b03 Devices Obfuscated Hash Disclosure Vulnerability in D-Link DSP-W215 1.26b03 Devices Windows Text Service Framework Elevation of Privilege Vulnerability Out-of-Bounds Read Vulnerability in gadget_dev_desc_UDC_store in Linux Kernel 3.16 through 5.6.13 Arbitrary Code Execution in Open edX Ironwood 2.5 via Custom Python Evaluated Code Stored XSS Vulnerability in Open edX Ironwood 2.5 via SVG File Uploads CSV Injection Vulnerability in Open edX Ironwood 2.5 Privilege Escalation and File Overwrite Vulnerability in Dragon Center Memory Object Handling Vulnerability in Internet Explorer Vulnerability: D-link DSL-2750U Control Panel Access Time Gap Unauthenticated Remote Code Execution in Aerospike Community Edition 4.9.0.5 Memory Leak Vulnerability in Amarok 2.8.0 via Specially Crafted M3U File Cross-Site Scripting (XSS) Vulnerability in MISP before 2.4.126 in resolved_attributes.ctp File Protection Password Disclosure in Zoho ManageEngine Service Plus CSRF and HTML Injection Vulnerability in NukeViet 4.4's clearsystem.php CSRF Vulnerability in NukeViet 4.4 Allows Unauthorized User Account Addition CSRF Vulnerability in NukeViet 4.4 Allows Unauthorized Password Change Directory Traversal Vulnerability in Artica Proxy Community Edition (before 4.30.000000) via fw.progrss.details.php Popup Parameter OS Command Injection in Artica Proxy Community Edition (before 4.30.000000) via Multiple Fields Windows Kernel Object Handling Elevation of Privilege Vulnerability Format String Vulnerability in AnyDesk before 5.5.3 on Linux and FreeBSD Elevated Privileges Exploit in Pulse Secure Client Insecure TLS Certificate Verification in em-imap 0.5 NFS Dissector Crash Vulnerability in Wireshark Arbitrary Code Execution Vulnerability in MyLittleAdmin 3.8 Unauthenticated Remote Code Execution in Netsweeper 6.4.3 Reflected XSS Vulnerability in SysAid 20.1.11b26 via ForgotPassword.jsp accountid Parameter Stored XSS Vulnerability in SolarWinds Orion Platform Allows Information Disclosure and Privilege Escalation Group Policy Access Check Vulnerability Scope Enforcement Vulnerability in HashiCorp Consul and Consul Enterprise Insecure Named Pipe Vulnerability in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows Clickjacking Vulnerability in Teradici Management Console Local File Inclusion Vulnerability in Teradici Cloud Access Connector and Cloud Access Connector Legacy Stored Cross-Site Scripting (XSS) Vulnerability in Teradici Cloud Access Connector Privilege Escalation via Support Bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows Improper Signature Validation in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows Memory Dump Vulnerability in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows Microsoft Office SharePoint XSS Vulnerability Reflected Cross Site Scripting Vulnerability in Teradici PCoIP Management Console (prior to 20.07) Unauthenticated Access to Sensitive Functions in Teradici Cloud Access Connector CSRF Vulnerability in Teradici Cloud Access Connector v31 and Earlier Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Microsoft Office SharePoint XSS Vulnerability Memory Object Handling Vulnerability in Microsoft Office Software Uninitialized Variable Leads to Information Disclosure in Microsoft Project Proxy Environment Variable Leakage in HashiCorp Vault and Vault Enterprise (Fixed in 1.3.6 and 1.4.2) Buffer Overflow Vulnerability in TP-LINK NC200, NC210, NC220, NC230, NC250, NC260, and NC450 Devices Stored XSS Vulnerability in phpIPAM 1.4 User Instructions Widget SSRF Vulnerability in WSO2 API Manager 3.0.0 Allows Unauthorized Access to Intranet Username Disclosure Vulnerability in Sysax Multi Server 6.90 Reflected XSS Vulnerability in Sysax Multi Server 6.90 via /scgi sid Parameter Session Hijacking Vulnerability in Sysax Multi Server 6.90 SharePoint Open Redirect Vulnerability: Exploiting URL Spoofing in Microsoft SharePoint Account Disablement Vulnerability in Cacti 1.2.11 and Earlier CSRF Vulnerability in Cacti before 1.2.11 Allows Admin Email Change Denial of Service Vulnerability in Mitsubishi MELSEC iQ-R Series PLCs with Firmware 33 Dolibarr 11.0.4 DMS/ECM Module XSS Vulnerability Windows Security Health Service Elevation of Privilege Vulnerability Insecure File Extension Renaming Vulnerability in Dolibarr 11.0.4 DMS/ECM Module Unrestricted File Upload Vulnerability in Microweber 1.1.18 Vulnerability: Missing SSL Certificate Validation in NETGEAR Devices Deadlock Vulnerability in Gitea: Repository Ownership Transfer CSV Injection Vulnerability in BooleBox Secure File Sharing Utility Stored XSS Vulnerability in BooleBox Secure File Sharing Utility Improper Validation of OK Packet in MariaDB Connector/C Azure DevOps Server and Team Foundation Services Spoofing Vulnerability: Exploiting Trust in Communication Channels Denial of Service Vulnerability in HashiCorp Consul and Consul Enterprise's HTTP API and DNS Caching Feature Arbitrary OS Command Execution in Centreon before 19.04.15 Out-of-Bounds Read Vulnerability in QEMU 4.2.0's sd_wp_addr Key Collision and Data Leakage in Django Memcached Backend Reflected XSS Vulnerability in Contentful Python SDK Cross-Site Request Forgery (CSRF) Vulnerability in RAD SecFlow-1v Web Management Interface Azure DevOps Server Cross-site Scripting Vulnerability Stored XSS Vulnerability in RAD SecFlow-1v Web Management Interface Amazon EKS Credentials Disclosure in GitLab CE/EE 12.6 and Later: HTML Source Code Vulnerability Client-Side Code Injection Vulnerability in GitLab CE/EE 12.9 and later through 13.0.1 via Specially Crafted Mermaid Payload Project Maintainer Impersonation Vulnerability in GitLab EE 9.5 - 13.0.1 Kubernetes Cluster Token Disclosure in GitLab CE/EE 10.3 and later through 13.0.1 Email Verification Bypass Vulnerability in GitLab CE/EE 12.5 and later through 13.0.1 Vulnerability: Insecure Authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 Stored Cross-Site Scripting Vulnerability in GitLab CE/EE 12.8 and later through 13.0.1 File Existence Disclosure Vulnerability in GitLab CE/EE 12.10 and later through 13.0.1 Reflected Cross-Site Scripting Vulnerability in GitLab CE/EE Static Site Editor (12.10 - 13.0.1) Azure DevOps Server HTML Injection Vulnerability Unauthorized Fork Creation Vulnerability in GitLab CE/EE 11.3 - 13.0.1 Stored Cross-Site Scripting Vulnerability in GitLab CE/EE Versions through 13.0.1 Unverified User Exploitation in OAuth Authorization Code Flow System Resource Exhaustion Vulnerability in GitLab CE/EE 12.0 - 13.0.1 Memory Exhaustion Vulnerability in GitLab Versions 13.0.1 and Earlier Allows Denial of Service Attacks Unverified Email Address Access Vulnerability in GitLab EE 12.2 and later through 13.0.1 Unverified Email Notification Vulnerability in GitLab CE/EE Versions through 13.0.1 Unauthorized Read Access to Private Repositories in GitLab CE/EE 10.6 and Later through 13.0.5 Reflected Cross-Site Scripting Vulnerability in RosarioSIS Student Information System < 6.5.1 Remote Code Execution in GitLab VSCode Extension v2.2.0 Excessive Logging Vulnerability in GitLab Leads to Memory Exhaustion Denial of Service Vulnerability in GitLab Project Import Feature Improper Access Control in GitLab Group Transfer Vulnerability Cross-Site Scripting Vulnerability in GitLab Issues List via Milestone Title Outdated CI Job Token API Authorization Vulnerability in GitLab Cross-Site Scripting (XSS) Vulnerability in GitLab Issue Reference Number Tooltip Server Side Request Forgery (SSRF) vulnerability in GitLab before 13.0.12, 13.1.6, 13.2.3 allows modification of user-controlled git configuration settings. Confidential EPIC Disclosure Vulnerability in GitLab Stored XSS Vulnerability in GitLab CI/CD Jobs Page Invalid Username Acceptance Vulnerability in GitLab with 2FA Bing Search Android App HTML Spoofing Vulnerability Improper Access Control on GitLab Applications Page Temporary Overpermissive Access Vulnerability in GitLab before 13.2.3 Bypassing E-mail Verification in GitLab OAuth Flow Hexadecimal Branch Name Override Vulnerability Access Grants Not Revoked Vulnerability SSRF Vulnerability in GitLab Runner before 13.0.12, 13.1.6, 13.2.3 Improper Access Control for Deploy Tokens in GitLab Authentication Bypass Vulnerability in GitLab Versions Before 13.1.10, 13.2.8, and 13.3.4 Conan Package Upload Parameter Validation Vulnerability Session Token Revocation Vulnerability in GitLab Windows Mobile Device Management (MDM) Diagnostics Junction Handling Information Disclosure Vulnerability OAuth Authorization Scope Change Vulnerability in GitLab CE/EE 13.3.4 and Earlier Stored XSS Vulnerability in GitLab Standalone Vulnerability Page Session Revocation Vulnerability in GitLab Improper Permissions Verification Allows Unauthorized Access to Private Repository in GitLab Persistent Access Vulnerability in GitLab Versions before 13.1.10, 13.2.8, and 13.3.4 Project Invitation Link Not Invalidated Upon User Removal in GitLab GitLab Webhook Feature Denial of Service Vulnerability Session Persistence Vulnerability in GitLab: Bypassing 2-Factor Authentication Access Prohibition Vulnerability in GitLab: Impact on Users without 2 Factor Authentication Blind SSRF Vulnerability in GitLab's Repository Mirroring Feature SCOM Web Request Spoofing Vulnerability Denial of Service Vulnerability in GitLab Runner GitLab Wiki Parser Attack Vulnerability GitLab OAuth Endpoint Brute-Force Vulnerability Unauthorized Project Maintainer Can Edit Subgroup Badges in GitLab GitLab Omniauth Endpoint Content Injection Vulnerability Unrestricted Result Request Vulnerability in GitLab Profile Activity Page GitLab Vulnerability: Unauthorized Access to Disabled Repositories via Deploy-Token Insufficient Check in GitLab GraphQL API Allows Repository Deletion by Maintainer Cross-Account Assume Role Vulnerability in GitLab's EKS Integration Missing Permission Check for Adding Time Spent on an Issue in GitLab Remote Code Execution Vulnerability in Microsoft Excel Software Unauthorized Access to Project Security Dashboard in GitLab HTML Tag Bypass Vulnerability in GitLab Versions Prior to 13.1 Unauthorized Creation and Deletion of Deploy Tokens in GitLab Versions after 12.9 GitLab Vulnerability: Unauthorized Access to Private Merge Requests via Todos API Exposure Vulnerability in GitLab Versions Prior to 13.1 Unrestricted Comment Characters in GitLab Issue Page: Denial of Service Vulnerability Bypassing Github Project Import Restriction in GitLab Versions Prior to 13.1 Insecure Runner Configuration in Kubernetes Environments: GitLab Runner Vulnerability Stored XSS Vulnerability in GitLab PyPi Files API Stored XSS Vulnerability in GitLab Blob View Reparse Point Handling Vulnerability in Group Policy Services Stored XSS Vulnerability in GitLab's Bitbucket Project Import Feature Stored XSS Vulnerability in GitLab Wiki Pages Exponential Backtracking DOS Vulnerability in GitLab 13.1-13.3 Improper Authorization Checks in GitLab Allow Unauthorized Confidentiality Attribute Modification via GraphQL Account Deletion Vulnerability in GitLab >=7.12: Improper Group Membership Validation Stored XSS Vulnerability in GitLab's Error Tracking Feature Stored XSS Vulnerability in GitLab Group Name Stored Cross-Site Scripting Vulnerability in GitLab's Reference Editing XSS Vulnerability in GitLab SVG File Preview Windows Runtime Object Handling Elevation of Privilege Vulnerability Stored XSS Vulnerability in GitLab CI Job Log Insufficient Permission Check Vulnerability in GitLab Allows Unauthorized Deletions Vulnerability: Lack of Rate Limiting at Re-Sending Confirmation Email Unauthorized Access to Custom Project Templates in GitLab Insecure Session Key Storage in GitLab Allows Unauthorized User Authentication Critical Reflected XSS Vulnerability in GitLab: All Versions from 10.8 Affected Confidential Issue Disclosure Vulnerability in GitLab Versions Prior to 13.2.10, 13.3.7, and 13.4.2 Command Injection Vulnerability in Gitlab Runner with Docker Executor on Windows Bypassing CODEOWNERS Approval in GitLab EE Catastrophic Backtracking Vulnerability in GitLab EE Advanced Search Remote Code Execution Vulnerability in Microsoft Excel Software CSRF Vulnerability in GitLab CE/EE Allows Unauthorized Runner Control Insufficient Permission Checks in Scheduled Pipeline API in GitLab CE/EE 13.0+: Variable Disclosure Vulnerability GitLab CE/EE Version 10.2 and Above: Private Group Information Leakage Persistent Storage of One-Time Use Git Credentials in Gitaly 1.79.0 or Above Exponential Backtracking DOS Vulnerability in GitLab CE/EE (Versions 12.6 - 13.3.9) Path Traversal Vulnerability in GitLab CE/EE Allows Server Path Overwrite File Disclosure Vulnerability in GitLab CE/EE Versions 8.8.9 - 13.5.2 Unauthorized User Access to User List in Gitlab CE/EE Unauthorized Access to Private Projects in GitLab CE/EE (CVE-2021-22214) Object Storage Signed URL Exposure in GitLab CE/EE 12.10+ Allows Unauthorized Terraform State Overwrite Windows Kernel Elevation of Privilege Vulnerability Out-of-Bounds Access Vulnerability in QEMU's es1370_transfer_audio Function Out-of-Bounds Read Vulnerability in QEMU's megasas_lookup_frame Function Zyxel Products Backdoor Vulnerability: Remote TELNET Access via CGI Script Undocumented User Account Vulnerability in Zyxel Products Windows Print Spooler Service Elevation of Privilege Vulnerability Arbitrary File Upload and OS Command Execution in SecurEnvoy SecurMail 9.3.503 Directory Traversal Vulnerability in Loadbalancer.org Enterprise VA MAX through 8.3.8 OS Command Injection Vulnerability in Loadbalancer.org Enterprise VA MAX through 8.3.8 SSRF Incorrect Access Control in Grafana's Avatar Feature Microsoft Word Remote Code Execution Vulnerability SQL Injection Vulnerability in openSIS before 7.4 SQL Injection Vulnerability in openSIS through 7.4 Incorrect Access Control in openSIS through 7.4 Directory Traversal Vulnerability in openSIS through 7.4 Arbitrary PHP Code Execution in Monstra CMS 3.0.4 via Unblocked .php7 Filenames Inherited Write Permissions and Scheduled Task Vulnerability in SmartDraw 2020 Temporary Denial of Service Vulnerability in Pexip Infinity before 23.4 via H.323 Arbitrary Code Execution via YAML Configuration Loading in jw.util Package Buffer Overflow Vulnerability in Tenda Router's Web Server Windows Media Audio Codec Remote Code Execution Vulnerability Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server (httpd) Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server Out-of-Bounds Read Vulnerability in FreeRDP's ntlm_read_ChallengeMessage Uninitialized Value OOB Read Vulnerability in FreeRDP Out-of-Bounds Write Vulnerability in FreeRDP's crypto_rsa_common Package Metadata Spoofing Vulnerability in NuGetGallery IPv6 Router Advertisement Spoofing Vulnerability in Docker Engine ATOS/Sips Community Module for Magento: Command Injection Vulnerability Unauthenticated User Database Disclosure in Microweber before 1.1.20 Reflected and Stored XSS Vulnerability in Tufin SecureTrack < R20-2 GA Reflected and Stored XSS Vulnerability in Tufin SecureTrack < R20-2 GA Multiple Cross-Site Scripting (XSS) Vulnerabilities in Tufin SecureTrack Improper Exception Handling in MoscaJS Aedes 0.42.0 CSRF Vulnerability in Aviatrix Controller before 5.4.1204 Observable Response Discrepancy in Aviatrix Controller Allows User Enumeration via Brute Force Unused Credentials Vulnerability XML Signature Wrapping Vulnerability in Aviatrix Controller CSRF Vulnerability in Aviatrix Controller Allows Password Reset Attacks Incomplete Fix for Elevation of Privilege Vulnerability in Aviatrix VPN Client Cross-Site Scripting (XSS) Vulnerability in OpenIAM before 4.2.0.3 - Add New User Feature Directory Traversal Vulnerability in OpenIAM Batch Task (before 4.2.0.3) Microsoft Office Uninitialized Variable Information Disclosure Vulnerability Arbitrary Code Execution in OpenIAM before 4.2.0.3 via Groovy Script Incorrect Access Control for User Actions in OpenIAM before 4.2.0.3 Unauthenticated Administrative Actions in OpenIAM before 4.2.0.3 Multiple XSS Vulnerabilities in Form Builder 2.1.0 for Magento Authenticated Local File Disclosure Vulnerability in XCloner Component for Joomla! Vulnerability: Denial of Service via Battery Exhaustion in TrackR Devices Cross-Site Request Forgery (CSRF) Vulnerability in Multi-Scheduler Plugin 1.0.0 for WordPress Persistent XSS in Victor CMS 1.0 via admin/users.php?source=add_user Heap-Based Buffer Overflow in hxxx_AnnexB_to_xVC Function in VLC Media Player Cross-Site Scripting (XSS) Vulnerability in Pie Chart Panel Plugin for Grafana Token Exposure Vulnerability in Visual Studio Code Live Share Extension Cross-Site Scripting (XSS) Vulnerability in Grafana OpenTSDB Datasource Privilege Escalation Vulnerability in I2P before 0.9.46 Remote Code Execution Vulnerability in rejetto HFS v2.3m Build #300 SQL Injection Vulnerability in Jason2605 AdminPanel 4.0 via editPlayer.php Hidden Parameter Integer Overflow Vulnerability in SQLite's sqlite3_str_vappendf Function Segmentation Fault Vulnerability in SQLite 3.32.0 Invalid Read Vulnerability in ffjpeg's jfif_encode function Heap-Based Buffer Over-Read Vulnerability in ffjpeg's jfif_decode in jfif.c Windows WalletService Elevation of Privilege Vulnerability Invalid Write Vulnerability in ffjpeg's bmp_load function Remote Code Execution Vulnerability in DEXT5Upload Allows PHP File Upload Arbitrary Code Execution via File Upload in ExpressionEngine Information Disclosure Vulnerability in Liferay Portal and Liferay DXP Arbitrary Code Execution via Template API in Liferay Portal Command Injection Vulnerability in QuickBox Community and Pro Editions Gotenberg Markdown Engine Directory Traversal Vulnerability Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Directory Traversal Vulnerability in Gotenberg File Upload Function Gotenberg Office Rendering Engine Incomplete-Cleanup Vulnerability Insecure Permissions in Gotenberg's Tini File: Potential Denial of Service and Code Execution Vulnerability CSRF Vulnerability in Image Resizer Plugin for Craft CMS Stored XSS in Bulk Resize Action of Image Resizer Plugin for Craft CMS Windows Modules Installer File Operations Elevation of Privilege Vulnerability Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Tufin SecureTrack Username Enumeration Vulnerability in Tufin SecureTrack: Vendor Unresponsive Insecure Direct Object Reference (IDOR) Vulnerability in Tufin SecureChange Flash Memory Readout Vulnerability in Apex Microelectronics APM32F103 Devices Exploiting Flash Memory Readout Protection Vulnerability in China Key Systems & Integrated Circuit CKS32F103 Devices Debug Interface Vulnerability in Gigadevice GD32F103 Devices Power Glitch Exploit: Arbitrary Code Execution on STMicroelectronics STM32F103 Devices Exploiting Flash Memory Readout Protection Vulnerability in China Key Systems & Integrated Circuit CKS32F103 Devices Fault Injection Vulnerability in Gigadevice GD32F130 Devices Allows Unauthorized Debug Interface Escalation Exploiting Flash Memory Readout Protection in Gigadevice GD32VF103 Devices: Extracting Firmware via Debug Interface Windows Storage Services File Operations Elevation of Privilege Vulnerability Physical Attack Vector: Data Extraction via Probing and De-Obfuscation of Bonding Wires Power Glitch Exploit: Arbitrary Code Execution on Apex Microelectronics APM32F103 Devices DMA-based Firmware Extraction Vulnerability in Gigadevice GD32F103 Devices Local Privilege Escalation: Cleartext Password Exposure in NCH Express Accounts 8.24 and Earlier Privilege Escalation Vulnerability in NCH Express Accounts 8.24 and Earlier Reflected XSS Vulnerability in NCH Express Invoice 8.06 to 8.24 Quotes List Module Windows GDI Memory Disclosure Vulnerability HTML Injection Vulnerability in Verint Workforce Optimization (WFO) 15.2 via Send Email Feature Insecure TLS Certificate Verification in EM-HTTP-Request 1.1.5 Cross-Site Scripting (XSS) Vulnerability in Bitrix24 Web Application Firewall SSRF Vulnerability in Bitrix24 (CVE-2021-12345) IP Whitelist Bypass Vulnerability in Knock Knock Plugin for Craft CMS Craft CMS Knock Knock Plugin 1.2.8 Vulnerability: Malicious Redirection Stored XSS Vulnerability in bbPress Plugin for WordPress Outlook Object Memory Handling Remote Code Execution Vulnerability Heap Overflow Vulnerability in Pixar OpenUSD 20.05: Compressed Section Parsing in Binary USD Files Heap Overflow Vulnerability in Pixar OpenUSD 20.05 Parsing of Compressed String Tokens in Binary USD Files Arbitrary Out-of-Bounds Memory Access in Pixar OpenUSD 20.05 Arbitrary Out of Bounds Memory Access in Pixar OpenUSD 20.05 Arbitrary Out of Bounds Memory Access in Pixar OpenUSD 20.05 Arbitrary Out of Bounds Memory Access Vulnerability in Pixar OpenUSD 20.05 SQL Injection Vulnerability in eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Critical Remote Code Execution Vulnerability in Windows DNS Server SQL Injection Vulnerability in CHaD.asmx Web Service of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 SQL Injection Vulnerability in eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Unauthenticated SQL Injection Vulnerability in ednareporting.asmx Unauthenticated SQL Injection Vulnerability in ednareporting.asmx WinRing0x64 Driver Privileged I/O Read IRPs Information Disclosure Vulnerability in NZXT CAM 4.8.0 Windows Graphics Component Memory Object Handling Vulnerability WinRing0x64 Driver Privileged I/O Read IRPs Information Disclosure Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver Privileged I/O Read IRPs Information Disclosure Vulnerability in NZXT CAM 4.8.0 Privilege Escalation Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver Privilege Escalation Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver Privilege Escalation Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver Privilege Escalation Vulnerability in NZXT CAM 4.8.0's WinRing0x64 Driver IRP 0x9c40a148 Functionality WinRing0x64 Driver IRP 0x9c406144 Information Disclosure Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver IRP 0x9c406104 Information Disclosure Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver IRP 0x9c402084 Information Disclosure Vulnerability in NZXT CAM 4.8.0 Privilege Escalation Vulnerability in NZXT CAM 4.8.0's WinRing0x64 Driver IRP 0x9c402088 Functionality Windows USO Core Worker Elevation of Privilege Vulnerability Out of Bounds Memory Corruption Vulnerability in Pixar OpenUSD 20.05 SoftPerfect RAM Disk 4.1 - Arbitrary File Delete Vulnerability SoftPerfect RAM Disk 4.1 spvve.sys Driver Information Disclosure Vulnerability Pixar OpenUSD 20.05 Out-of-Bounds Memory Corruption Vulnerability SQL Injection Vulnerability in ProcessMaker 3.4.11: Exploiting the sort Parameter in /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax SQL Injection Vulnerability in Sort Parameter Handling in ProcessMaker 3.4.11 Authentication Bypass Vulnerability in Lantronix XPort EDGE Web Manager Information Disclosure Vulnerability in Lantronix XPort EDGE Web Manager and telnet CLI Systemd 245 Denial-of-Service Vulnerability: DHCP ACK Spoofing Attack Windows Runtime Object Handling Elevation of Privilege Vulnerability Denial-of-Service Vulnerability in EIP Stack Group OpENer 2.3 and Development Commit 8c73bf3 Use-after-free vulnerability in Pixar OpenUSD 20.08 allows arbitrary code execution Privilege Escalation Vulnerability in Dream Report 5 R20-2: Exploiting Syncfusion Dashboard Service Binary Replacement Privilege Escalation via Weak Registry Key Permissions in Dream Report 5 R20-2 Privilege Escalation via Weak Privileges in Dream Report 5 R20-2 Privilege Escalation Vulnerability in Kepware LinkMaster 3.0.94.0 Local Privilege Elevation Vulnerability in Moxa MXView Series 3.1.8 Installation Local Privilege Elevation Vulnerability in Moxa MXView Series 3.1.8 Installation Local Privilege Elevation Vulnerability in Win-911 Enterprise V4.20.13 via WIN-911 Mobile Runtime Service Windows UPnP Device Host Memory Handling Elevation of Privilege Vulnerability Win-911 Enterprise V4.20.13 File System Permissions Privilege Escalation Vulnerability Local Privilege Escalation Vulnerability in Mobile-911 Server V2.5 Local Privilege Elevation Vulnerability in LogicalDoc 8.5.1 Installation Remote Code Execution Vulnerability in Webkit WebKitGTK 2.30.0 via WebSocket Use-After-Free Sign Extension Vulnerability in SoftMaker Office 2021's TextMaker Document Parser Heap-based Memory Corruption in SoftMaker Office 2021's TextMaker Application Heap-based Buffer Overflow in SoftMaker Office TextMaker 2021 (revision 1014) Type Confusion Vulnerability in Foxit PDF Reader 10.1.0.37527 Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.0.37527 Local Privilege Escalation Vulnerability in Sytech XL Reporter v14.0.1 Windows Font Driver Host Remote Code Execution Vulnerability Local File Inclusion Vulnerability in Advantech WebAccess/SCADA 9.0.1 Installation Functionality Local Privilege Escalation Vulnerability in Advantech WebAccess/SCADA 9.0.1 via PostgreSQL Executable Local Privilege Escalation Vulnerability in Advantech WebAccess/SCADA 9.0.1 Advantech WebAccess/SCADA 9.0.1 File System Permissions Privilege Escalation Vulnerability Advantech WebAccess/SCADA 9.0.1 File System Permissions Privilege Escalation Vulnerability Advantech WebAccess/SCADA 9.0.1 File System Permissions Privilege Escalation Vulnerability Ethernet/IP Server Remote Code Execution Vulnerability Use After Free Vulnerability in Foxit PDF Reader 10.1.0.37527 Use After Free Vulnerability in WebKitGTK's AudioSourceProviderGStreamer FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028 Denial-of-Service Vulnerability Windows iSCSI Target Service File Operations Elevation of Privilege Vulnerability Use After Free Vulnerability in Foxit PDF Reader 10.1.0.37527 Allows Arbitrary Code Execution Accusoft ImageGear 19.8 TIFF Parser Out-of-Bounds Write Vulnerability Cross-Site Scripting (XSS) Vulnerability in phpGACL 3.3.7 Template Functionality Cross-Site Scripting (XSS) Vulnerability in phpGACL 3.3.7 Template Functionality Cross-Site Scripting (XSS) Vulnerability in phpGACL 3.3.7 Template Functionality Open Redirect Vulnerability in phpGACL, OpenEMR 5.0.2, and OpenEMR 6.0.0 SQL Injection Vulnerability in phpGACL 3.3.7: Remote Code Execution via admin/edit_group.php SQL Injection Vulnerabilities in phpGACL 3.3.7: Exploiting Specially Crafted HTTP Requests SQL Injection Vulnerability in phpGACL 3.3.7: admin/edit_group.php (action=Submit) POST Parameter parent_id SQL Injection Cross-Site Request Forgery Vulnerability in OpenEMR 5.0.2 and 6.0.0 Windows System Events Broker File Operations Elevation of Privilege Vulnerability Use-After-Free Vulnerability in Foxit PDF Reader 10.1.0.37527 Allows Arbitrary Code Execution SGI RLE Decompression Out-of-Bounds Write Vulnerability in Accusoft ImageGear 19.8 Accusoft ImageGear 19.8 GIF Parser Heap Overflow Vulnerability Denial-of-Service Vulnerability in Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3 Ethernet/IP Server Denial-of-Service Vulnerability in Genivia gSOAP 2.8.107 WS-Security Plugin Denial-of-Service Vulnerability in Genivia gSOAP 2.8.107 WS-Addressing Plugin Remote Code Execution Vulnerability in Genivia gSOAP 2.8.107 WS-Addressing Plugin Denial-of-Service Vulnerability in Genivia gSOAP 2.8.107 WS-Security Plugin Denial-of-Service Vulnerability in Genivia gSOAP 2.8.107 WS-Security Plugin Integer Overflow and Heap-Based Buffer Overflow in SoftMaker Office 2021's PlanMaker Application Windows Resource Policy Memory Handling Vulnerability Heap-based Buffer Overflow in SoftMaker Office 2021's PlanMaker Document Parsing Functionality Heap-based Buffer Overflow in SoftMaker Office PlanMaker 2021 (Revision 1014) Denial-of-Service Vulnerability in Micrium uC-HTTP 3.01.00 HTTP Server Denial-of-Service Vulnerability in Micrium uC-HTTP 3.01.00 HTTP Server Use-After-Free Remote Code Execution Vulnerability in WebKitGTK Browser Accusoft ImageGear 19.8 PSD Header Processing Out-of-Bounds Write Vulnerability Heap Buffer Overflow in SoftMaker Office PlanMaker 2021 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 Windows CNG Key Isolation Service Memory Handling Vulnerability SQL Injection Vulnerabilities in Rukovoditel Project Management App 2.7.2 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 Bluetooth Low Energy Secure Manager Protocol (SMP) Vulnerability: Unauthenticated Encrypted Session Hijacking Denial of Service Vulnerability in Espressif ESP-IDF 4.2 and Earlier: Bluetooth Low Energy (BLE) Controller Implementation Bluetooth Low Energy (BLE) Controller Vulnerability in Espressif ESP-IDF 4.0-4.2 Improper URL Encoding in Django Admin ForeignKeyRawIdWidget Allows XSS Attack Information Disclosure Vulnerability in Calico and Calico Enterprise Clusters with Unused IPv6 Stack-based Buffer Overflow in Zephyr FAT_FS when Enabling Long File Names and Calling fs_stat Incorrect Default Permissions in Zephyr versions >= 1.14.2, >= 2.3.0 (CWE-276) Windows Profile Service File Operations Vulnerability Heap-based Buffer Overflow in eswifi SPI Response Out-of-bounds Read Vulnerability in Zephyr DNS Read Remote Denial of Service Vulnerability in LwM2M do_write_op_tlv Integer Overflow in Memory Allocating Functions in Zephyr versions >= 1.14.2, >= 2.4.0 (CWE-190) Memory Information Disclosure Vulnerability in Windows WalletService TLS Implementation in Axel before 2.17.8 Lacks Hostname Verification Missing Hostname Verification for X.509 Certificates in Qore Socket Library Lack of TLS Hostname Verification in Pichi before 1.3.0 Improper Memory Handling in Mitel MiVoice SIP Phones Web UI Component Code Execution Vulnerability in Locutus PHP through 2.0.11 via php/exec/escapeshellarg Windows WalletService Elevation of Privilege Vulnerability CSRF Vulnerability in Fastweb FASTGate GPON FGA2130FWB Devices Denial of Service Vulnerability in JerryScript 2.2.0 via Proxy Object Property Key Query Denial of Service Vulnerability in JerryScript 2.2.0 via Proxy Operation PHPMailer File Attachment Double Quote Output Escaping Vulnerability OnePlus App Locker Authorization Bypass Vulnerability Cross-site scripting (XSS) vulnerability in Centreon host-monitoring, service-monitoring, and tactical-overview widgets Cross-site scripting (XSS) vulnerability in Centreon host-monitoring, service-monitoring, and tactical-overview widgets Windows Picker Platform Elevation of Privilege Vulnerability Use-after-free vulnerability in SQLite's fts3EvalNextRow function related to snippet feature Virtual Table Renaming Vulnerability in SQLite NULL Pointer Dereference in SQLite's fts3_snippet.c Cross-Site Scripting (XSS) Vulnerability in Fork CMS before 5.8.3 via navigation_title or title Unvalidated Input Values Vulnerability in Windows Master 7.99.13.604 Cleartext Storage of Encryption Keys in Stashcat App Authentication Bypass and Administrator Account Creation in rConfig 3.9.x before 3.9.7 Stored XSS Vulnerability in OutSystems ECT Provider File Handling Denial of Service Vulnerability in WalletService SQL Injection Vulnerability in gVectors wpDiscuz Plugin 5.3.5 and Earlier for WordPress Unauthenticated Remote Code Execution in Real-Time Find and Replace Plugin for WordPress Unauthenticated Remote Code Execution in SiteOrigin Page Builder Plugin for WordPress Unauthenticated Remote Code Execution in SiteOrigin Page Builder Plugin Unprotected AJAX Action Allows Injection of Malicious JavaScript in Accordion Plugin for WordPress Vulnerability: Insecure TLS Certificate Verification in GNOME glib-networking Unvalidated Input Values in Cheetah Free WiFi 5.1 Driver File (liebaonat.sys) Leading to Denial of Service or Other Impact Out-of-Memory Error Handling Vulnerabilities in JerryScript 2.2.0 Windows Event Logging Service Memory Handling Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in DigDash 2018R2 and 2019R1 Remote Code Execution via Rogue JNLP File in DigDash Cross-Site Scripting (XSS) Vulnerability in DigDash Login Menu XSS Vulnerability in Zimbra Collaboration Suite Webmail Component Improper Escaping in XWiki Platform Property Displayer XSS Vulnerability in Collabtive 3.0 and Later: managefile.php Array Bounds Checking Vulnerability in Morgan Stanley Hobbes through 2020-05-21 Local Privilege Escalation Vulnerability in Avast Free Antivirus and AVG AntiVirus Free CSRF Vulnerability in Lansweeper 8.0.130.17 Web Console Allows Privilege Escalation NULL Pointer Dereference in address_space_map in QEMU 4.2.0 Windows Print Workflow Service Elevation of Privilege Vulnerability XSS Vulnerability in CMS Made Simple through 2.2.14 via Crafted File Picker Profile Name Arbitrary Program Execution Vulnerability in Telerik Fiddler 5.0.20202.18177 Open Redirect Vulnerability in Drupal Core 7.70 and Prior Versions Cross-Site Request Forgery Vulnerability in Drupal Core Form API Arbitrary PHP Code Execution Vulnerability in Drupal Core (CVE-2020-13671) Access Bypass Vulnerability in Drupal Core JSON:API Configuration Drupal Core JSONP Cross-Site Scripting Vulnerability Access Bypass Vulnerability in Drupal Core Workspaces HTML Rendering Vulnerability in Drupal Core XSS Vulnerability in ckeditor of Drupal Core (CVE-2020-13671) Windows Kernel Object Memory Handling Vulnerability Information Disclosure Vulnerability in Drupal Core File Module File Extension Mismatch Vulnerability in Drupal Core Drupal Core XSS Vulnerability in Sanitization API Cross-Site Scripting (XSS) Vulnerability in Entity Embed Module Cross-Site Request Forgery Vulnerability in QuickEdit Module Access Bypass Vulnerability in Drupal's JSON:API and REST/File Modules Unintended Disclosure of Field Data in QuickEdit Module Unintended Access Bypass in Drupal Core JSON:API Module Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability Cross-Site Scripting Vulnerability in Drupal Core Windows WalletService Elevation of Privilege Vulnerability XXE Vulnerability in PostgreSQL JDBC Driver (PgJDBC) before 42.2.13 Unauthenticated Privilege Escalation in bbPress Plugin for WordPress Privilege Escalation: Arbitrary OS Command Execution via sudo mysql Privilege Escalation via Sudo Privileges in QuickBox Community and Pro Edition Unprivileged Filesystem Path Disclosure and Arbitrary File Open Vulnerability in LinuxTV xawtv Reflected XSS Vulnerability in RouterNanoHTTPD Arbitrary Parameter Injection in TeamViewer Desktop for Windows Windows Runtime Object Handling Elevation of Privilege Vulnerability Insecure Direct Object Reference in acf-to-rest-api Plugin for WordPress Rolling Proximity Identifier Vulnerability: Circumvention of Bluetooth Smart Privacy via Secondary Temporary UID Windows Event Logging Service Elevation of Privilege Vulnerability Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Windows Remote Desktop Client Windows COM Server Elevation of Privilege Vulnerability Vulnerability: Sandbox Bypass in WebKitGTK and WPE WebKit Out-of-Bounds Access Vulnerability in QEMU 4.2.0 via Crafted Address in MSI-X MMIO Operation Remote Code Execution in Sabberworm PHP CSS Parser before 8.3.1 via Uncontrolled Data Evaluation Leading Null Byte Ignored in Python-RSA Decryption XSS Vulnerability in Bitrix24 Web Application Firewall through 20.0.950 Memory Access Vulnerability in rust-vmm vm-memory Elevation of Privilege Vulnerability in fdSSDP.dll CSRF Vulnerability in Joomla! before 3.9.19 Cross-Site Scripting (XSS) Vulnerability in Joomla! Modules Cross-Site Scripting (XSS) Vulnerability in Joomla! before 3.9.19 HTML Injection Vulnerability in Joomla! before 3.9.19 Password Leakage in Gravity Forms Plugin for WordPress Invalid Memory Copy Vulnerability in QEMU 4.0 and 4.1.0 Insufficient Access Control in Mitel MiCollab iOS App: Unauthorized File and Folder Access Stack-based Buffer Overflow in MiniShare before 1.4.2 via HTTP PUT Request SQL Injection Vulnerability in Ivanti Endpoint Manager through 2020.1 via LDMS/alert_log.aspx Windows Kernel API Elevation of Privilege Vulnerability Privilege Escalation via Named Pipes in Ivanti Endpoint Manager DLL Hijacking Vulnerability in Ivanti Endpoint Manager Components Information Disclosure Vulnerability in Ivanti Endpoint Manager through 2020.1.1 Cross-Site Scripting (XSS) Vulnerabilities in Ivanti Endpoint Manager Unrestricted File Upload Vulnerability in Ivanti Endpoint Manager ZNC 1.8.0 up to 1.8.1-rc1 Vulnerability: Authenticated Users Can Trigger Application Crash Privilege Escalation via Numerical Usernames in systemd Vulnerability: Incorrect Cryptography in GnuTLS Session Ticket Encryption Authenticated Code Execution Vulnerability in rConfig 3.9.4 and Earlier Windows Kernel API Elevation of Privilege Vulnerability Command Injection Vulnerability in D-Link DIR-865L Ax 1.20B01 Beta Devices Cleartext Storage of Sensitive Information in D-Link DIR-865L Ax 1.20B01 Beta Devices Predictable Seed Vulnerability in D-Link DIR-865L Ax 1.20B01 Beta Devices Weak Encryption Vulnerability in D-Link DIR-865L Ax 1.20B01 Beta Devices CSRF Vulnerability in D-Link DIR-865L Ax 1.20B01 Beta Devices Cleartext Transmission of Sensitive Information in D-Link DIR-865L Ax 1.20B01 Beta Devices SSRF Vulnerability in Harbor Prior to 2.0.1 Allows Port Scanning Windows Media Foundation Memory Corruption Vulnerability Heap-Based Buffer Over-read in libjpeg-turbo and mozjpeg via Malformed PPM Input File Out-of-Bounds Access Vulnerability in QEMU 4.2.0 Local File Inclusion Vulnerability in PlayTube 1.8 via ajax.php?type=../admin-panel/autoload&page=manage-users Static, Hard-Coded Encryption Key Vulnerability in Ivanti DSM Netinst 5.1 Harbor Vulnerability: Unauthorized Exposure of Sensitive Information Directory Traversal Vulnerability in Navigate CMS 2.8.7 Cross-Site Scripting (XSS) Vulnerability in Navigate CMS 2.8.7 Cross-Site Scripting (XSS) Vulnerability in Navigate CMS 2.8.7 Cross-Site Scripting (XSS) Vulnerability in Navigate CMS 2.8.7 Security Vulnerability in RPMB Protocol: Threats to Trusted Firmware and Storage Devices Remote Code Execution Vulnerability in Internet Explorer's Scripting Engine Infinite Recursion Vulnerability in QEMU 4.2.0 ATI VGA Driver OS Command Injection Vulnerability in Rebar3 Dependency Specification Signature Validation Bypass in Foxit PhantomPDF and Foxit Reader for Mac Hardcoded Username and Password Disclosure in Foxit Reader and PhantomPDF DocuSign Plugin Unlimited Login Failures in Foxit Reader and PhantomPDF Use-After-Free Vulnerability in Foxit Reader and PhantomPDF Circular Reference Mishandling Vulnerability in Foxit Reader and PhantomPDF Resource Consumption Vulnerability in Foxit Reader and PhantomPDF Resource Consumption Vulnerability in Foxit Reader and PhantomPDF Windows Graphics Component Elevation of Privilege Vulnerability Signature Validation Bypass in Foxit Reader and PhantomPDF Out-of-Bounds Write Vulnerability in Foxit Studio Photo Local Privilege Escalation Vulnerability in Foxit Studio Photo Privilege Escalation Vulnerability in Foxit Studio Photo Use-after-free vulnerability in Foxit Reader and PhantomPDF before 9.7.1 Stack Consumption Vulnerability in Foxit Reader and PhantomPDF NTPd Vulnerability: Denial of Service via Spoofed Packets Directory Traversal Bypass Vulnerability in Zoho ManageEngine OpManager before 125144 Unauthenticated Reflected XSS Vulnerability in Extreme EAC Appliance 8.4.1.24 Windows Graphics Component Elevation of Privilege Vulnerability Unauthenticated Reflected XSS Vulnerability in Extreme Management Center 8.4.1.24 Reflected Cross-Site Scripting (XSS) Vulnerability in HiveMQ Broker Control Center 4.3.2 ECDSA Signature Malleability in Elliptic Package 6.5.2 for Node.js Cross-Site Scripting (XSS) Vulnerability in i-doit 1.14.2 Arbitrary Command Execution via CSV Injection in i-doit 1.14.2 Cross-Site Scripting (XSS) Vulnerability in phpList before 3.5.4 Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Dolibarr 11.0.4 SEAndroid Protection Bypass Vulnerability on Samsung Mobile Devices (SVE-2019-15998) Information Disclosure Vulnerability in RPC with Routing and Remote Access Enabled Samsung One UI HOME Information Leakage Vulnerability Arbitrary Memory Mapping Vulnerability in Samsung Mobile Devices with Exynos 7570 Chipsets Widevine Trustlet Memory Disclosure Vulnerability on Samsung Mobile Devices Arbitrary File Overwrite Vulnerability on Samsung Mobile Devices (SVE-2020-17183) Insecure Use of Android Debug Bridge (adb) in Samsung Secure Folder (SVE-2020-17369) Brute-Force Attack Vulnerability in Samsung Mobile Devices (SVE-2020-16908) Path Traversal Vulnerability in Samsung Mobile Devices (SVE-2020-16954) Lockscreen Bypass Vulnerability on Samsung Mobile Devices with Q(10.0) Software DeX Lockscreen Bypass Vulnerability on Samsung Mobile Devices LG Mobile Devices with Android OS 7.2-10 (MTK Chipsets) Custom AT Command Handler Buffer Overflow Vulnerability Windows CNG Key Isolation Service Memory Handling Vulnerability MTK AT Command Handler Buffer Overflow Vulnerability on LG Mobile Devices LG Mobile Devices with Android OS 9 and 10 (MTK Chipsets) AT Command Bypass Vulnerability LG Mobile Devices with Android OS 7.2-10 (MTK Chipsets) Vulnerability: Dangerous Unused AT Command LG Mobile Devices Denial of Service Vulnerability Straight-Line Speculation Vulnerability in Arm Armv8-A Core Implementations Improper Validation of Image Integrity in Sylabs Singularity 3.0-3.5 Unreported Error in Status Code Handling in Sylabs Singularity 3.5.0-3.5.3 Integrity Check Vulnerability in Sylabs Singularity 3.0 through 3.5 Denial of Service Vulnerability in Portable UPnP SDK (libupnp) 1.12.1 and Earlier Denial of Service Vulnerability in MQTT Protocol 3.1.1 Windows Credential Picker Elevation of Privilege Vulnerability Inadequate Access Controls in Artica Pandora FMS 7.44 Web Folder Remote Command Execution in Artica Pandora FMS 7.44 via Events Feature Arbitrary File Upload Vulnerability in Artica Pandora FMS 7.44 Persistent XSS in Artica Pandora FMS 7.44 Messages Feature Privilege Escalation Vulnerability in Artica Pandora FMS 7.44 Arbitrary File Upload Vulnerability in Artica Pandora FMS 7.44 Unauthenticated Access to Sensitive Information on Mofi Network MOFI4500-4GXeLTE Devices Unauthenticated Reboot Vulnerability in Mofi Network MOFI4500-4GXeLTE Devices Undocumented Administrator Accounts with Non-Unique Passwords on Mofi Network MOFI4500-4GXeLTE Devices Undocumented System Account Allows Unauthorized Access to MOFI4500-4GXeLTE Management Interface Windows Connected User Experiences and Telemetry Service Information Disclosure Vulnerability Predictable One-Time Password Algorithm in Mofi Network MOFI4500-4GXeLTE 4.0.8-std Devices Header Injection Vulnerability in Mitel MiCollab SAS Portal Stored XSS Vulnerability in Elementor Page Builder Plugin for WordPress Multiple Stored XSS Vulnerabilities in Elementor Page Builder Plugin for WordPress Insecure Permissions in WinGate v9.4.1.5998 Installation Directory Allows Privilege Escalation Weak Permissions in Open-iSCSI targetcli-fb for /etc/target and Backup Files CSRF Vulnerability in Comments Plugin for Craft CMS Stored XSS Vulnerability in Comments Plugin for Craft CMS Windows Push Notification Service Elevation of Privilege Vulnerability Stored XSS Vulnerability in Comments Plugin for Craft CMS Use-After-Free Vulnerability in SQLite 3.32.2's resetAccumulator Function 0.0.0.0 Listener Vulnerability in Royal TS before Version 5 SQL Injection Vulnerability in Codoforum Allows Remote Code Execution SQL Injection Vulnerability in ResourceXpress Meeting Monitor 4.9 IrfanView B3D PlugIns Heap-Based Out-of-Bounds Write Vulnerability IrfanView B3D PlugIns Heap-Based Out-of-Bounds Write Vulnerability Windows Elevation of Privilege Vulnerability in psmsrv.dll IrfanView B3D PlugIns Heap-Based Out-of-Bounds Write Vulnerability TACACS+ Shared Secret Leakage via syslog in pam_tacplus Incorrect Access Control due to TOCTOU Race Condition in CISOfy Lynis before 3.0.0 XML External Entity (XXE) Vulnerability in WSO2 API Manager, API Microgateway, and IS Key Manager Insecure Permissions and Unquoted Path Vulnerability in Citrix Workspace App on Windows Insecure Permissions in Citrix Workspace App on Windows Allows Privilege Escalation During Uninstallation Directory Traversal Vulnerability in Intelbras TIP 200, TIP 200 LITE, and TIP 300 Devices Remote Command Execution Vulnerability in Kordil EDMS through 2.2.60rc3 Stored XSS Vulnerability in Kordil EDMS 2.2.60rc3 Cross-Site Scripting (XSS) Vulnerability in Bludit 3.12.0 Administration Panel's showAlert() Function Windows Kernel Memory Initialization Vulnerability XSS Vulnerability in Neon Theme 2.0 for Bootstrap via Add Task Input Operation Unauthorized Access to Authorization Tokens in Mattermost Mobile Apps SportsPress Plugin XSS Vulnerability in WordPress Stored Cross-Site Scripting (XSS) Vulnerabilities in Sage EasyPay 10.7.5.10 through Unicode Transformations Arbitrary File Download Vulnerability in DEXT5 Editor through 3.5.1402961 Weak ECDSA Signature Verification in Crypt::Perl Information Disclosure Vulnerability in Maipu MP1800X-50 7.5.3.14(R) Web Interface Reflected XSS Vulnerability in HESK before 3.1.10 NULL Pointer Dereference in janus-gateway's janus_sdp_process Information Disclosure Vulnerability in Janus WebRTC Server Windows Network Connections Service Elevation of Privilege Vulnerability NULL Pointer Dereference in janus-gateway's janus_sdp_preparse Function Stack-based Buffer Overflow in janus-gateway's janus_sdp_merge Function Heap-Based Buffer Over-read Vulnerability in ImageMagick 7.0.9-27 through 7.0.10-17 Use-after-free vulnerability in FFmpeg 2.8 and 4.2.3 via crafted EXTINF duration in m3u8 file User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000038ed4 User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000038eb7 Ignition Component Global Variable Injection Vulnerability Windows Agent Activation Runtime Memory Object Handling Vulnerability Out-of-Bounds Read Vulnerability in Pengutronix Barebox through v2020.05.0 XSS Vulnerability in Online Shop 1.8.0 via Change Name or Change Surname Operation Privilege Escalation Vulnerability in SolarWinds Advanced Monitoring Agent Unauthenticated Remote Code Execution via XSS in Ruckus Wireless Unleashed Ruckus Wireless Unleashed Webserver Denial of Service Vulnerability Remote Code Execution Vulnerability in Ruckus Wireless Unleashed Devices Remote Code Execution Vulnerability in Ruckus Wireless Unleashed Devices Command Injection and Jailbreak Vulnerability in Ruckus Wireless Unleashed (CVE-2021-12345) Unauthenticated Remote Information Leakage in Ruckus Wireless Unleashed Devices Command Injection Vulnerability in Ruckus Wireless Unleashed through 200.7.10.102.92 Windows Delivery Optimization Service Elevation of Privilege Vulnerability Apache ActiveMQ JMX RMI Registry Unauthenticated Rebind Vulnerability SQL Injection Vulnerability in Wildcard Query Cases Apache DolphinScheduler Prior to 1.3.2 API Password Override Vulnerability Apache OFBiz Ecommerce Component Order Processing IDOR Vulnerability Directory Traversal Vulnerability in Apache Ambari Versions 2.6.2.2 and Earlier Remote Code Execution Vulnerability in Kylin Restful API SQL Injection Vulnerability in Kylin 2.0 - 3.0.9 Allows Remote Code Execution Default setting for Airflow's Experimental API allows unauthenticated requests, posing security risks Apache Atlas XSS Vulnerability Apache Zeppelin Authentication Bypass Vulnerability Windows Diagnostics Hub Elevation of Privilege Vulnerability Unauthenticated JMX Port Vulnerability in Apache TomEE with Misconfigured ActiveMQ Broker XSS Vulnerability in Apache ActiveMQ Artemis MQTT Packet Handling Authentication Bypass Vulnerability in Apache Shiro HTTP/2 OutOfMemoryException Denial of Service Vulnerability in Apache Tomcat WebSocket Frame Payload Length Validation Vulnerability Remote Code Execution via Velocity Template Modification Unauthenticated Information Disclosure in Apache Kylin Unprivileged Local Users Can Stop Apache HTTP Server on Windows (Versions 2.4.0 to 2.4.46) Windows Geolocation Framework Elevation of Privilege Vulnerability XML External Entity (XXE) Vulnerability in Apache NiFi 1.0.0 to 1.11.4 Unvalidated Location Parameter in Replication Handler Allows Unauthorized Access and Modification Apache Unomi 1.5.2 Vulnerability: Remote Code Execution via /context.json Endpoint HTTP/2 Header Injection Vulnerability XSS Vulnerability in Apache Airflow < 1.10.12 Trigger Endpoint Vulnerability: Unauthorized Access to Apache APISIX Management Data Apache Cassandra JMX Interface Man-in-the-Middle Vulnerability Cross-Site Scripting Vulnerability in Apache ActiveMQ Administration Console Arbitrary Access to Python's `os` Package in Apache Superset (CVE-2021-38114) Apache Thrift Denial of Service Vulnerability Windows Speech Brokered API Memory Handling Elevation of Privilege Vulnerability Apache HTTP Server Denial of Service Vulnerability Denial of Service Vulnerability in Apache OpenMeetings 4.0.0-5.0.0 via Public NetTest Web Service Vulnerability: Information Disclosure and Privilege Escalation in Apache Superset Apache Tapestry 5.4.0 to 5.5.0 - File Download Vulnerability Apache CXF Reflected Cross-Site Scripting (XSS) Vulnerability via /services Page Vulnerability: Insecure Hostname Verification in HttpUtils#getURLConnection Method Misinterpretation of Malformed Authority Component in Apache HttpClient Unauthenticated Remote Code Execution Vulnerability in Apache Solr Unconditional Hyperlink Execution Vulnerability in Apache OpenOffice Reflected XSS Vulnerability in VelocityView's Default Error Page Windows ALPC Elevation of Privilege Vulnerability Default DNS Resolver Search Path Vulnerability in D-Link DSL 2730-U and DIR-600M Devices Template Injection Vulnerability in Strapi before 3.0.2 Denial of Service Vulnerability in Qt's OpenSSL Error Queue Handling Insecure Access Control in SOPlanning before 1.47 Cross-Site Scripting (XSS) Vulnerability in Roundcube Webmail XSS Vulnerability via Malicious XML Attachment in Roundcube Webmail SQL Injection Vulnerability in CRK Business Platform <= 2019.1 via 'strSessao' Parameter Reflected XSS Vulnerability in CRK Business Platform <= 2019.1 via erro.aspx Windows Imaging Component Memory Object Handling Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in Shopware's Mediabrowser upload by URL Feature Persistent XSS vulnerability in Shopware before 6.2.3 allows authenticated users to upload malicious SVG images containing JavaScript, leading to unauthorized access and execution of code. XSS Vulnerability in Enghouse Web Chat 6.2.284.34 via WebServiceLocation Parameter (CVE-2019-16951) XSS Vulnerability in OWASP json-sanitizer before 1.2.1 Integer Overflow in drivers/tty/vt/keyboard.c Remote Command Execution Vulnerability in DD-WRT Arbitrary Code Execution via Nagios 4.4.5 JSON CGIs Configuration Vulnerability Arbitrary OS Command Execution Vulnerability in Monstra CMS 3.0.4 Windows Lockscreen Elevation of Privilege Vulnerability Cross-Site Scripting (XSS) Vulnerability in OpenCart 3.0.3.3 Image Upload Section Infinite Loop Vulnerability in Contiki's uIP TCP/IP Stack Component Memory Corruption Vulnerability in uIP TCP/IP Stack Component Infinite Loop Vulnerability in Contiki's uIP TCP/IP Stack Component Out-of-Bounds Read Vulnerability in uIP TCP/IP Stack Component Integer Overflow in uIP TCP/IP Stack when Parsing TCP MSS Options Windows Runtime Object Handling Elevation of Privilege Vulnerability Control Flow Hijacking Vulnerability in JerryScript 2.2.0 Stored XSS Vulnerability in Mods for HESK Allows Session Abuse Blind Time-Based SQL Injection Vulnerability in Mods for HESK Remote Code Execution via Improper Access Control in Mods for HESK Buffer Overflow Vulnerability in U.S. Air Force Sensor Data Management System extract75 SQL Injection Vulnerability in J2Store Plugin for Joomla! Database Password Leakage in Shopware 6.2.3 Unauthenticated User Enumeration in Citrix XenApp 6.5 with 2FA Enabled Integer Overflow Vulnerability in ScaleViewPortExtEx Function in libEMF Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution via Untrusted Project.json Files in MIT Lifelong Kindergarten Scratch Unintended Read Access and Code Execution in kramdown Gem (CVE-2021-23456) Observable Discrepancy in PuTTY Algorithm Negotiation Leads to Information Leak Arbitrary File Permission Change Vulnerability in Icinga2 Arbitrary Code Execution Vulnerability in SolarWinds Orion SolarWinds Orion XSS Vulnerability via Responsible Team Cross-Site Scripting (XSS) Vulnerability in Solarwinds Orion Alert Definition Name Remote Code Execution Vulnerability in Zoho ManageEngine Applications Manager Email Attachment Bypass Vulnerability in Proofpoint Enterprise Protection Jet Database Engine Remote Code Execution Vulnerability Reflected XSS Vulnerability in Laborator Xenon Theme 1.3 for WordPress Default Installation Vulnerability in Lansweeper 6.0.x through 7.2.x XSS Vulnerability in osTicket 1.14.2: Agent-level Attack via Knowledgebase Category Name or Description Reflected XSS Vulnerability in Navigate CMS 2.8 and 2.9 r1433 Unauthenticated Password Reset Vulnerability in Navigate CMS 2.9 r1433 User Enumeration Vulnerability in Navigate CMS 2.9 r1433 Clear-text Storage of Sessions in Navigate CMS 2.9 r1433 Stored XSS Vulnerability in Navigate CMS 2.9 r1433: User and E-Mail Fields Weak Permissions for saveconfig.json in Open-iSCSI rtslib-fb through 2.1.72 Windows ActiveX Installer Service Elevation of Privilege Vulnerability ASP.net SMS Module Path Traversal Vulnerability Unrestricted File Upload Vulnerability in Ozeki NG SMS Gateway SSRF Vulnerability in Ozeki NG SMS Gateway 4.17.6 via SMS WCF or RSS To SMS Multiple Authenticated Stored and Reflected XSS Vulnerabilities in Ozeki NG SMS Gateway 4.17.6 CSRF Vulnerabilities in Ozeki NG SMS Gateway 4.17.6 CSV Injection in Export of Contacts Feature in Ozeki NG SMS Gateway Vulnerability: Unsafe Database Connection Strings in Ozeki NG SMS Gateway Path Traversal Vulnerability in Ozeki NG SMS Gateway Autoreply Module's Script Name XML External Entity (XXE) Vulnerability in Ozeki NG SMS Gateway VBScript Engine Memory Object Handling Remote Code Execution Vulnerability Arbitrary Code Execution via Deserialization in Ozeki NG SMS Gateway Vulnerability: File Deletion via Ozeki NG SMS Gateway's TXT File Module Privilege Escalation Vulnerability in ASRock 4x4 BOX-R1000 BIOS (before P1.40) via SMM Code Execution Buffer Overflow in janus-gateway: Exploiting a Crafted RTSP Server Buffer Overflow Vulnerability in janus-gateway (aka Janus WebRTC Server) through 0.10.0 Incomplete X.509 Certificate Verification in Go (CVE-2020-28362) Windows Runtime Object Handling Elevation of Privilege Vulnerability Infinite Loop Vulnerability in x/text Package for Go Codiad v1.7.8 and Later: Unsanitized Folder Name XSS Vulnerability CSRF Vulnerability in Codiad v1.7.8 and Later: Remote Code Execution via Marketplace Plugin Download Server-Side Request Forgery (SSRF) Vulnerability in Unsupported Codiad Versions Remote Unauthenticated Attackers Can Manipulate Installation Status in Zoho ManageEngine ServiceDesk Plus Viber for Windows Custom URI Handler Vulnerability Windows Mobile Device Management (MDM) Diagnostics Junction Handling Elevation of Privilege Vulnerability SQL Injection Vulnerability in SOKKIA GNR5 Vanguard WEB Version 1.2 Stored Cross-Site Scripting Vulnerability in Monsta FTP 2.10.1 or Below Server-Side Request Forgery Vulnerability in Monsta FTP 2.10.1 and Below Arbitrary File Read/Write Vulnerability in Monsta FTP 2.10.1 and Below Denial of Service Vulnerability in Squid's TLS Connection Handling Denial of Service Vulnerability in Squid 5.x Windows Network List Service Elevation of Privilege Vulnerability Vulnerability: FasterXML jackson-databind 2.x Deserialization RCE via JNDIConnectionPool Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Stored Cross-Site Scripting (XSS) Vulnerability in TC Custom JavaScript Plugin for WordPress Incorrect Access Control in IceWarp Email Server 12.3.0.1: A Critical Vulnerability IceWarp Email Server 12.3.0.1 File Upload and Disk Space Consumption Vulnerability IceWarp Email Server 12.3.0.1 Remote JavaScript File Upload Vulnerability ZIP Archive File Upload Vulnerability in Navigate CMS 2.9 SQL Injection Vulnerability in MK-AUTH 19.01's Web Login Functionality SQL Injection Vulnerabilities in MK-AUTH 19.01 Jet Database Engine Remote Code Execution Vulnerability Authentication Bypass Vulnerability in MK-AUTH 19.01 XSS Vulnerabilities in MK-AUTH 19.01 Allow Arbitrary JavaScript Code Execution Command Execution Vulnerability in MK-AUTH 19.01 Cross-Site Scripting (XSS) Vulnerability in PRTG Network Monitor 20.1.56.1574 via Crafted Map Properties Stack-based buffer overflow in TRENDnet TEW-827DRU ssi binary allows arbitrary code execution Command Injection Vulnerability in TRENDnet TEW-827DRU Devices (2.06B04) Stack-based Buffer Overflow in TRENDnet TEW-827DRU Devices (2.06B04) via ssi Binary Stack-based Buffer Overflow in TRENDnet TEW-827DRU ssi Binary Stack-based Buffer Overflow in TRENDnet TEW-827DRU ssi Binary Stack-based Buffer Overflow in TRENDnet TEW-827DRU ssi Binary Windows Font Library Remote Code Execution Vulnerability Stack-based Buffer Overflow in TRENDnet TEW-827DRU ssi Binary Command Injection Vulnerability in TRENDnet TEW-827DRU Devices (CVE-2021-XXXX) DirectWrite Object Memory Handling Remote Code Execution Vulnerability SQL Injection Vulnerability in CodePeople Payment Form for PayPal Pro Plugin IMAP Man-in-the-Middle Attack in Mutt before 1.14.3 Xiaomi Router R3600 ROM <1.0.20 Web Interface Injection Vulnerability Xiaomi Router R3600 Web Interface Injection Vulnerability Memory Overflow Vulnerability in Xiaomi AI Speaker Rom Version <1.59.6 during OTA Firmware Verification Unauthorized Path Download Vulnerability in Xiaomi Router AX6 ROM version < 1.0.18 Time Synchronization Vulnerability in Xiaomi Router AX1800rom and RM1800 Root Hard-coded Encryption Key Vulnerability in Xiaomi Router AX1800 and RM1800 Windows Address Book Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Xiaomi Router R3600 ROM Version<1.0.66 Token Leakage Vulnerability in Xiaomi Router AX1800rom and RM1800 Root Command Injection Vulnerability in Xiaomi Router AX1800rom and RM1800 Root SNO Information Disclosure Vulnerability in Xiaomi 10 MIUI < 2020.01.15 Race Condition Vulnerability in XQBACKUP Leads to Decompression Path Error on Xiaomi Router AX3600 (ROM Version 1.0.50) SNO Information Disclosure Vulnerability in Xiaomi 10 MIUI < 2020.01.15 Unauthorized Access to Running Processes in Xiaomi Mobile Phone MIUI < 2021.01.26 LAN Crash Vulnerability: Exploiting Stack Overflow in Cast's HTTP Server Command Injection Vulnerability in Xiaomi Router AX3600 (ROM version =< 1.1.12) Allows Remote Command Execution with Administrator Privileges Windows Kernel Object Handling Elevation of Privilege Vulnerability AX3600 Router Luci Interface Vulnerability: Unauthorized Access to Sensitive Information and Web Background Command Injection Vulnerability in Xiaomi Router AX3600 Xiaomi Router AX6000: Information Leak Vulnerability Xiaomi SmartHome APP: Information Leakage Vulnerability Command Injection Vulnerability in Xiaomi Router AX3600 Intent Redirection Vulnerability in Mi Browser: Exploiting Unverified Incoming Data for Sensitive Operations Improper Permission Configuration Vulnerability in Xiaomi Content Center APP Intent Redirection Vulnerability in Mi App Store Allows Automatic Installation of Apps Command Injection Vulnerability in Xiaomi Router AX3600 (rom< 1.1.12) - Remote Code Execution Memory Object Handling Vulnerability in Microsoft Graphics Components Xiaomi Models Vulnerable to Privilege Escalation via Third-Party App Parameter Manipulation Mi App Store Business Logic Vulnerability Allows Silent Local Installation Xiaomi Phones Vulnerability: Information Leakage and Identity Forgery Pointer Double Free Vulnerability in Some MIUI Services: Elevation of Privileges Code Execution Vulnerability in Xiaomi Router AX3600 (ROM < 1.1.12) via Buffer Overflow in librsa.so Out-of-Bound Read/Write Vulnerability in Xiaomi Phones Enables Denial of Service Attacks Mi Sound APP Information Leakage Vulnerability Xiaomi Phone Heap Overflow Vulnerability: Remote Denial of Service Exploit Identity Verification Failure in Xiaomi Product: Exploitable Logic Vulnerability with Privilege Elevation Windows Runtime Object Handling Elevation of Privilege Vulnerability Critical Vulnerability: Unauthorized Access to Sensitive Functions in Xiaomi Community App (Version <3.0.210809) Title: Xiaomi Security Center Acknowledges ADLab of VenusTech for Identifying Critical Vulnerability Windows Runtime Object Handling Elevation of Privilege Vulnerability Unauthenticated API Reveals WIFI Password and Enables Command Injection in Xiaomi Router Firmware Update (2020) Authenticated Remote Code Execution in Gitea's Git Hook Feature Observable Discrepancy Vulnerability in OpenSSH 5.7 through 8.6 Allows Information Leak Cross-Site Scripting (XSS) Vulnerability in KumbiaPHP Development Mode Integer Overflow in Redis Lua Struct Library Out-of-Bounds Access Vulnerability in ngIRCd Server-Server Protocol Implementation NULL Pointer Dereference Vulnerability in uftpd before 2.12 Windows Runtime Object Handling Elevation of Privilege Vulnerability Denial of Service Vulnerability in GNU Bison Excessive Memory Consumption Vulnerability in IJG JPEG (libjpeg) Out-of-Bounds Array Read Vulnerability in IJG JPEG (libjpeg) jdhuff.c Mutt before 1.14.3 Vulnerability: Connection Proceeds Despite Rejected Expired Intermediate Certificate Integer Overflow Vulnerability in libpcre prior to version 8.44 via (?C substring Weak File Permissions in OpenBMC Phosphor-Host-IPMID's User Channel Password Manager Unencrypted Wireless Communication Vulnerability in ABUS Secvest FUBE50001 Device RF Packet Vulnerability in ABUS Secvest FUMO50110 Hybrid Module Allows for wAppLoxx Authentication-Bypass Attacks SQL Injection Vulnerability in ConnectWise Automate's Automate API (CVE-2020-XXXX) Dependency Loading Elevation of Privilege Vulnerability in Visual Studio and Visual Studio Code Gotenberg 6.2.1 SSRF Vulnerability: Remote File Read and Intranet Resource Fetch HTML and JavaScript Injection Vulnerability in Gotenberg PDF Conversion (CVE-2021-XXXX) Privilege Escalation via Sudo Vulnerability in Pi-Hole Improper Memory Access in JerryScript 2.2.0 Cross Site Scripting (XSS) Vulnerability in Jira Server and Data Center WYSIWYG Editor Improper Authorization Vulnerability in Jira Server and Data Center Allows Information Disclosure of Custom Project Avatars Arbitrary HTML and JavaScript Injection via File Upload in Jira Service Desk Server and Data Center Jira Server and Data Center MessageBundleResource Denial of Service Vulnerability Jira Server and Data Center Email Client Man-in-the-Middle (MITM) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center before 8.9.1 Windows Kernel Elevation of Privilege Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in Atlassian Bitbucket Server Unencrypted Repository Import Requests Vulnerability in Atlassian Bitbucket Server Remote Code Execution via Insecure Deserialization in Jira Server and Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Insecure Direct Object References (IDOR) Vulnerability in Atlassian Jira Server and Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Confluence Server and Data Center Regex-based Denial of Service (DoS) Vulnerability in JQL Version Searching in Atlassian Jira Server and Data Center Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Allows Project Key Enumeration Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Windows Diagnostics Hub Elevation of Privilege Vulnerability Information Disclosure Vulnerability in Atlassian Jira Service Desk Server and Data Center (CVE-2021-26084) Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Jira Server & Data Center Information Disclosure Vulnerability: Unauthorized Access to Support Entitlement Number (SEN) Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server Jira Server Vulnerability: Issue Key Enumeration via Missing Permissions Check Arbitrary Code Execution in Atlassian gajira-create GitHub Action (CVE-2021-12345) Arbitrary Code Execution in Atlassian Gajira-Comment GitHub Action Windows Kernel Memory Initialization Vulnerability Regex Denial of Service in Atlassian Fisheye/Crucible EyeQL (Versions before 4.8.4) Denial of Service (DoS) Vulnerability in Atlassian Fisheye/Crucible Information Disclosure Vulnerability in Atlassian Fisheye and Crucible Allows Remote Attackers to Access SEN Template Injection Vulnerability in Automation for Jira - Server Reverse Tabnapping Vulnerability in Zulip Server before 2.1.5 Deserialization Vulnerability in FasterXML Jackson-databind 2.x Improper Enforcement of ACL in PowerDNS Recursor Versions up to 4.3.1, 4.2.2, and 4.1.16 Remote Denial of Service Vulnerability in Bitcoin Core 0.20.0 BIP-143 Vulnerability: Exploiting Segwit Transaction Signing in Bitcoin Protocol Windows Error Reporting File Operations Vulnerability Arbitrary File Upload Vulnerability in Dolibarr CRM (CVE-2021-12345) XSS Vulnerability in WebFOCUS Business Intelligence 8.0 (SP6) via Arbitrary URL Parameters Cross-Site Request Forgery (CSRF) Vulnerability in WebFOCUS Business Intelligence 8.0 (SP6) XML External Entity (XXE) Injection Vulnerability in WebFOCUS Business Intelligence 8.0 (SP6) Administration Portal Improper Access Control in DiveBook Plugin 1.1.4 for WordPress Allows Unauthorized Manipulation of Dive Logs Unauthenticated XSS Vulnerability in DiveBook Plugin 1.1.4 for WordPress SQL Injection Vulnerability in DiveBook Plugin 1.1.4 for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in SuiteCRM 7.11.13 Documents Preview Functionality Arbitrary Code Execution and Access Control Bypass in Dolibarr LNK Remote Code Execution Vulnerability in Microsoft Windows Reflected Cross-Site Scripting (XSS) Vulnerability in MONITORAPP WAF: Execution of Script in Response to Request URL Information Heap-Based Buffer Overflow in FFmpeg's avio_get_str Function Customer Ticket Access Vulnerability Arbitrary Organization Access Vulnerability in Zammad Incorrect Access Control in Zulip Server: Administrator Role Added to Invitations Windows Runtime Object Handling Elevation of Privilege Vulnerability Server Information Exposure in HCL Digital Experience 8.5, 9.0, and 9.5 Reflected XSS Vulnerability in HCL Digital Experience 8.5, 9.0, 9.5 Cross-Site Scripting (XSS) Vulnerability in HCL Digital Experience 8.5, 9.0, 9.5 Stack Buffer Overflow in HCL Notes v9 MIME Message Handling Tabnabbing Vulnerability in HCL iNotes Allows for Phishing Attacks and Credential Theft Windows Subsystem for Linux File Handling Elevation of Privilege Vulnerability HCL Domino Denial of Service Vulnerability Stack Buffer Overflow Vulnerability in HCL Client Application Access v9 Stack Buffer Overflow Vulnerability in HCL Notes v9 Input Parameter Handling Denial of Service Vulnerability in HCL Domino Server Windows Update Stack Elevation of Privilege Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in HCL Notes Versions Prior to 9.0.1 FP10 IF8, 10.0.1 FP6, and 11.0.1 FP1 Stack Buffer Overflow Vulnerability in Domino Server MIME Message Handling (Versions 9 and 10) Unauthenticated Access to Critical Functionality in HCL OneTest UI V9.5, V10.0, and V10.1 Weak Basic Authentication in HCL OneTest Performance V9.5, V10.0, V10.1 Inadequate Session Timeout in HCL OneTest Performance V9.5, V10.0, V10.1 Insecure Session Cookie Handling in BigFix Inventory v10.0.2 Windows Codecs Library Remote Code Execution Vulnerability TLS-RSA Cipher Suites Not Disabled in HCL BigFix Inventory: Passive Traffic Recording and Decryption Vulnerability Container-based vulnerabilities in HCL Digital Experience 9.5 expose sensitive data to unauthorized parties via crafted requests Denial of Service Vulnerability in HCL Notes Versions 9-11: Remote Email Exploit Windows Kernel Object Memory Handling Vulnerability Buffer Overflow Vulnerability in HCL Domino DXL Input Validation Critical Vulnerability: HCL Traveler Companion Exposes iOS Devices to Weak Cryptographic Process via MobileIron AppConnect SDK Critical Vulnerability: HCL Traveler Companion Exposes iOS Devices to Weak Cryptographic Process via MobileIron AppConnect SDK Stack Buffer Overflow Vulnerability in Notes Client MIME Message Handling (Versions 9 and 10) Windows Network Connections Service Elevation of Privilege Vulnerability Information Disclosure Vulnerability in HCL Domino XPages Stored Cross-Site Scripting (XSS) Vulnerability in HCL iNotes v9, v10, and v11 HCL Domino Public API Input Validation DoS Vulnerability User Personal Data Disclosure Vulnerability in HCL Commerce 9.0.1.9 - 9.0.1.14 and 9.1 - 9.1.4 HCL Commerce Multiple Vulnerabilities: Denial of Service, User Data Disclosure, and Unauthorized Administrative Operations Windows Network Connections Service Elevation of Privilege Vulnerability Windows Error Reporting Manager Elevation of Privilege Vulnerability Bluetooth BR/EDR Transport Vulnerability in COVIDSafe Application Arbitrary Command Execution in Secudos DOMOS 5.8 via Shell Metacharacters in conf_datetime Zone Field Persistent XSS Vulnerability in Secudos Qiata FTA 1.70.19 Comment Feature Remote Command Execution via SQL Injection in Cacti 1.2.12 Server-Side Request Forgery (SSRF) Vulnerability in Red Hat CloudForms 4.7 and 5 Denial of Service Vulnerability in Wildfly's EJB Client Vulnerability: Docker version 1.13.1-108.git4ef4b30.el7 Missing Fix for CVE-2019-5736 Authentication Bypass Vulnerability in JBoss EAP Windows UPnP Device Host Memory Handling Elevation of Privilege Vulnerability Vulnerability: Security Regression in Docker Packages for Red Hat Enterprise Linux 7 Extras Information Disclosure Vulnerability in libvirt: Exposing HTTP Cookies in XML Dump Replay Attack Vulnerability in Keycloak's External Identity Provider Endpoint Samba AD DC NBT Server Crash Vulnerability Linux Kernel Ethernet Driver Memory Disclosure Vulnerability Linux Kernel H.323 Connection Tracking Denial of Service Vulnerability Incorrect Access Control Flaw in openshift-service-mesh/istio-rhel8-operator Allows Unauthorized Deployment of Custom Gateway/Pod Denial of Service Vulnerability in Wildfly's Enterprise Java Beans (EJB) Grub2 Memory Allocator Arithmetic Overflow Vulnerability Arithmetic Overflow and Heap-Based Buffer Overflow in Grub2 with Squashfs Symbolic Link Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Heap-based Buffer Overflow in grub2 read_section_as_string() Function Arithmetic Overflow Vulnerability in Grub2 Handling Symlink on Ext Filesystems Open Resolver Vulnerability in Dnsmasq Allows DDoS Attacks Information Disclosure Vulnerability in Red Hat Quay: Exposing Robot Account Names and Private Repositories Linux Kernel Memory Out-of-Bounds Read Vulnerability in ext3/ext4 File System Memory Corruption Vulnerability in bspatch Allows Arbitrary Write Vulnerability in kubevirt 0.29 and earlier allows unauthorized access to host filesystem Vulnerability Title: JBoss EAP-CD PID File Manipulation Privilege Escalation Samba File and Directory Permissions Vulnerability Vulnerability: Cross-Site Request Forgery (CSRF) in AMQ Online Console Skype for Business Internet Explorer Information Disclosure Vulnerability Reflected XSS Vulnerability in Moodle Admin Task Log Filter Self-Assignment of Manager Role Vulnerability in Moodle Denial of Service Vulnerability in Moodle's yui_combo Null Pointer Dereference Vulnerability in Samba's Winbind Service Out of Band OS Command Injection Vulnerability in Red Hat CloudForms User Impersonation Authorization Flaw in Red Hat CloudForms before 5.11.7.0 RESTEasy Vulnerability: Hash Flooding Denial of Service Server-side Request Forgery (SSRF) Vulnerability in Ansible Tower Server Side Request Forgery (SSRF) Vulnerability in Ansible Tower Sensitive Data Exposure in Ansible Tower: Unauthorized Access to Labels and Organization Names Memory Object Handling Vulnerability in Microsoft Edge PDF Reader Improper Output Neutralization in Ansible uri Module Exposes Sensitive Data Vulnerability: Linux Kernel VGA Console Resize Privilege Escalation Sensitive Data Exposure in Ansible Engine's Module Args Unfiltered User-Controllable Parameters in Ovirt Engine Web Interface Enable Reflected Cross-Site Scripting Attack Cache File Privilege Escalation Vulnerability in Red Hat Satellite 6 Red Hat Satellite OMAPI Secrets Disclosure Vulnerability Denial of Service Vulnerability in Restricted Security Context Constraints (SCC) Allows Pod-based Network Packet Manipulation Tower Data Exposure Vulnerability Vulnerability in Wildfly's Xerces Implementation: XMLSchemaValidator Manipulation Privilege Escalation Vulnerability in libvirt Allows Unauthorized Access to Host Operating System Windows Sync Host Service Elevation of Privilege Vulnerability XNIO File Descriptor Leak Vulnerability Unauthorized SMTP Connection Scanning Vulnerability in Red Hat Single Sign On v7.x Arbitrary Command Injection Vulnerability in cifs-utils' mount.cifs Arbitrary Code Execution Vulnerability in PyYAML Library (CVE-2021-28918) Integer Overflow and Heap-Buffer Overflow Vulnerability in libX11 Privilege Escalation Vulnerability in X.Org Server's XkbSetNames Function Integer Underflow Vulnerability in xorg-x11-server Xorg-Server Memory Initialization Vulnerability AMQ Online 1.5.2 User AddressSpace Configuration Injection Vulnerability PostgreSQL Logical Replication Search_Path Sanitization Vulnerability GDI+ Remote Code Execution Vulnerability Insecure search_path Handling in PostgreSQL Extension Installation Script Use-After-Free Memory Flaw in Linux Kernel's Perf Subsystem Allows Privilege Escalation Directory Traversal Vulnerability in librepo: Remote Repository Metadata Path Sanitization Flaw Use-after-free and Double-free Vulnerability in c-ares lib Version 1.16.0 Buffer Overflow Vulnerabilities in SPICE Remote Display System Linux Kernel cgroupv2 Subsystem Null Pointer Dereference Vulnerability Vulnerability: Bypassing Keycloak Gatekeeper with Lower Case HTTP Headers Windows Font Library Remote Code Execution Vulnerability X.Org Server Privilege Escalation Vulnerability Integer Underflow Leading to Heap-Buffer Overflow Privilege Escalation Vulnerability in X.Org Server Integer Underflow Leading to Heap-Buffer Overflow Privilege Escalation Vulnerability in X.Org Server Title: Integer Overflow Vulnerability in libX11 Allows for Arbitrary Code Execution USB Emulator Out-of-Bounds Read/Write Access Vulnerability in QEMU Vulnerability: GPG Signature Bypass in Ansible Engine Path Traversal Vulnerability in Keycloak: Limited Exposure of Specific Folder Hierarchies Path Traversal Vulnerability in chrony Cross-Site WebSocket Hijacking (CSWH) Vulnerability in Eclipse Che Title: Red Hat CloudForms Cross Site Request Forgery Vulnerability Allows Unwanted Actions Execution Windows Network Location Awareness Service Elevation of Privilege Vulnerability Information Disclosure Vulnerability in Containers/Podman: Leakage of Environment Variables between Containers Red Hat Satellite Credential Leak Vulnerability Exposes Compute Resource Credentials Vulnerability: Grub2 Secure Boot Bypass via ACPI Command Use After Free Vulnerability in igc_reloc_struct_ptr() of Ghostscript-9.25 Allows Denial of Service Buffer Overflow Vulnerability in dpdk's copy_data Function Vulnerability in DPDK Allows Unauthorized Memory Modification in Virtual Machines Buffer Overflow Vulnerability in dpdk Versions before 18.11.10 and 19.11.5 Buffer Over Read Vulnerability in DPDK Integer Underflow in `move_desc` Function in DPDK Versions before 18.11.10 and 19.11.5 Vulnerability: XEE Attack in Red Hat AMQ Broker via Configuration Files Windows Network Connections Service Elevation of Privilege Vulnerability Account Takeover Vulnerability in Red Hat Satellite 6.7.2 and Later Versions Vulnerability: Privilege Escalation and Memory Corruption in Linux Kernel's Futex Implementation Vulnerability: Memory Overflow in LUKS2 Format Validation Code Samba DNS Server Vulnerability: Authenticated User Can Crash RPC Server Incomplete Fix for Denial of Service Vulnerability in JBossWeb XFS File System Metadata Validator Failure Vulnerability Linux Kernel Memory Corruption Vulnerability Rsync Host Mismatch Vulnerability Bypassing Member Permissions in Red Hat 3scale API Management Platform Account Console Access Control Bypass in Keycloak PerformancePoint Services Remote Code Execution Vulnerability Linux Kernel Out-of-Bounds Memory Write Vulnerability with Screen Size Change Vulnerability: Unauthorized Access to Red Hat Customer Portal Credentials in GNOME Control Center Untrusted Pointer Dereference Vulnerability in Perl-DBI < 1.643 Buffer Overflow Vulnerability in perl-DBI < 1.643 in DBI.xs Denial of Service Vulnerability in QEMU USB xHCI Controller Emulation NULL Pointer Dereference in LibVNCServer before 0.9.13 NULL Pointer Dereference in LibVNCServer's rfbregion.c Infinite Loop Vulnerability in LibVNCServer Vulnerability in LibVNCServer: Byte-aligned Data Access Issue Tampering Vulnerability in Microsoft SharePoint Server Allows Unauthorized Modification of User Profiles Byte Alignment Vulnerability in LibVNCServer Integer Overflow in LibVNCServer's scale.c Out-of-Bounds Access Vulnerability in LibVNCServer Out-of-Bounds Access Vulnerability in LibVNCServer Out-of-Bounds Access Vulnerability in LibVNCServer's rre.c Unbounded TextChat Size Vulnerability in LibVNCServer Reflected XSS Vulnerability in Agentejo Cockpit 0.10.2 Integer Overflow and Heap Corruption in SDL_BlitCopy via Crafted .BMP File Heap-Based Buffer Over-read Vulnerability in SDL (Simple DirectMedia Layer) 2.0.12 Remote Command Execution Vulnerability in NeDi 1.9C via System-Snapshot.php XSS Vulnerability in NeDi 1.9C: Incorrect Implementation of sanitize() in inc/libmisc.php Remote Command Execution Vulnerability in NeDi 1.9C via pwsec.php POST Request Buffer Position Mishandling in QEMU's audio/ossaudio.c (CVE-2020-13754) Race condition in slip and slcan line discipline leads to use-after-free vulnerability in Linux kernel (CVE-2020-12345) TOCTOU Vulnerability in madCodeHook Allows Privilege Escalation via Directory Junctions Office Web Apps Server Spoofing Vulnerability Arbitrary Command Execution in aaPanel through 6.6.6 via Add Cron Job Screen Improper Hash Computation in IPv4Interface and IPv6Interface Classes in Python Predictable CONVOS_LOCAL_SECRET value in Convos before 4.20 XSS Vulnerability in Cacti Template Import for Midwinter Theme Remote Command Execution Vulnerability in Foxit Reader 9.x and earlier Administrative Credentials Disclosure Vulnerability in Certain NETGEAR Devices Disclosure of Administrative Credentials in Certain NETGEAR Devices Disclosure of Administrative Credentials in Certain NETGEAR Devices Administrative Credentials Disclosure Vulnerability in Certain NETGEAR Devices Microsoft SharePoint Spoofing Vulnerability Disclosure of Administrative Credentials in Certain NETGEAR Devices Disclosure of Administrative Credentials in Certain NETGEAR Devices CSRF Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices SharePoint Email Parsing Remote Code Execution Vulnerability Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices SQL Injection Vulnerability in Dolibarr 11.0.3: Remote Code Execution via id Parameter Reflected Cross-Site Scripting (XSS) Vulnerability in WSO2 Identity Server and Key Manager Reflected Cross-Site Scripting (XSS) Vulnerability in WSO2 Identity Server and Key Manager Management Console Basic Policy Editor Open Redirect Vulnerability in WSO2 Identity Server and Key Manager Denial of Service Vulnerability in Mattermost Server (MMSA-2020-0021) Denial of Service Vulnerability in Mattermost Server (MMSA-2020-0020) Disclosure of Authorization Tokens in Mattermost Mobile Apps (MMSA-2020-0018) Microsoft Office Memory Disclosure Vulnerability Denial of Service Vulnerability in Mattermost Server Markdown Renderer (MMSA-2020-0017) Persistent Single Sign-On Cookies and Local Storage after Logout in Mattermost Mobile Apps Directory Traversal Vulnerability in Mattermost Server (MMSA-2020-0014) Improper Socket Read Restriction in Mattermost Server (MMSA-2020-0005) Server Redirection Vulnerability in Mattermost Desktop App (MMSA-2020-0008) Mattermost Desktop App HTTP Basic Authentication Phishing Vulnerability Mattermost Desktop App Same Origin Policy Mishandling Vulnerability Broadcasted Team Details Disclosure Vulnerability in Mattermost Server Mattermost Server Information Disclosure Vulnerability (MMSA-2020-0004) Channel Renaming Vulnerability in Mattermost Server (MMSA-2020-0002) Microsoft Word Remote Code Execution Vulnerability (CVE-2020-1449) Unprivileged Creation of Trusted OAuth Application in Mattermost Server (MMSA-2020-0001) Directory Traversal Vulnerability in Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 Devices Cross-Site Scripting (XSS) Vulnerability in CALDERA 2.7.0 via Operation Name Box Microsoft Word Remote Code Execution Vulnerability (CVE-2020-1447) Helm Chart Repository Password Leakage Vulnerability in Octopus Deploy Command-Injection Vulnerabilities in Draytek Vigor Routers Critical Stack-Based Buffer Overflow Vulnerability in Vigor3900, Vigor2960, and Vigor300B Firmware Hardcoded Key Material Vulnerability in Cellebrite UFED Physical Device Reflected Cross-Site Scripting (XSS) Vulnerability in Dolibarr 11.0.3 via public/notice.php Unauthenticated Access and Modification Vulnerability in Philips Ultrasound Systems XML External Entity (XXE) Attack: Exploiting Weakly Configured XML Files for Arbitrary File Access Unauthenticated Querying of Server Allows Unauthorized Access to Sensitive Serialized Data Microsoft Word Remote Code Execution Vulnerability (CVE-2020-1448) Plaintext Storage of Credentials in RAM Vulnerability Weak Encryption Algorithm in DeskLock Tool Allows for Credential Decryption and Unauthorized Access Heap Overflow Vulnerability in Delta Industrial Automation DOPSoft TLS Handshake Timeout Vulnerability Account Lockout Bypass Vulnerability in OpenClinic GA Versions 5.09.02 and 5.89.05b Vulnerability: Bypassing Client-side Access Controls and Execution of Admin Functions in OpenClinic GA Versions 5.09.02 and 5.89.05b Bypassing Permission/Authorization Checks in OpenClinic GA 5.09.02 and 5.89.05b: Unauthorized Command Execution Hidden Default User Account Vulnerability in OpenClinic GA 5.09.02 Arbitrary File Upload Vulnerability in OpenClinic GA 5.09.02 and 5.89.05b Inadequate Hashing Complexity in OpenClinic GA 5.09.02 and 5.89.05b Unvalidated Source Markup in Microsoft Project Enables Remote Code Execution Arbitrary Local File Inclusion and File Execution Vulnerability in OpenClinic GA 5.09.02 and 5.89.05b SQL Injection Vulnerability in OpenClinic GA Versions 5.09.02 and 5.89.05b Cross-Site Scripting (XSS) Vulnerability in OpenClinic GA 5.09.02 and 5.89.05b Arbitrary File Write and Command Execution Vulnerability in OpenClinic GA 5.09.02 and 5.89.05b Insufficient Complexity in Authentication Mechanism of OpenClinic GA Versions 5.09.02 and 5.89.05b Privilege Escalation and Remote Code Execution Vulnerability in Mitsubishi Electric Factory Automation Engineering Software Products Multiple SQL Injection Vulnerabilities in Advantech iView 5.6 and Prior Versions Stack-Based Buffer Overflow in HMS Industrial Networks AB eCatcher (Versions Prior to 6.5.5) Improper Access Control Vulnerability in Advantech iView 5.6 and Prior Microsoft Office SharePoint XSS Vulnerability Arbitrary Data Overwrite Vulnerability in Secomea GateManager (Versions prior to 9.2c) Improper Authentication in Advantech iView Allows Unauthorized Access and Account Manipulation Stored XSS Vulnerability in 1734-AENTR Communication Module's Web Interface Remote Code Execution Vulnerability in Advantech iView 5.6 and Prior Authentication Bypass Vulnerability in 1734-AENTR Communication Module Command Injection Vulnerability in Advantech iView 5.6 and Prior Input Validation Vulnerability in Philips Clinical Collaboration Platform Multiple Path Traversal Vulnerabilities in Advantech iView 5.6 and Prior Versions Off-by-One Error in GateManager Prior to 9.2c: Remote Code Execution and Denial-of-Service Vulnerability Memory Corruption Vulnerabilities in CodeMeter Packet Parser Microsoft Office SharePoint XSS Vulnerability Hard-coded Telnet Credential Vulnerability in GateManager Versions Prior to 9.2c Stack-based Buffer Overflow Vulnerability in EDR-G902 and EDR-G903 Series Routers (Versions prior to 5.4) via Crafted Web Browser Cookie Weak Hash Type Vulnerability in GateManager Versions Prior to 9.2c CodeMeter License File Processing Vulnerability Vulnerability: Sniffing Trailer Power Line Communications from a Distance Arbitrary License File Forgery in CodeMeter Improper Password Hashing Vulnerability in Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00 Remote Code Execution Vulnerability in CodeMeter Protocol Encryption Information Leakage in Philips DreamMapper, Version 2.24 and prior WebSockets API Vulnerability in CodeMeter: License File Alteration and Creation Remote Code Execution Vulnerability in Microsoft SharePoint Ignition 8 (all versions prior to 8.0.13) Information Leak Vulnerability Critical Malicious Code Execution Vulnerability in Mitsubishi Electric Factory Automation Software Uncontrolled Resource Consumption Vulnerability in Softing Industrial Automation Arbitrary Code Execution Vulnerability in Mitsubishi Electric Factory Automation Products Heap-Based Buffer Overflow in Softing Industrial Automation Cross-Site Scripting (XSS) Vulnerability in Philips Clinical Collaboration Platform Unauthenticated Remote Code Execution Vulnerability in Primavera Portfolio Management Vulnerability in Primavera Portfolio Management: Unauthorized Data Access and Manipulation Vulnerability in Primavera Portfolio Management: Unauthorized Data Access and Manipulation Remote Code Execution Vulnerability in Microsoft SharePoint Unauthenticated Access Vulnerability in Oracle Security Service of Oracle Fusion Middleware (CVE-2021-12345) Vulnerability in Oracle Siebel CRM: Unauthorized Access and Data Compromise in Siebel UI Framework Vulnerability in Oracle Commerce Platform: Unauthorized Data Manipulation Vulnerability in Oracle Commerce Platform: Unauthorized Data Access and Manipulation Vulnerability in Oracle Applications Framework: Unauthorized Access and Data Compromise Oracle Commerce Service Center Unauthenticated Access Vulnerability Oracle Commerce Guided Search / Oracle Commerce Experience Manager Unauthorized Access Vulnerability Vulnerability in Oracle Solaris Packaging Scripts Allows Unauthorized Denial of Service MySQL Server Denial of Service Vulnerability Microsoft SharePoint Reflective XSS Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Hyperion Financial Close Management Allows Unauthorized Data Manipulation Oracle Solaris libsuri Vulnerability: Unauthorized Data Access Critical Vulnerability in Oracle Hospitality Reporting and Analytics: Takeover Risk Unauthorized Data Access Vulnerability in Oracle Transportation Management 6.4.3 Oracle Solaris Device Driver Utility Vulnerability Vulnerability in Oracle Hyperion Financial Close Management Allows Unauthorized Data Manipulation MySQL Server Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Business Intelligence Enterprise Edition Unauthenticated Remote Code Execution Vulnerability in Primavera Portfolio Management Microsoft SQL Server Management Studio Denial of Service Vulnerability Vulnerability in Oracle MySQL Client: Unauthorized Denial of Service (DoS) Unauthorized Data Manipulation Vulnerability in Oracle AutoVue Oracle WebCenter Portal Security Framework Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation Vulnerability in Oracle Application Object Library Allows Unauthorized Data Manipulation Oracle Marketing Unauthenticated Remote Code Execution Vulnerability Java SE and Java SE Embedded Vulnerability: Unauthorized Access and Data Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Information Schema Unauthorized Read Access Vulnerability Microsoft Office SharePoint XSS Vulnerability Unauthorized Access Vulnerability in Oracle Hyperion BI+ (Version 11.1.2.4) Critical Vulnerability in Oracle Hospitality Reporting and Analytics: Takeover Risk Vulnerability in Oracle Java SE ImageIO Component: Unauthorized Partial Denial of Service Vulnerability in Oracle Enterprise Communications Broker: Unauthorized Data Access and Manipulation High Privilege Unauthorized Data Manipulation Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Oracle Unified Directory Product Vulnerability: Unauthorized Data Access and Denial of Service Unauthenticated Remote Code Execution Vulnerability in Primavera Portfolio Management MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Vulnerability in Oracle FLEXCUBE Investor Servicing Allows Unauthorized Data Access and Modification Microsoft Windows Codecs Library Remote Code Execution Vulnerability Oracle BI Publisher Vulnerability: Unauthorized Access and Data Compromise Oracle BI Publisher Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle WebLogic Server Console Allows Unauthorized Data Access and Manipulation Unauthenticated Access Vulnerability in Oracle Java SE Oracle Communications Interactive Session Recorder Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server UDF Vulnerability: Unauthorized Hang and Crash Attacks Java SE, Java SE Embedded Vulnerability: Unauthorized Read Access via TLS Java SE and Java SE Embedded Vulnerability: Unauthorized Partial Denial of Service Java SE and Java SE Embedded Vulnerability: Unauthorized Partial Denial of Service Microsoft Office DLL Loading Remote Code Execution Vulnerability Vulnerability in Oracle Communications Session Border Controller Allows Unauthorized Access and Data Manipulation Java SE, Java SE Embedded 2D Vulnerability: Unauthorized Data Access Oracle iStore User Registration Vulnerability Vulnerability in Oracle Java SE and Java SE Embedded: Remote Code Execution Oracle BI Publisher Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Vulnerability in Oracle PeopleSoft Enterprise FIN Expenses: Unauthorized Data Access and Manipulation Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Denial of Service Vulnerability ARM Speculative Execution Information Disclosure Vulnerability Oracle Applications Framework Page Request Unauthorized Read Access Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Server Crash Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Java SE and Java SE Embedded: Unauthorized Data Access Highly Exploitable Vulnerability in Oracle Hospitality Reporting and Analytics: Takeover Risk Oracle iLearning Assessment Manager Unauthenticated Remote Access Vulnerability Oracle iStore Address Book Unauthenticated Remote Code Execution Vulnerability MySQL Server Denial of Service Vulnerability Oracle CRM Gateway for Mobile Devices Unauthenticated Access Vulnerability Oracle CRM Gateway for Mobile Devices Unauthenticated Access Vulnerability Remote Code Execution Vulnerability in Microsoft SharePoint Server Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access and Manipulation Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access and Modification Oracle Financial Services Analytical Applications Infrastructure Unauthorized Read Access Vulnerability Oracle Financial Services Analytical Applications Infrastructure Unauthorized Read Access Vulnerability Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access Oracle SD-WAN Edge User Interface Unauthenticated Remote Code Execution Vulnerability Oracle Fusion Middleware MapViewer Tile Server Unauthenticated Access Vulnerability Oracle Fusion Middleware MapViewer Tile Server Unauthenticated Access Vulnerability Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Microsoft Defender MpSigStub.exe Elevation of Privilege Vulnerability Vulnerability in Oracle Applications Framework: Unauthorized Access and Data Compromise Vulnerability in Oracle WebCenter Portal: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle PeopleSoft Enterprise HRMS (Time and Labor Component) Allows Unauthorized Data Access and Manipulation Vulnerability in Oracle WebCenter Sites: Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access and Manipulation Oracle Hospitality Reporting and Analytics: Unauthorized Data Access Vulnerability Vulnerability in Primavera Unifier Allows Unauthorized Access to Critical Data Title: Critical Unauthenticated Access Vulnerability in Oracle Primavera Unifier Mobile App (Prior to 20.6) MySQL Server Denial of Service Vulnerability Skype for Business EdgeHTML-based Information Disclosure Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Java SE (JAXP Component): Unauthorized Data Manipulation Oracle WebLogic Server Core Vulnerability Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Vulnerability in Oracle MySQL Server: JSON Component Allows for Denial of Service (DoS) Attacks Oracle WebLogic Server Remote Code Execution Vulnerability Unauthenticated Takeover Vulnerability in Oracle Business Intelligence Enterprise Edition Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Oracle VM VirtualBox Allows Takeover (CVE-2020-14628) Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data SharedStream Library Elevation of Privilege Vulnerability Vulnerability in Oracle Enterprise Session Border Controller: File Upload Component Vulnerability in Oracle MySQL Server: Unauthorized Server Crash MySQL Server Denial of Service Vulnerability Title: High Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) MySQL Server InnoDB Component Unauthorized Read Access Vulnerability Oracle E-Business Suite Application Object Library Unauthorized Read Access Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Windows File Signature Validation Spoofing Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Critical Vulnerability in Oracle MySQL Server: Unauthorized Access to Critical Data Oracle Coherence CacheStore Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Oracle WebLogic Server Remote Code Execution Vulnerability Oracle WebLogic Server Unauthenticated Takeover Vulnerability Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox: High Privileged Takeover (CVE-2020-XXXX) Arbitrary File Deletion Vulnerability in Microsoft OneDrive Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Vulnerability in Primavera P6 Enterprise Project Portfolio Management: Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability Oracle Security Service SSL API Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle CRM Technical Foundation of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Marketing Product Vulnerability: Unauthorized Access and Data Manipulation Oracle CRM Technical Foundation Preferences Unauthenticated Remote Code Execution Vulnerability Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Vulnerability in Oracle CRM Technical Foundation: Unauthorized Access and Data Compromise Oracle CRM Technical Foundation Preferences Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Access and Data Manipulation Privilege Escalation Vulnerability in Oracle MySQL Server Java SE Product Vulnerability: Unauthenticated Takeover via JavaFX (CVE-2020-14781) Oracle Trade Management Invoice Vulnerability Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle CRM Technical Foundation of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle E-Business Intelligence of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Configurator Vulnerability in UI Servlet (12.1 and 12.2) - Unauthorized Access and Data Compromise Windows Hard Links Elevation of Privilege Vulnerability Vulnerability in Oracle Advanced Outbound Telephony Allows Unauthorized Access and Data Manipulation Oracle Advanced Outbound Telephony User Interface Unauthenticated Remote Code Execution Vulnerability MySQL Server Stored Procedure Denial of Service Vulnerability Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox: High Privileged Takeover Vulnerability in Oracle VM VirtualBox: High Privileged Takeover Vulnerability in Oracle VM VirtualBox: High Privileged Takeover Privilege Escalation Vulnerability in Oracle MySQL Server Oracle CRM Technical Foundation Denial of Service Vulnerability Windows GDI Memory Disclosure Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle E-Business Intelligence of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Manipulation Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access Oracle iSupport Product Vulnerability: Unauthorized Access and Data Compromise Oracle WebLogic Server Remote Code Execution Vulnerability Vulnerability in Oracle Common Applications of Oracle E-Business Suite: Unauthorized Access and Data Compromise Bond Denial of Service Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Access and Data Compromise Vulnerability in Oracle Financial Services Liquidity Risk Management: Unauthorized Data Access and Modification Oracle Financial Services Loan Loss Forecasting and Provisioning User Interface Unauthorized Data Manipulation Vulnerability Vulnerability in Oracle Insurance Accounting Analyzer: Unauthorized Data Access Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access and Data Compromise Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Oracle BI Publisher Layout Templates Unauthenticated Access Vulnerability Privilege Escalation Vulnerability in Oracle MySQL Server Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access and Data Compromise Vulnerability in Oracle VM VirtualBox Allows Takeover Windows Work Folders Service Memory Handling Elevation of Privilege Vulnerability Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Oracle SD-WAN Aware User Interface Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Oracle GoldenGate Process Management Vulnerability Unauthenticated Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Vulnerability in Oracle VM VirtualBox: Unauthorized Hang or Crash Vulnerability in Oracle Retail Applications' Customer Management and Segmentation Foundation: Unauthorized Data Manipulation Oracle Retail Applications Customer Management and Segmentation Foundation Card Component Unauthorized Data Access Vulnerability Elevation of Privilege Vulnerability in Microsoft Windows CloudExperienceHost Oracle Retail Applications Customer Management and Segmentation Foundation Unauthorized Data Access Vulnerability Vulnerability in Oracle VM VirtualBox: Privilege Escalation and Takeover (CVE-2020-14711) Vulnerability in Oracle VM VirtualBox: Unauthorized Data Access Vulnerability in Oracle VM VirtualBox Allows Takeover Oracle VM VirtualBox Prior to 5.2.44, 6.0.24, and 6.1.12 Denial of Service Vulnerability Oracle VM VirtualBox Prior to 5.2.44, 6.0.24, and 6.1.12 Denial of Service Vulnerability Vulnerability in Oracle Common Applications of Oracle E-Business Suite: Unauthorized Data Manipulation Vulnerability in Oracle Common Applications of Oracle E-Business Suite: Unauthorized Data Manipulation Oracle GraalVM Enterprise Edition Vulnerability: Remote Takeover Vulnerability in Oracle Internet Expenses: Unauthorized Data Access and Modification Netlogon Elevation of Privilege Vulnerability Vulnerability in Oracle Internet Expenses: Unauthorized Access to Critical Data Vulnerability in Oracle Enterprise Communications Broker: Unauthorized Data Access and Partial Denial of Service Oracle Enterprise Communications Broker WebGUI Unauthenticated Access Vulnerability Oracle Help Technologies Product Vulnerability Oracle Solaris Device Driver Utility Vulnerability: Unauthorized Takeover of Oracle Solaris MySQL Server Denial of Service Vulnerability Vulnerability in SuiteCommerce Advanced (SCA) component of Oracle NetSuite: Unauthorized Data Access and Manipulation Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service prior to 2020.1.4 Windows Jet Database Engine Remote Code Execution Vulnerability Oracle Retail Customer Management and Segmentation Foundation Unauthorized Data Access Vulnerability Oracle Retail Customer Management and Segmentation Foundation: Unauthorized Data Access Vulnerability Oracle Text Component Takeover Vulnerability Oracle Database Server Scheduler Component Vulnerability Database Vault Privilege Escalation Vulnerability Windows Image Acquisition (WIA) Service Memory Disclosure Vulnerability SQL Developer Install Component Vulnerability in Oracle Database Server Oracle Database Server Database Filesystem Component Vulnerability Oracle Database Server Core RDBMS Component Unauthorized Data Manipulation Vulnerability Java VM Component Vulnerability in Oracle Database Server Oracle REST Data Services Vulnerability: Unauthorized Access to Critical Data Oracle REST Data Services Unauthorized Read Access Vulnerability Vulnerability in Oracle Applications Framework: Unauthorized Data Manipulation Elevation of Privilege Vulnerability in srmsvc.dll Oracle WebLogic Server Console Unauthenticated Takeover Vulnerability High Privilege Vulnerability in Oracle Hyperion Lifecycle Management (Shared Services Component) Vulnerability in Oracle Hospitality Reporting and Analytics: Unauthorized Access to Critical Data Oracle Solaris Filesystem Vulnerability: Unauthorized Hang and Crash Exploit Oracle Coherence Unauthenticated Network Access Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle Solaris Kernel Vulnerability: Unauthorized Access and Partial Denial of Service Oracle Solaris Kernel Vulnerability: Unauthorized Data Access and Manipulation Improper Access Control in ASP.NET and .NET Web Applications on IIS Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Oracle Applications Manager Vulnerability: Unauthorized Access and Data Manipulation Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express Quick Poll Component of Oracle Database Server (CVE-2020-XXXX) High Privilege Vulnerability in Oracle Hyperion Planning (11.1.2.4) Allows Unauthorized Data Manipulation MySQL Server Vulnerability: Unauthorized Hang and Crash Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability High Privilege Network Access Vulnerability in Oracle Hyperion BI+ (IQR-Foundation Service) Vulnerability in Oracle Hyperion Analytic Provider Services: Unauthorized Data Access and Partial Denial of Service MySQL Server Denial of Service Vulnerability Windows Media Foundation Memory Corruption Vulnerability Unauthorized Read Access Vulnerability in Oracle Hyperion BI+ (IQR-Foundation Service) LDAP Auth Vulnerability in Oracle MySQL Server High Privilege Vulnerability in Oracle Hyperion Lifecycle Management (Shared Services Component) MySQL Server Denial of Service Vulnerability Oracle CRM Technical Foundation Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle PeopleSoft Enterprise HCM Global Payroll Core (9.2) Allows Unauthorized Data Access and Partial Denial of Service Java SE, Java SE Embedded Serialization Vulnerability Windows Media Foundation Memory Corruption Vulnerability Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Unauthenticated Access Vulnerability in Oracle Java SE (JNDI Component) Unauthenticated Access Vulnerability in Oracle Java SE and Java SE Embedded Unauthenticated Network Access Vulnerability in Oracle Hospitality RES 3700 (CAL Component) Oracle BI Publisher Unauthenticated Remote Code Execution Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Communications Diameter Signaling Router (DSR) User Interface Vulnerability in Oracle Communications Diameter Signaling Router (DSR) User Interface MySQL Server Denial of Service Vulnerability Elevation of Privilege Vulnerability in DirectX Allows Arbitrary Code Execution MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service via InnoDB Component Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Java SE and Java SE Embedded Unauthenticated Network Access Vulnerability Unauthenticated Access Vulnerability in Oracle Java SE and Java SE Embedded Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE MySQL Server Denial of Service Vulnerability Windows Graphics Device Interface (GDI) Elevation of Privilege Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Server Crash Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Java SE Libraries Unauthorized Read Access Vulnerability MySQL Server FTS Component Denial of Service Vulnerability Vulnerability in Oracle E-Business Suite Secure Enterprise Search: Unauthorized Access and Data Manipulation Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Oracle Hospitality Suite8 WebConnect Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise MySQL Server Denial of Service Vulnerability ESLint Extension Remote Code Execution Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Hospitality Suite8 Unauthenticated Read Access Vulnerability in Oracle Applications Manager MySQL Server Denial of Service Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Access and Data Compromise Oracle Marketing Product Vulnerability in Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Marketing Product Vulnerability in Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle Solaris Utility Component Allows Unauthorized Data Access Oracle One-to-One Fulfillment Print Server Vulnerability Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Oracle WebLogic Server Unauthenticated Network Access Vulnerability Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Oracle Installed Base API Vulnerability Oracle CRM Technical Foundation Vulnerability: Unauthorized Data Access and Modification Oracle Financial Services Analytical Applications Infrastructure Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Remote Code Execution Vulnerability Oracle Applications Manager SQL Extensions Unauthenticated Read Access Vulnerability LDAP Auth Vulnerability in Oracle MySQL Server MySQL Server Takeover Vulnerability Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Remote Code Execution Vulnerability in Microsoft Outlook MySQL Server Denial of Service Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle PeopleSoft Integration Broker: Unauthorized Data Access and Manipulation Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise Vulnerability in Oracle Marketing Administration of Oracle E-Business Suite: Unauthorized Access and Data Compromise MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Unauthorized Read Access Vulnerability in Oracle MySQL Server (CVE-2020-14300) MySQL Server Denial of Service Vulnerability Windows Work Folders Service Memory Handling Elevation of Privilege Vulnerability Vulnerability in Oracle Application Object Library: Unauthorized Data Manipulation Oracle WebLogic Server IIOP Unauthenticated Takeover Vulnerability Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Partial Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Windows Image Acquisition (WIA) Service Memory Disclosure Vulnerability Vulnerability in Oracle CRM Technical Foundation: Unauthorized Access and Data Compromise Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise MySQL Server Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle MySQL Cluster: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Hyperion Infrastructure Technology: Unauthorized Data Access and Modification Oracle Universal Work Queue Remote Code Execution Vulnerability Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise Vulnerability in Oracle Hospitality OPERA 5 Property Services: Logging Compromise Oracle WebLogic Server Unauthenticated Takeover Vulnerability Windows Kernel Elevation of Privilege Vulnerability MySQL Server Vulnerability: Unauthorized Data Manipulation via Roles MySQL Server Denial of Service Vulnerability Oracle Universal Work Queue Takeover Vulnerability Vulnerability in Oracle One-to-One Fulfillment Print Server: Unauthorized Access and Data Compromise Oracle Business Intelligence Enterprise Edition Installation Unauthenticated Remote Access Vulnerability Vulnerability in Oracle PeopleSoft Enterprise SCM eSupplier Connection: Unauthorized Data Access and Modification MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server LDAP Auth Vulnerability Media Foundation Information Disclosure Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) Vulnerability in Oracle Solaris Pluggable Authentication Module (PAM) Allows Unauthorized Takeover Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: High Privileged Takeover MySQL Server Logging Vulnerability Oracle Cloud Infrastructure Identity and Access Management: High Privilege Network Access Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Access and Data Manipulation Oracle Trade Management User Interface Unauthenticated Access Vulnerability Vulnerability in Oracle Hospitality OPERA 5 Property Services: Unauthorized Access and Data Manipulation Vulnerability in Oracle MySQL Server: LDAP Auth Security Compromise Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Windows AppX Deployment Extensions Privilege Escalation Vulnerability Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Oracle WebLogic Server Console Unauthenticated Takeover Vulnerability Oracle WebLogic Server Console Remote Code Execution Vulnerability Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Access to Critical Data MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Windows CSC Service Memory Handling Elevation of Privilege Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle FLEXCUBE Direct Banking MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.16 Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Title: Oracle Banking Corporate Lending Product Vulnerability Allows Unauthorized Access to Critical Data Vulnerability in Oracle Utilities Framework Allows Unauthorized Data Access and Manipulation Oracle Banking Payments: Unauthorized Access and Data Compromise Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle FLEXCUBE Direct Banking Vulnerability in Oracle Application Express Packaged Apps component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express Data Reporter component of Oracle Database Server (CVE-2020-2950) Elevation of Privilege Vulnerability in Storage Service Vulnerability in Oracle Application Express Group Calendar component of Oracle Database Server (CVE-2020-2950) Oracle Database Server RDBMS Security Component Unauthorized Access Vulnerability Elevation of Privilege Vulnerability in Windows Function Discovery Service Windows Media Foundation Memory Corruption Vulnerability Cross-Site Scripting (XSS) Vulnerability in CMS Made Simple 2.2.14 via Search Term in admin/moduleinterface.php?mact=ModuleManager XSS Vulnerability in Navigate CMS 2.9 via Alias or Real URL Field STARTTLS Buffering Vulnerability in evolution-data-server (eds) Insecure Connection Persistence Vulnerability in Alpine before 2.23 Outlook File Attachment Link Sharing Vulnerability Password-Reset Vulnerability in BT CTROMS Terminal OS Port Portal CT-464 Remote Code Execution Vulnerability in DMitry 1.3a via Mishandled WHOIS Response Unauthenticated Remote Code Execution in SquirrelMail 1.4.22 via unserialize in compose.php Potential PHP Object Injection Vulnerability in SquirrelMail 1.4.22 via unserialize in compose.php Buffer Overflow Vulnerability in Contiki-NG SNMP Agent Buffer Overflow Vulnerability in Contiki-NG SNMP Bulk Get Request Response Encoding Function Buffer Overflow Vulnerability in Contiki-NG SNMP Agent Contiki-NG 4.4-4.5 SNMP BER Encoder/Decoder Buffer Overflow Vulnerability Heap-based Buffer Overflow in map.c of FreedroidRPG 1.0rc2 Arbitrary Code Execution Vulnerability in FreedroidRPG 1.0rc2 Remote Code Execution Vulnerability in Microsoft Excel Software XML External Entity (XXE) Vulnerability in TuxGuitar 1.5.4 Unrestricted Deserialization Vulnerability in Tendenci 12.0.10 Stored Cross-Site Scripting (XSS) Vulnerability in Global RADAR BSA Radar 1.6.7234.24750 and Earlier via Update User Profile Authorization Bypass Vulnerability in Global RADAR BSA Radar 1.6.7234.24750 and Earlier Privilege Escalation Vulnerability in Global RADAR BSA Radar 1.6.7234.24750 and Earlier Arbitrary File Disclosure in Global RADAR BSA Radar 1.6.7234.24750 and earlier Remote Command Execution in OCS Inventory NG 2.7 via Shell Metacharacters in CommandLine.php Microsoft Excel Remote Code Execution Vulnerability Arbitrary Command Execution in aaPanel Software Store STARTTLS Buffering Vulnerability in Mutt and NeoMutt: Evaluation of Additional Data in TLS Context (Response Injection) Denial of Service Vulnerability in Jiangmin Antivirus 16.0.13.129 Denial of Service Vulnerability in Windows Cleaning Assistant 3.2 Denial of Service Vulnerability in Windows Cleaning Assistant 3.2 Lack of Ownership Check in MakeEmailPrimary Function in Gogs 0.11.91 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Easy Testimonials Plugin for WordPress Microsoft Excel Remote Code Execution Vulnerability SQL Injection Vulnerability in PHP-Fusion 9.03.50: Exploiting ctype Parameter in administration/comments.php Endpoint Unrestricted Sort Direction Vulnerability in Concrete5 Multiple XSS Vulnerabilities in Final Tiles Gallery Plugin for WordPress HTML Injection and CSRF Vulnerability in TP-Link TL-WR740N v4 and TL-WR740ND v4 Devices ECDSA Signature Malleability Vulnerability in jsrsasign Package RSA PKCS1 v1.5 Decryption Ciphertext Modification Vulnerability Vulnerability: Signature Manipulation and Memory Corruption in RSASSA-PSS Implementation Unauthenticated Metadata Disclosure in MISP 2.4.127 Microsoft Excel Memory Disclosure Vulnerability Pi-hole 5.0 Vulnerability: Code Injection via Teleporter Backup Files Multiple SQL Injection Vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0: Bypass Authentication and Remote Code Execution Reflected XSS Vulnerability in webTareas 2.0p8 Login Form Privilege Escalation and Process Termination Vulnerability in IOBit Unlocker 1.1.2 Arbitrary File Manipulation Vulnerability in IOBit Unlocker 1.1.2 Arbitrary File Read Vulnerability in GNS3 uBridge Privilege Escalation via PID Reuse Attack in F-Secure SAFE 17.7 on macOS Privilege Escalation Vulnerability in F-Secure SAFE 17.7 on macOS Arbitrary Memory Read/Write Vulnerability in EVGA Precision X1 Microsoft Excel Remote Code Execution Vulnerability Missing SSL Certificate Validation in Sophos Secure Email Application for Android Critical Security Flaw: Missing SSL Certificate Validation in ThreatTrack VIPRE Password Vault App for iOS Blind SQL Injection Vulnerability in Kronos WebTA 3.8.x and Later Buffer Overflow Vulnerability in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 Server Arbitrary Code Execution Vulnerability in Bloomreach Experience Manager (brXM) Cross-Site Scripting (XSS) Vulnerabilities in Bloomreach Experience Manager (brXM) CSRF Vulnerability in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2 SharePoint Server Cross-Site Scripting and Identity Spoofing Vulnerability Privilege Escalation via File Deletion in IOBit Advanced SystemCare Free 13.5.0.263 Stack-based Buffer Overflow in DrayTek Vigor Routers Bypassing Windows Memory Protection: Logic Bug in Acronis Agent Monitoring Driver SharePoint Server Cross-Site Scripting and Identity Spoofing Vulnerability Yubico YubiKey 5 Devices OpenPGP PIN Management Vulnerability Yubico YubiKey 5 NFC Information Leak Vulnerability SSRF Vulnerability in OX App Suite through 7.10.3 via /ajax/messaging/message API Information Exposure in OX App Suite: IP Address and User-Agent Disclosure Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.3 Caching Server Vulnerability in MediaWiki's img_auth.php Image Authorization Stored XSS Vulnerability in Bludit 3.12.0 via SVG Document in bl-kernel/ajax/logo-upload.php Arbitrary Code Execution Vulnerability in id Tech 1 (Doom Engine) SQL Injection Vulnerability in Connectwise Automate Probe Code Unsigned Code Execution Vulnerability in ASUS ScreenPad2_Upgrade_Tool.msi V1.0.3 for ScreenPad 1.0 (UX450FDX, UX550GDX, and UX550GEX) SharePoint Server Cross-Site Scripting and Identity Spoofing Vulnerability Arbitrary Content Injection in GNU Mailman Cgi/private.py Login Page Directory Traversal Vulnerability in Sonatype Nexus Repository Manager 2.x CSRF Vulnerability in pramodmahato BlogCMS (admin/changepass.php) XSS Vulnerability in GleamTech FileUltimate 6.1.5.0 FileExplorer Component Reflected Cross-Site Scripting Vulnerability in NeDi 1.9C Reflected Cross-Site Scripting Vulnerability in NeDi 1.9C Devices-Config.php Session Fixation Vulnerability in playSMS 1.4.3 Microsoft Word Memory Disclosure Vulnerability Stored XSS Vulnerability in Elementor Plugin for WordPress WPS PIN Offline Brute-Force Cracking Vulnerability in Askey AP5100W Devices Persistent Password Storage Vulnerability in Avast Antivirus 20.1.5069.562 Denial of Service Vulnerability in ntpd (CVE-2020-11868) Arbitrary File Download Vulnerability in Bludit 3.12.0 Authentication Bypass Vulnerability in ConnectWise Automate through 2020.x Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Topology-Map.php xo Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Assets-Management.php sn Parameter Microsoft Word Memory Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Topology-Routes.php rtr Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Assets-Management.php chg Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Monitoring-Incidents.php Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via snmpget.php ip Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Monitoring-Setup.php Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Monitoring-Map.php hde Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Topology-Linked.php dv Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Reports-Devices.php XSS Vulnerability in SeedProd Coming-Soon Plugin for WordPress (<=5.1.1) Microsoft Excel Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in PHP-Fusion 9.03.60 via administration/site_links.php Add Site Link Field iBall WRB303N Devices Vulnerable to CSRF Attacks CSRF Vulnerability in Supermicro X10DRH-iT Motherboards Allows Unauthorized User Addition SMTP Server Spoofing Vulnerability in Trojita HTTP Request Smuggling and Poisoning Vulnerability in Squid Proxy Server Microsoft SharePoint Server Information Disclosure Vulnerability Directory Traversal Vulnerability in Suprema BioStar 2 Video Extension Stored XSS Vulnerability in Artica Proxy SQL Injection in Artica Proxy CE: Netmask, Hostname, and Alias Fields Vulnerability Reflected XSS Vulnerability in Artica Proxy CE 4.28.030.418 Privilege Escalation via Unencrypted UDP Traffic Sniffing in TP-Link USB Network Server TL-PS310U Devices Authentication Bypass in TP-Link USB Network Server TL-PS310U Devices Persistent XSS Vulnerability in TP-Link USB Network Server TL-PS310U (CVE-2021-XXXX) Denial-of-Service Vulnerability in TP-Link USB Network Server TL-PS310U Devices Privilege Escalation via Unencrypted UDP Traffic in Lindy 42633 Network Server Authentication Bypass Vulnerability in Lindy 42633 Network Server Elevation of Privilege Vulnerability in Wininit.dll Persistent XSS Vulnerability in Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 Denial-of-Service Vulnerability in Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 Devices Privilege Escalation Vulnerability in DIGITUS DA-70254 4-Port Gigabit Network Hub Authentication Bypass Vulnerability in DIGITUS DA-70254 4-Port Gigabit Network Hub Persistent XSS Vulnerability in DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 Denial-of-Service Vulnerability in DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 Buffer Overflow and Remote Code Execution in Sophos XG Firewall 17.x through v17.5 MR12 via HTTP/S Bookmarks Elevation of Privilege Vulnerability in Microsoft COM for Windows Eval Injection Vulnerability in Zulip Server 2.x before 2.1.7 Cross-Site Scripting (XSS) Vulnerability in Symphony CMS 3.0.0 via fields['name'] in content.blueprintsevents.php SQL Injection Vulnerability in phpList Import Administrators Section XSS Vulnerability in phpList 3.5.4: Import Administrators and Subscriber Lists OpenVPN Access Server Vulnerability: Token Expiry Circumvention OpenVPN Connect Installer for macOS Vulnerability: System File Corruption via Symlinks Critical File Corruption Vulnerability in Private Tunnel Installer for macOS OpenVPN Access Server 2.8.7 and Earlier Versions Authentication Bypass Vulnerability OpenVPN Authentication Bypass and Data Access Vulnerability Improper Access Control in PrestaShop Carrier Page, Module Manager, and Module Positions (CVE-2020-15160) Windows Media Audio Decoder Remote Code Execution Vulnerability File Access Vulnerability in PrestaShop Versions 1.7.4.0 to 1.7.6.6 Information Exposure in PrestaShop Upload Directory Configuration Variable Rewrite Vulnerability in PrestaShop Versions 1.6.0.1 and Earlier Reflected XSS Vulnerability in PrestaShop Versions 1.7.0.0 - 1.7.6.5 Authorization Bypass Vulnerability in express-jwt (NPM package) up to version 5.3.3 Insecure Caching of Customer Authentication Data in Saleor Storefront Arbitrary Checksum Generation Vulnerability in TYPO3 mediace Extension (Versions 7.6.2 - 7.6.4) Allows Remote Code Execution Bypassing Authorization Checks in Presto Server with Secure Internal Communication Elevation of Privilege Vulnerability in LSASS via Crafted Authentication Requests Block Proposers Signature Vulnerability in TenderMint 0.33.0 - 0.33.6 XSS Vulnerability in TimelineJS Versions Prior to 3.7.0 Vulnerability in Tough Library Allows Signature Duplication (CVE-2020-6174) Remote Code Execution Vulnerability in Symfony's CachingHttpClient Information Exposure Vulnerability in npm CLI: Passwords Printed in Log Files Context Isolation Bypass Vulnerability in Electron Path Traversal Vulnerability in loklak Server Application Arbitrary Data Injection and Remote Code Execution Vulnerability in TYPO3 CMS Arbitrary File Retrieval and Database Manipulation in TYPO3 CMS Win32k Information Disclosure Vulnerability Denial of Service Vulnerability in freewvs before 0.1.1 Directory Structure Recursion Limit Vulnerability in freewvs Improper Authorization in PrestaShop Dashboard Productions before 2.1.0 Integer Overflow Vulnerability in FreeRDP 2.1.2 Improper Validation of Wildcard DNS Subject Alternative Name in Envoy Django Two-Factor Authentication Password Storage Vulnerability Panic Vulnerability in etcd's decodeRecord Method Vulnerability: Tampering and Side-Channel Attack in x87 FPU Operations in OpenEnclave SQL Injection Vulnerability in GLPI's 'Clone' Feature (Fixed in 9.5.1) Address Validation Bypass in Solidus Checkout Elevation of Privilege Vulnerability in Connected User Experiences and Telemetry Service Usernames with Matching Names Vulnerability in JupyterHub-KubeSpawner CRLF Injection Vulnerability in Fiber 1.12.6 and Earlier Arbitrary Consensus Participant Panic Vulnerability in etcd Insecure Directory Permissions in etcd Denial of Service Vulnerability in etcd Gateway Weak Password Length Validation in etcd Versions 3.3.23 and 3.4.10 Synergy Server Crash Vulnerability with Large Client Name Length Unescaped HTML Rendering in Wagtail Form Page Help Text Cross-Site Scripting (XSS) Vulnerability in Auth0-Lock Versions <= 11.25.1 Windows State Repository Service Information Disclosure Vulnerability Privilege Escalation and Unauthorized Access in 'I hate money' (before version 4.1.5) PDB Server Path Shell Injection Vulnerability in radare2 (CVE-XXXX-XXXX) Command Injection Vulnerability in Codecov (npm package) Upload Method Path Traversal Vulnerability in Goobi Viewer Core (CVE-2021-12345) Authorization Header Sanitization Vulnerability in Auth0 npm Package Authenticated User Bypasses Read Security in parser-server (Versions 3.5.0 - 4.3.0) Unauthenticated Shutdown Vulnerability in Contour Ingress Controller Vulnerability: Unauthenticated Cookie Tampering in OctoberCMS Open Redirect Vulnerability in Traefik's Handling of X-Forwarded-Prefix Header Windows CSC Service Memory Handling Elevation of Privilege Vulnerability False-positive validation vulnerability for NFT1 Child Genesis transaction type in SLPJS (npm package slpjs) before version 0.27.4 False-Positive Validation Vulnerability in SLP Validate (npm package slp-validate) Prior to Version 1.2.2 User Enumeration and Email Address Exposure in Sulu Lack of Certificate Validation in TLS Handshakes in faye-websocket Lack of Certification Validation in Faye TLS Handshakes CSRF Vulnerability in save-server (npm package) Allows Unauthorized Actions and Privilege Escalation Vulnerability: Incomplete TLS Authentication for Gateway Endpoints HoRNDIS Integer Overflow Vulnerability Cross-Site Scripting Vulnerability in Prism's Easing Preview Plugin DOM-based XSS vulnerability in MyBB before version 1.8.24 through custom MyCode rendering Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Critical Remote Code Execution (RCE) Vulnerability in Red Discord Bot Trivia Module Path Traversal Vulnerability in openapi-python-client Arbitrary Code Execution in openapi-python-client (CVE-2021-12345) Unsanitized Request Parameter Remote Code Execution in SyliusResourceBundle Vulnerability: Privilege Escalation and DLL Hijacking in Composer-Setup for Windows Unsanitized Request Parameter Remote Code Execution in SyliusResourceBundle Remote Code Execution Vulnerability in Red Discord Bot Streams Module Remote Code Execution Vulnerability in Yii 2 (yiisoft/yii2) before version 2.0.38 Privilege Escalation via Password Change Vulnerability in NodeBB Elevation of Privilege Vulnerability in Windows Telephony Server Vulnerability in Paginator (Elixir/Hex package) allows Remote Code Execution (RCE) via paginate() function Circumvention of fromkey protection in OpenMage LTS before versions 19.4.6 and 20.0.2, leading to increased CSRF attack surface Server-Side Request Forgery in ftp-srv npm package (versions 2.19.6, 3.1.2, and 4.3.4) allows arbitrary IP connections through PORT command Unauthenticated SQL Injection in Ampache Cross Site Scripting (XSS) Vulnerability in baserCMS 4.3.6 and Earlier Cross Site Scripting (XSS) Vulnerability in baserCMS 4.3.6 and Earlier via toolbar.php XSS Vulnerability in nodebb-plugin-blog-comments Allows Unauthorized Forum Posting Credential Leaking Vulnerability in containerd Heap Buffer Overflow in libIEC61850 baserCMS 4.3.6 and earlier - Cross Site Scripting (XSS) and Remote Code Execution (RCE) Vulnerability Windows Work Folders Service Memory Handling Elevation of Privilege Vulnerability Blind SQL Injection Vulnerability in PrestaShop Catalog Product Edition Page Contact Form JavaScript Injection Vulnerability in PrestaShop (Versions 1.6.0.4 - 1.7.6.8) XSS Vulnerability in PrestaShop Versions 1.5.0.0 to 1.7.6.8 Root Metadata Trust Chain Vulnerability in Python TUF (The Update Framework) before version 0.12 Username Trimming Vulnerability in Scratch Login Extension Vulnerability: Tampered Sources and Permissions in Chameleon Mini Live Debugger v1.1.6-free Denial-of-Service Vulnerability in ZeroMQ TCP Transport with CURVE/ZAP Arbitrary Code Execution via Malicious .mlrrc File in Miller 5.9.0 Vulnerability: Failure to Honor Size Option in Redirects Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers Elevation of Privilege Vulnerability in Windows File Server Resource Management Service Lack of Access Controls in Apollo-AdminService Allows Unauthorized Access to Application Configurations Arbitrary Code Execution Vulnerability in XWiki Remote Code Execution Vulnerability in Red Discord Bot's Act Module Buffer Overflow Vulnerability in ACCEL-PPP when Receiving L2TP Control Packet with String AVP Bypass of `will-navigate` Event in Electron Arbitrary File Deletion and Unauthorized Access in GLPI Plugin Image Endpoint SQL Injection Vulnerability in GLPI (versions prior to 9.5.2) Allows Unauthorized Data Extraction Insecure Storage of User Input in GLPI (CVE-2021-12345) Arbitrary JavaScript Injection in PrestaShop Contact Form Stored Cross-Site Scripting Vulnerability in ScratchSig Extension for MediaWiki Elevation of Privilege Vulnerability in Windows File Server Resource Management Service Command Injection Vulnerability in MariaDB's mysql-wsrep Component Alfresco Reset Password Add-On Untrusted Input Security Vulnerability CSRF and RCE Vulnerabilities in SOY Inquiry Component of SOY CMS Reflected Cross-Site Scripting (XSS) in SoyCMS 3.0.2 and earlier leading to Remote Code Execution (RCE) Unsanitized `alias` Field in Helm Chart.yaml Allows Information Injection Helm Repository Compromise Vulnerability Improper Sanitization of Plugin Names in Helm Helm Plugin Duplicate Entry Vulnerability Unauthenticated Remote Code Execution (RCE) in SOY CMS 3.0.2.327 and earlier Remote Code Execution (RCE) and Cross-Site Scripting (XSS) Vulnerabilities in SOY CMS 3.0.2 and Earlier Elevation of Privilege Vulnerability in Windows UPnP Device Host Segmentation fault vulnerability in TensorFlow's `tf.raw_ops.Switch` operation Null Pointer Dereference in Tensorflow's `dlpack.to_dlpack` Argument Validation Memory Leak in Tensorflow's dlpack.to_dlpack when Passing a List of Strings Uninitialized Memory Corruption in Tensorflow's dlpack.to_dlpack Implementation Incomplete Validation of Arguments in SparseFillEmptyRowsGrad Implementation in TensorFlow Heap Buffer Overflow in SparseFillEmptyRowsGrad in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 Unvalidated Shape Mismatch in SparseCountSparseOutput and RaggedCountSparseOutput in TensorFlow 2.3.0 Unvalidated Rank in SparseCountSparseOutput Vulnerability Unvalidated Shape Mismatch in SparseCountSparseOutput Implementation in TensorFlow Unvalidated Input in `RaggedCountSparseOutput` Leads to SIGABRT Signal Windows Font Driver Host Remote Code Execution Vulnerability Heap Buffer Overflow in RaggedCountSparseOutput Implementation in TensorFlow (CVE-2020-26262) Heap Buffer Overflow in RaggedCountSparseOutput Implementation in TensorFlow Integer Truncation Vulnerability in TensorFlow Shard API Format string vulnerability in TensorFlow's tf.strings.as_string function (CVE-2020-15258) Null Pointer Dereference in TensorFlow Eager Mode Heap Overflow and Memory Leak Vulnerability in TensorFlow's `tf.raw_ops.StringNGrams` Denial of Service and Data Corruption Vulnerability in TensorFlow's SavedModel Loading Out-of-Bounds Access Vulnerability in TensorFlow-Lite TensorFlow-Lite Common Dimension Size Vulnerability Null Pointer Dereference Vulnerability in TensorFlow-Lite Models Elevation of Privilege Vulnerability in Windows Speech Runtime Vulnerability: Segmentation Fault and Memory Corruption in TensorFlow-Lite Double Array Indexing Vulnerability in TensorFlow Lite Out-of-Bounds Write Vulnerability in TensorFlow Lite's Segment Sum Denial of Service Vulnerability in TensorFlow Lite's Segment Sum Implementation Out-of-Bounds Write Vulnerability in TensorFlow Lite's Segment Sum Context Isolation Bypass in Electron XML Signature Bypass Vulnerability in goxmldsig User Information Leakage through Public FAQ in GLPI (Versions 9.5.0 to 9.5.1) Caching of Admin Pages Allows Unauthorized Access in iTop SQL Query Disclosure in iTop User Portal Elevation of Privilege Vulnerability in Windows Speech Runtime Session Hijacking Vulnerability in iTop Cross-Site Scripting (XSS) Vulnerability in iTop Console Breadcrumb Uniqueness of `jti` Value Not Checked in ORY Fosite Ignored Storage Errors in ORY Fosite TokenRevocationHandler Open Enclave Information Disclosure Vulnerability Potential DoS Vulnerability in django-filter 2.3.0 and below SQL Injection in GLPI API's Search Function Allows for Information Disclosure Nette Framework Code Injection Vulnerability Untrusted Data Injection in `@actions/core` npm module before v1.2.6 Path Traversal and File Overwrite Vulnerability in Singularity 3.1.1 - 3.6.3 Tampering Vulnerability in Microsoft SharePoint Server Allows Unauthorized Modification of User Profiles Arbitrary Filesystem Path Access Vulnerability in Vapor Web Framework JSONP Support Allows Cross-Site Scripting in Mapfish-Print (Versions < 3.24) XML External Entity (XXE) Vulnerability in Mapfish-Print SDL Style Parsing Redirect URL Override Vulnerability in ORY Fosite (CVE-2021-12345) Improper Redirect URL Comparison in ORY Fosite OAuth2 Framework (CVE-2021-12345) Unauthenticated Access to Sensitive Config Keys in RACTF (Pre-Commit f3dc89b) Directory Traversal Vulnerability in Wiki.js Timing Attack Vulnerability in Shrine's `derivation_endpoint` Plugin Blueman DhcpClient Argument Injection Vulnerability Directory Traversal and Information Disclosure in xmpp-http-upload Elevation of Privilege Vulnerability in Windows Speech Shell Components Improper JWT Token Signature Validation in omniauth-auth0 (rubygems) Cross-Site Scripting (XSS) Vulnerability in TYPO3 Fluid Engine Open Redirect Vulnerability in Next.js versions >=9.5.0 and <9.5.4 Missing WebApi Authentication Attribute in Smartstore 4.0.0 & 4.0.1 RCE via PHP Object Injection in Magento (rubygems openmage/magento-lts package) Email Address Manipulation Vulnerability in Sylius Local File Disclosure Vulnerability in October CMS Arbitrary PHP Execution Vulnerability in October CMS User Escalation Vulnerability in October CMS Unsanitized SVG File Upload Vulnerability in October CMS Windows Media Foundation Memory Corruption Vulnerability Local Information Disclosure Vulnerability in JUnit4 TemporaryFolder ACL Bypass Vulnerability in Channelmgnt Plug-in for Sopel (CVE-2023-4339) Arbitrary Code Execution Vulnerability in XWiki Cross-Site Scripting Vulnerability in Grocy <= 2.7.1 via Create Shopping List Module Unsound Deallocation Vulnerability in Crossbeam-Channel CSV Export Formula Injection Vulnerability in Anuko Time Tracker Prototype Pollution Vulnerability in `object-path` <= 0.11.4 (set() Method) Privilege Escalation in containerd-shim API Socket Unsanitized URL Execution Vulnerability in Wire CSRF Vulnerability in ad-ldap-connector Admin Panel (<=5.0.12) Windows Network Connection Broker Memory Handling Vulnerability Insecure Transport Reuse Vulnerability in PJSIP Unquoted Service Path Vulnerability in Veyon Service (Windows) Invalid Integrity Hash for Dynamically Loaded Chunks in webpack-subresource-integrity (CVE-2021-23456) XSS Vulnerability in Inline Attribute Escaping Privilege Escalation via Boxstarter Installer Path Configuration Vulnerability Invalid `axis` Value Vulnerability in TensorFlow's `tf.quantization.quantize_and_dequantize` Segmentation fault vulnerability in TensorFlow's `tf.image.crop_and_resize` when `boxes` argument has a large value Vulnerability: Expired User Tokens Grant Access to Storefront API v2 Endpoints Windows Custom Protocol Engine Memory Handling Elevation of Privilege Vulnerability Unauthenticated Subscription Object Access in Parse Server Automatic Execution of Malicious Shell Commands in lookatme (Python/PyPI Package) Prior to 2.3.0 Arbitrary Shell Command Execution in git-tag-annotation-action Cross-Site Scripting Vulnerability in baserCMS versions before 4.4.1 XSS Vulnerability in Wiki.js Search Results Cross-Site Scripting (XSS) Vulnerability in MoinMoin Wiki Engine Cross-Site Scripting (XSS) Vulnerability in baserCMS 4.4.1 and Earlier Versions Remote Code Execution (RCE) Vulnerability in baserCMS 4.4.1 and Earlier Unauthorized Privilege Escalation Exploit in Red Discord Bot Mod Module (CVE-2021-XXXX) Improper Access Control in Bitdefender Endpoint Security Tools: Exclusion Path Disclosure Elevation of Privilege Vulnerability in Windows Radio Manager API Windows Graphics Device Interface (GDI) Elevation of Privilege Vulnerability Memory Read Vulnerability in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol, and IntLixTaskDumpTree Functions Insufficient Input Validation in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry, and IntLixFileGetPath: Memory Corruption Vulnerability Race-condition vulnerability in IntPeParseUnwindData() in Bitdefender Hypervisor Introspection versions prior to 1.132.2 Bypassing In-Place Mitigations in Bitdefender Endpoint Security Tools: Insufficient Validation Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in KingComposer WordPress Plugin Windows Remote Access Memory Handling Elevation of Privilege Vulnerability Open Redirect Vulnerability in SuiteCRM Documents Module via Crafted SVG Document CSV Injection in SuiteCRM Registration Fields Vulnerability: Lack of Signature Requirement in Argent RecoveryManager Allows for Denial of Service and Takeover XML Entity Expansion Vulnerability in Infoblox NIOS before 8.5.2 NULL Pointer Dereference in TiledInputFile Constructor in OpenEXR Use-after-free vulnerability in OpenEXR before 2.5.2 in DeepScanLineInputFile::DeepScanLineInputFile() Heap Buffer Overflow in getChunkOffsetTableSize() in OpenEXR Stored XSS Vulnerability in Nozomi Guardian before 19.0.4 via Crafted Custom Field Name SQL Injection Vulnerabilities in Support Incident Tracker (SiT!) 3.67 p2 Cache-timing attack vulnerability in wolfSSL before 4.5.0 Elevation of Privilege Vulnerability in Windows Accounts Control Hardcoded DSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded ECDSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded RSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded DSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded ECDSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded RSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded DSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded RSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Windows InstallService Memory Handling Elevation of Privilege Vulnerability Root Account Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Vulnerability: Insecure Default Password for Livedbuser Account in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded Password Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Default Credentials Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded Credentials Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded Erlang Cookie Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded Certificate Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated ZODB Storage Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Weak Permissions in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Weak Data.fs Permissions in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Elevation of Privilege Vulnerability in Windows WalletService Hardcoded APP_KEY Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded OAUTH_SECRET_KEY in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Weak Permissions in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Account Discovery Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Escape-sequence injection vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated Access to /registerCpe in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated Access Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 - Vulnerability in /registerCpe Endpoint Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 - Use of GET Request Method With Sensitive Query Strings Vulnerability Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 XSS Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Hardcoded SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated API in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Allows Unauthorized License Updates Unauthenticated zy_install_user API Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated API Access in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated API Access in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated API Access Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated Access to Zyxel CloudCNM SecuManager API with CLOUDCNM Key Insecure Default Password Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Eval Injection Vulnerability Local Privilege Escalation Vulnerability in BinaryNights ForkLift 3.x Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Buffer Overflow in RIOT 2020.04 Base64 Decoder Privilege Escalation via Weak Folder Permissions and Service Substitution in IDrive for Windows XML External Entity (XXE) Vulnerability in Pulse Connect Secure and Pulse Policy Secure Allows Server-Side Request Forgery (SSRF) Attacks Arbitrary Command Execution Vulnerability in Askey AP5100W_Dual_SIG SQLite MultiSelectOrderBy Heap Overflow Vulnerability Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Privilege Escalation in Docker Desktop 2.3.0.3 due to Lack of Client Verification in com.docker.vmnetd Code Injection Vulnerability in thingsSDK WiFi Scanner 1.0.1 SQL Injection Vulnerability in Nexos WordPress Theme 1.7 Reflected XSS Vulnerability in Nexos WordPress Theme 1.7 Out-of-Bounds Write Vulnerability in LibRaw's parse_exif() Function Prototype Pollution Vulnerability in Ajv 6.12.2 Allows Code Execution Unlimited Authentication Attempts Vulnerability in Venki Supravizio BPM 10.1.2 Vulnerability: Unrestricted User Space Access in ASRock RGB Driver (ASrDrv103.sys) Unobfuscated Password Exposure in Brocade Fabric OS CLI Windows Remote Access Elevation of Privilege Vulnerability Cleartext User Password Logging Vulnerability in Brocade Fabric OS Versions Code Injection and Privilege Escalation Vulnerability in Brocade Fabric OS Versions Command-Line Interface Vulnerability in Brocade Fabric OS Buffer Overflow Vulnerabilities in Brocade Fabric OS REST API Multiple Instances of Reflected Input Vulnerability in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c Command Injection Vulnerability in Brocade Fabric OS Versions LDAP Weakness in Brocade Fabric OS Versions Before v9.0.0 and After v8.1.0 Allows Remote Login with User Privileges Server-Side Request Forgery (SSRF) vulnerability in Brocade SANnav before version 2.1.1 allows unauthenticated remote attackers to make requests to arbitrary hosts. Exposure of Docker Container Ports in Brocade SANnav OVA Installation with IPv6 Networking Denial-of-Service Vulnerability in Brocade SANnav Before v.2.1.0a Elevation of Privilege Vulnerability in Windows UPnP Device Host Account Credentials Logging Vulnerability in Brocade SANnav Cleartext Transmission of Authentication Credentials in Brocade SANnav Hard-coded Administrator Account with Weak Password in Brocade SANnav Denial of Service Vulnerability in Brocade Fabric OS v9.0.0 and Earlier Information Disclosure Vulnerability in Brocade SANNav Unauthenticated Directory Listing and File Access Vulnerability in Brocade SANnav High CPU Load Vulnerability in Brocade Fabric OS Insecure SSH Key Length Vulnerability in Brocade Fabric OS and Brocade SANnav Arbitrary Content Write Vulnerability in Brocade Fabric OS Use-after-free and Double-Free Vulnerability in OpenJPEG's jp2/opj_decompress.c Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Improper Access Control Vulnerability in pyActivity via GetWebInfo in Pega Platform 8.4.0.237 WebSocket Protocol Authentication Bypass in DevSpace 4.13.0: Enabling Remote Code Execution on Pods User Enumeration Vulnerability in Venki Supravizio BPM 10.1.2 Memory Leak in usbtest_disconnect Function in Linux Kernel 4.4 through 5.7.6 (CID-28ebeb8db770) Unauthenticated SQL Injection and Remote Code Execution in Zoho ManageEngine Applications Manager REST API Stack-Based Buffer Over-Read Vulnerability in MediaInfoLib Privilege Escalation via Race Condition in HylaFAX+ and HylaFAX Enterprise's faxsetup Utility Privilege Escalation via Unprivileged User-Writable Directories in HylaFAX Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability CSRF Token Generation Vulnerability in CakePHP before 4.0.6 Privilege Escalation via File Deletion in IOBit Malware Fighter Pro 8.0.2.547 Authenticated Attacker Can Access Admin Page Console via End-User Web Interface in Pulse Secure Pulse Connect Secure Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Insufficient ACL Checks in Attachment Downloader in MISP 2.4.128 Unauthenticated User Can Send Event Contact Form in MISP 2.4.128 Remote Command Execution Vulnerability in DrayTek Vigor Routers Unauthenticated Remote Code Execution in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Stack-based Buffer Overflow in NETGEAR R6700 V1.0.4.84_10.0.58 Router XXE vulnerability in Veeam ONE 10.0.0.750_20200415 allows remote information disclosure XXE vulnerability in Veeam ONE 10.0.0.750_20200415 allows remote information disclosure Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-EL7-0.9.8.891) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mod_security.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mod_security.php Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mod_security.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mod_security.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_disk_usage.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_list_accounts.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel CWP-e17.0.9.8.923 Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Linux Kernel Use-After-Free Vulnerability in fs/block_dev.c NULL Pointer Dereference Vulnerability in Linux Kernel's serial8250_isa_init_ports() Function Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Infinite Loop Vulnerability in Wireshark 3.2.0 to 3.2.4 GVCP Dissector Authenticated Remote Code Execution Vulnerability in Cohesive Networks vns3:vpn Appliances SQL Injection Vulnerability in Persian VIP Download Script 1.0 via cart_edit.php Active Parameter NULL Pointer Dereference in MemoryRegionOps Object in QEMU 4.2.0 Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Heap-Based Buffer Overflow in ffjpeg's jfif_decode Function Heap-based Buffer Over-read Vulnerability in nDPI through 3.2 Heap-based Buffer Over-read Vulnerability in nDPI H.323 Dissector Heap-based Buffer Over-read Vulnerability in nDPI OpenVPN Dissector Stack Overflow Vulnerability in nDPI's extractRDNSequence Function Use-after-free vulnerability in nDPI through 3.2 due to incomplete reinitialization in ndpi_reset_packet_line_info Heap-Based Buffer Over-Read Vulnerability in nDPI Oracle Protocol Dissector Remote Code Execution Vulnerability in RaspberryTortoise WebControl SQL Error Exposure Vulnerability in Journal Theme for OpenCart Buffer Overflow Vulnerability in PassMark BurnInTest, OSForensics, and PerformanceTest Windows WaasMedic Service Memory Disclosure Vulnerability Arbitrary Ring-0 Code Execution and Privilege Escalation via IOCTL in PassMark BurnInTest, OSForensics, and PerformanceTest Arbitrary Physical Memory Mapping Vulnerability in PassMark Software Default TELNET Service with Blank Password on Nescomed Multipara Monitor M1000 Devices Unauthenticated Shell Access via Physical UART Debug Port on Nescomed Multipara Monitor M1000 Devices Cleartext Storage Vulnerability in Nescomed Multipara Monitor M1000 Devices Cleartext Data Storage Vulnerability on Nescomed Multipara Monitor M1000 Devices Unsecured Bluetooth LE Implementation in Dr Trust ECG Pen 2.00.08 Devices Allows Data Sniffing and Man-in-the-Middle Attacks Blind Unauthenticated SQL Injection Vulnerability in Re:Desk 2.3 Insecure File Upload Vulnerability in Re:Desk 2.3 Multiple Shell Metacharacter Injection Vulnerabilities in Wavlink WL-WN530HG4 M30HG4.V5030.191116 Devices Elevation of Privilege Vulnerability in Windows CDP User Components Multiple Buffer Overflow Vulnerabilities in Wavlink WL-WN530HG4 M30HG4.V5030.191116 Devices: Remote Code Execution with Root Privileges Directory Traversal Vulnerability in INNEO Startup TOOLS 2017-2018 Insecure XPC Service Configuration in Acronis True Image 2019-2020 on macOS: Local Privilege Escalation Vulnerability Insecure Folder Permissions in Acronis True Image for Mac: Local Privilege Escalation Vulnerability XSS Vulnerability in jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 Arbitrary Server Certificate Vulnerability in ASUS RT-AC1900P Routers XSS Vulnerability in ASUS RT-AC1900P Routers Elevation of Privilege Vulnerability in Windows CDP User Components Reflected XSS Vulnerability in TileServer GL Unauthenticated Firmware Replacement Vulnerability in Legacy Smarter Coffee Maker Models DuckDuckGo Application HTTPS .ico Request Vulnerability Unvalidated Thumbnail Size in LibRaw Before 0.20-RC1 Remote Code Execution Vulnerability in Sophos XG Firewall v18.0 MR1 and Older Remote Code Execution Vulnerability in MobileIron Core & Connector, Sentry, and Monitor and Reporting Database Authentication Bypass Vulnerability in MobileIron Core & Connector Arbitrary File Reading Vulnerability in MobileIron Core Versions 10.3.0.3 and Earlier, 10.4.x, 10.5.x, and 10.6.x Unencrypted Communication Vulnerability in Nordic Semiconductor Android BLE Library Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Default Signup Page Bypasses SAML Enforcement in HashiCorp Terraform Enterprise up to v202006-1 Incorrect Access Control in TYPO3 Forum Extension (before 1.2.1) TYPO3 jh_captcha Extension XSS Vulnerability Remote Code Execution Vulnerability in TYPO3 Turn Extension (0.3.2) Cross-Site Scripting (XSS) Vulnerability in mm_forum Extension for TYPO3 with CSRF Exploitation Cross-Site Scripting (XSS) Vulnerability in ke_search Extension for TYPO3 Unprivileged Users Exploit Total Control Over Filesystem I/O Requests in Veeam Availability Suite and Veeam Backup & Replication Elevation of Privilege Vulnerability in Windows Work Folder Service Cross-site Scripting (XSS) Vulnerability in Zoho ManageEngine Applications Manager Timing Vulnerability in Bouncy Castle EC Math Library Invalid Search Path Vulnerability in Embedded CPython on Windows Incorrect Access Control in GitLab EE 11.3 through 13.1.2 via Maven Package Upload Endpoint TLS Security Certificate Check Bypass in Redgate SQL Monitor Local Privilege Escalation in GOG Galaxy Client 2.0.17 Local Privilege Escalation via Weak File Permissions in GOG Galaxy Client 2.0.17 Windows Runtime Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in Valve Steam Client Buffer Overflow Vulnerability in Silicon Labs Bluetooth Low Energy SDK Buffer Overflow Vulnerability in Silicon Labs Bluetooth Low Energy SDK Unauthenticated SQL Injection Vulnerability in Zoho ManageEngine Application Manager 14.7 Build 14730 Persistent XSS Vulnerability in bestsoftinc Car Rental System Plugin for WordPress Persistent XSS Vulnerability in Hotel Booking System Pro Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Vanguard Plugin 2.1 for WordPress Cross-Site Scripting (XSS) Vulnerability in We-com Municipality Portal CMS 2.1.x via Cerca/Search Bar SQL Injection Vulnerability in We-com Municipality Portal CMS 2.1.x via cerca/ keywords field Windows Media Foundation Memory Corruption Vulnerability SQL Injection Vulnerability in We-com OpenData CMS 2.0 via Username Field SolarWinds Serv-U FTP Server Remote Command Execution Vulnerability SolarWinds Serv-U FTP Server CHMOD Command Mishandling Vulnerability Path Validation Vulnerability in SolarWinds Serv-U FTP Server Remote Code Execution Vulnerability in Microsoft Edge (HTML-based) Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in Windows WalletService XSS Vulnerability in Roundcube Webmail Versions 1.2.11, 1.3.x, and 1.4.x Hypervisor Crash Vulnerability in Xen for x86 HVM Guests Xen Arm Guest OS Hypervisor Crash Vulnerability Insufficient Cache Write-Back Vulnerability in Xen Incorrect Error Handling in Event-Channel Port Allocation Vulnerability in Xen Vulnerability: Non-Atomic Modification of Live EPT PTE in Xen TerraMaster TOS before 4.1.29: Code Injection Vulnerability in include/exportUser.php Use-after-free vulnerability in PlayerGeneric destructor in MilkyTracker through 1.02.00 Windows Jet Database Engine Remote Code Execution Vulnerability Memory Allocation Failure Vulnerability in Whoopsie's parse_report() Function Remote Denial-of-Service Vulnerability in Tor with Mozilla Network Security Services (NSS) Cross-script Vulnerability in SolarWinds Serv-U File Server (CVE-00041778, CVE-00306421) SolarWinds Serv-U File Server Same-Site Cookie Attribute Mishandling Vulnerability SolarWinds Serv-U File Server XSS Vulnerability (Case Number 00484194) SolarWinds Serv-U File Server Information Disclosure Vulnerability Cameralyzer Vulnerability: Unauthorized File Writing on Samsung Mobile Devices (SVE-2020-16830) Samsung Mobile Devices with O(8.x) Software: FactoryCamera Runtime Permissions Vulnerability (SVE-2020-17270) Bypassing Factory Reset Protection (FRP) via KNOX API on Samsung Mobile Devices (SVE-2020-17318) Windows Jet Database Engine Remote Code Execution Vulnerability Samsung Mobile Devices Factory Reset Protection Bypass Vulnerability Kernel Logging Vulnerability on Samsung Mobile Devices (SVE-2020-17605) Buffer Overflow Vulnerability in Samsung Mobile Devices with Exynos 7885 Chipsets Directory Traversal Vulnerability in Samsung StickerProvider (SVE-2020-17665) Samsung Mobile Devices with Q(10.0) Software Out-of-Bounds Access and Device Reset Vulnerability (SVE-2020-18056) Data race vulnerability in net/http servers when using httputil.ReverseProxy Handler Remote Code Execution Vulnerability in Zoho ManageEngine Desktop Central 10.0.552.W TLS Certificate Validation Bypass and Man-in-the-Middle Attack in Zoho ManageEngine Desktop Central and Remote Access Plus Elevation of Privilege Vulnerability in Windows Storage Services Vulnerability: Bypassing VPN Kill Switch in Private Internet Access (PIA) Client for Linux Unauthenticated Remote Code Execution in F*EX (Frams' Fast File EXchange) Directory Traversal Vulnerability in SteelCentral Aternity Agent Privilege Escalation and Arbitrary Code Execution in SteelCentral Aternity Agent 11.0.0.120 on Windows SSRF Vulnerability in Zoho Application Control Plus: Unauthorized Port and Network Discovery Information Disclosure Vulnerability in Zoho Application Control Plus Path Disclosure Vulnerability in ALPS ALPINE Touchpad Driver Persistent XSS in SOPlanning 1.46.01 via Project Name, Statutes Comment, Places Comment, or Resources Comment Field Denial of Service Vulnerability in Trustwave ModSecurity 3.x through 3.0.4 XSS Vulnerability in Victor CMS (register.php) User Firstname/Lastname Field Remote Code Execution Vulnerability in Microsoft Windows Codecs Library CSRF Vulnerability in CMSUno Allows Unauthorized Password Change LDAP Authentication Bypass Vulnerability in Trend Micro Deep Security 10.x-12.x Untrusted Search Path Remote Code Execution (RCE) Vulnerability in Trend Micro Security 2020 Invalid Memory Read Vulnerability in Trend Micro Security 2020 (v16.0.0.1302 and below) Driver Insecure SSL Server Certification Validation in Trend Micro Security 2019 (v15) Products LDAP Authentication Bypass Vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Remote Code Execution Vulnerability in Microsoft Graphics Components Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_dashboard.php Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_ftp_manager.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_ftp_manager.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_list_accounts.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_list_accounts.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_list_accounts.php Remote Code Execution Vulnerability in Microsoft Graphics Components Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP) Arbitrary File Write Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_new_account.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_add_mailbox.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mail_autoreply.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP) Arbitrary Code Execution via TIF File Handling in Foxit Studio Photo 3.6.6.922 Title: Microsoft Office Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via PNG File Handling HNAP Service Authentication Bypass and Code Execution Vulnerability in D-Link DAP-1860 WiFi Extenders (ZDI-CAN-10084) Authentication Bypass Vulnerability in D-Link DIR-842 3.13B05 Routers Authentication Bypass Vulnerability in D-Link DIR-867, DIR-878, and DIR-882 Routers Arbitrary Code Execution Vulnerability in NETGEAR R6700 Router Firmware 1.0.4.84_10.0.58 Unauthenticated Remote Code Execution in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Unauthenticated Remote Code Execution in NETGEAR Routers Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.7.2.29539 (ZDI-CAN-10950) Arbitrary Code Execution in Marvell QConvergeConsole 5.5.0.64 Windows Jet Database Engine Remote Code Execution Vulnerability Unauthenticated Remote Information Disclosure in Marvell QConvergeConsole 5.5.0.64 Unauthenticated Remote Information Disclosure in Marvell QConvergeConsole 5.5.0.64 Remote Code Execution in Marvell QConvergeConsole 5.5.0.64 via isHPSmartComponent Method Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Thunderbird Autodiscovery Vulnerability: Unauthorized Disclosure of Credentials Remote Code Execution Vulnerability in Firefox for Android Cross-Origin Frame Injection Vulnerability File Picker Vulnerability in Firefox ESR < 68.11 for Android: Unauthorized File Theft and Upload Elevation of Privilege Vulnerability in Windows Junction Handling File Picker Application Exploit: Overwriting Firefox Settings in Firefox ESR < 68.11 for Android Unicode RTL Order Character File Extension Manipulation Vulnerability in Firefox for iOS < 28 Cross-Origin Redirect Leakage in JavaScript Errors in Web Workers Bypassing iframe Sandbox with Allow-Popups Flag and Noopener Links CSS Custom Cursor Endless Loop Vulnerability CORS Bypass Vulnerability in Firefox ESR, Firefox, and Thunderbird JIT Optimization Vulnerability in JavaScript Arguments Object DLL Hijacking Vulnerability in Firefox and Thunderbird File Type Spoofing Vulnerability in Firefox ESR, Firefox, and Thunderbird Memory Corruption Vulnerability in Firefox 78 and Firefox ESR 78.0 Windows Kernel Elevation of Privilege Vulnerability CSRF Vulnerability in geckodriver before 0.27.0 with Missing Content-Type Header Checks Password Leakage Vulnerability in Firefox for iOS < 28 via Rogue Webpage Unintended File Download Exploit in Firefox for iOS < 28 Arbitrary Code Execution with System Privileges in Mozilla Maintenance Service Remote Code Execution and Extension Installation Vulnerability in Firefox and Thunderbird Address Bar Persistence Vulnerability in Firefox < 80 MediaError Message Information Leakage Vulnerability Heap Overflow Vulnerability in Firefox < 80 Allows Arbitrary Code Execution Missing Lock Vulnerability in Firefox and Firefox for Android Use-after-free vulnerability in Firefox ESR and Thunderbird versions prior to 68.12 MSHTML Engine Remote Code Execution Vulnerability Memory Corruption Vulnerabilities in Firefox for Android 79 Race Condition Vulnerability in Firefox for Android < 80 Memory Corruption Vulnerabilities in Firefox 80 and Firefox ESR 78.2 Memory Corruption Vulnerabilities in Firefox 80 Buffer Overflow Vulnerability in Firefox < 81: Lifetime Mismatch in Surface Processing SVG onload Handler Execution Vulnerability in Firefox Open Redirect Vulnerability Allows Spoofing of Downloaded File Dialog Use-after-free vulnerability in APZCTreeManager::ComputeClippedCompositionBounds OAuth Session Fixation Vulnerability in Mozilla VPN Microsoft Edge PDF Reader Remote Code Execution Vulnerability External Protocol Handler Enumeration in Firefox < 82 Shared Stub Table Overwrite Vulnerability in Firefox < 82 External Protocol Prompt Spoofing Vulnerability in Firefox < 82 Memory Corruption Vulnerabilities in Firefox 81 and Firefox ESR 78.3 Memory Corruption Vulnerabilities in Firefox 81: Potential Arbitrary Code Execution STARTTLS Plaintext Injection Vulnerability in Thunderbird < 78.7 Hypervisor Component of ACRN Project: Root Access DoS via PCIe Assign/De-assign Hypercalls HTTP Digest Authentication Vulnerability in GoAhead Web Server NULL Pointer Dereference Denial of Service Vulnerability in Appweb Microsoft Edge Remote Code Execution Vulnerability Missing Newline Character Check in Nim's asyncftpclient Library Arbitrary Command Execution through browsers.openDefaultBrowser in Nim 1.2.4 CR-LF Injection Vulnerability in Nim 1.2.4's httpClient Library Vulnerability in Nim 1.2.4: Improper Server Response Validation in httpClient CSRF Vulnerability in Joomla! com_privacy XSS Vulnerability in Joomla! mod_random_image User table class vulnerability allows unauthorized modification of internal read-only fields Inadequate Filtering on Joomla! System Information Screen Exposes Redis or Proxy Credentials Usergroups Table Object Validation Vulnerability Remote Code Execution Vulnerability in Internet Explorer's Scripting Engine CSRF Vulnerability in Joomla! com_installer's ajax_install Endpoint Denial of Service Vulnerability in apport/report.py Race Condition Privilege Escalation Vulnerability in Apport Privilege Escalation via Unvalidated Locale Property in apt Transaction Local Privilege Escalation via modprobe Child Process Secure Boot Bypass Vulnerability in GRUB2 Race Condition in GRUB2's grub_script_function_create() Leads to Use-After-Free Vulnerability and Arbitrary Code Execution Heap-based buffer overflow vulnerability in GRUB2's efilinux component allows for arbitrary code execution and bypass of UEFI Secure Boot World Read/Write Permissions in Ubuntu's libvirt Control Socket: A Path to Arbitrary File Overwrite and Code Execution Vulnerability: Terminal Content Modification via PPA Description in add-apt-repository Windows Setup Elevation of Privilege Vulnerability Double Free Vulnerability in Bluez 5 Module of PulseAudio CSRF Vulnerability in MISP before 2.4.129 Allows Unauthorized Homepage Modification Directory Traversal Vulnerability in rConfig 3.9.5 SQL Injection Vulnerability in rConfig 3.9.5 Allows Remote Attackers to Manipulate Database SQL Injection Vulnerability in rConfig 3.9.5 Allows Remote Attackers to Manipulate Database Arbitrary Code Execution Vulnerability in rConfig 3.9.5 via search.crud.php Cross-Site Scripting (XSS) Vulnerability in RosarioSIS 6.7.2 Preferences.php Script Cross-Site Scripting (XSS) Vulnerability in RosarioSIS 6.7.2 Search.inc.php Script XSS Vulnerability in RosarioSIS 6.7.2 PrintSchedules.php Script Certificate-validation flaw in libldap with RFC6125 support Vulnerability: Lack of Certificate Validation in Dogtag PKI XSS Vulnerability in RosarioSIS 6.8-beta: Modules/Custom/NotifyParents.php Local Privilege Escalation Vulnerability in 360 Total Security (Version 12.1.0.1004 and below) Local Privilege Escalation Vulnerability in 360 Total Security Version 12.1.0.1004 and Below Local Privilege Escalation Vulnerability in 360 Total Security Version 12.1.0.1005 and Below Cross-Site Scripting (XSS) Vulnerability in Microsoft SharePoint Server Arbitrary File Write Vulnerability in Bitdefender Engines Improper Certificate Validation Vulnerability in Bitdefender Total Security Origin Validation Error Vulnerability in Bitdefender Antivirus Plus SafePay Component Origin Validation Error Vulnerability in Bitdefender Safepay: Unauthorized File Access Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Remote Code Execution via Stack-based Buffer Overflow in Victure PC420 Smart Camera Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Remote Code Execution Vulnerability in Microsoft SharePoint Insecure CSRF Prevention Token Transmission in Gradle Enterprise Unrestricted HTTP Header Reflection in Gradle Enterprise and Gradle Enterprise Build Cache Node Cross-Site Scripting (XSS) Vulnerability in Gradle Enterprise 2020.2 - 2020.2.4 DirectWrite Memory Disclosure Vulnerability Lack of Lock-out after Excessive Failed Logins in Gradle Enterprise 2018.5 Cross-Site Transmission of CSRF Token in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1 XML External Entity (XXE) Vulnerability in Gradle Enterprise Unrestricted Cross-Origin Read Access in Gradle Enterprise Export API Browser Session Hijacking Vulnerability in Gradle Enterprise Unauthenticated Access to High-Level Build Information in Gradle Enterprise CSRF Vulnerability in Gradle Enterprise 2018.2 - 2020.2.4 Unrestricted Deserialization Vulnerability in Maven Extension Plugin Command Injection Vulnerability in OpenSSH's scp.c toremote Function Path Traversal Vulnerability in socket.io-file Package Windows Kernel Information Disclosure Vulnerability ACPI Table Injection Vulnerability in Linux Kernel Cross-Site Scripting (XSS) Vulnerability in SICAM WEB Firmware for SICAM A8000 RTUs (All versions < V05.30) Memory Protection Bypass Vulnerability in Siemens Industrial Controllers and Drives Denial-of-Service Vulnerability in SIMATIC S7-300, SIMATIC TDC CPU555, and SINUMERIK 840D sl Insecure Storage of Sensitive Information in Spectrum Power 4 Configuration Files Cleartext Transmission of Usernames in Siveillance Video Client: NTLM Authentication Vulnerability Insufficient Authentication Blocking in SIMATIC HMI Panels Allows Brute-Force Attacks Authentication Bypass Vulnerability in SIMATIC HMI Unified Comfort Panels (<= V16) Cross-Site Scripting (XSS) Vulnerability in Polarion Subversion Webclient Cross-Site Request Forgery (CSRF) Vulnerability in Polarion Subversion Webclient Windows Function Discovery SSDP Provider Memory Handling Vulnerability Directory Listing Vulnerability in Spectrum Power 4 (All versions < V4.70 SP8) Insufficient Authentication Protocol Protection in SIMATIC S7 and SINUMERIK PLCs Desigo Insight Web Service Content-Based Blind SQL Injection Vulnerability Desigo Insight Clickjacking Vulnerability Information Disclosure Vulnerability in Desigo Insight Web Application DNS Domain Name Label Parsing Vulnerability in APOGEE and TALON Building Automation Systems Denial-of-Service Vulnerability in SIMATIC ET 200SP Open Controller and SIMATIC S7-1500 Software Controller Improper Access Control Vulnerability in DCA Vantage Analyzer Allows Escape from Restricted Environment Unauthenticated Remote Access Vulnerability in Siemens Industrial Devices Unauthenticated Remote Reboot Vulnerability in SCALANCE X-200 and X-200IRT Switches Cross-Site Scripting (XSS) Vulnerability in Microsoft SharePoint Server Heap Overflow Vulnerability in SCALANCE X-200 and X-300 Switches Bypassing sys.path Restrictions in Python 3.8.4 BLURtooth: Cross Transport Key Derivation Vulnerability in Bluetooth Core Specification v4.2 and v5.0 Stored XSS Vulnerability in Zabbix URL Widget Uncontrolled Memory Allocation in CODESYS Control Runtime System NULL Pointer Dereference Vulnerability in GNU LibreDWG before 0.11 SSRF and Path Traversal Vulnerability in SpinetiX Devices Elevation of Privilege Vulnerability in Microsoft Office Click-to-Run Components HTTP Request Smuggling Vulnerability in Squid Proxy Server HTTP Request Splitting and Cache Poisoning Vulnerability in Squid Proxy Server Lack of SSL Certificate Validation in Graylog LDAP Integration Vulnerability: Code Execution via DYLD Environment Variable Injection in Western Digital WD Discovery Arbitrary Issue Command Execution in JetBrains YouTrack Disclosure of Issue Existence in JetBrains YouTrack Subtasks Workflow SSRF Vulnerability in JetBrains YouTrack Allows Scanning Internal Ports Title: Microsoft Access Remote Code Execution Vulnerability Disclosure of Hidden File Existence in JetBrains YouTrack Markdown Parser Unauthenticated User Can Create Article Draft in JetBrains YouTrack SSRF Vulnerability in JetBrains YouTrack before 2020.2.10514 Allows URL Filtering Escape SSRF Vulnerability in JetBrains YouTrack Workflow Component Script-Cache Privilege Escalation Vulnerability in JetBrains Kotlin 1.4-M1 to 1.4-RC Privilege Escalation Vulnerability in JetBrains TeamCity Privilege Escalation Vulnerability in JetBrains TeamCity Missing Signature Verification for jetbrains-toolbox.exe in JetBrains ToolBox Version 1.17 Unauthorized Access to Project Parameter Values in JetBrains TeamCity Sensitive Password Disclosure in JetBrains TeamCity Build Logs Microsoft Word Memory Disclosure Vulnerability Stored XSS Vulnerability in JetBrains TeamCity Administration UI Reflected XSS Vulnerability in JetBrains TeamCity Administration UI Undocumented Remote Reboot Capability in Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Hard-coded Path Vulnerability in Dropbear SSH Daemon on Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Exposure of Wireless Network Password in QR Encoded Picture on Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Undocumented Authentication Bypass Vulnerability in Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Arbitrary Command Execution Vulnerability in Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Weak Permissions in ConnectWise Automate Agent Update System Allow Privilege Escalation Unrestricted Size Denial-of-Service Vulnerability in Liferay Portal Elevation of Privilege Vulnerability in dnsrslvr.dll Bypassing 'portlet.resource.id.banned.paths.regexp' Property in Liferay Portal Versions 6.2 EE, DXP 7.2, DXP 7.1, and DXP 7.0 LDAP Server Password Disclosure Vulnerability Insecure Deserialization Vulnerability in Liferay Portal and Liferay DXP Privilege Escalation Vulnerability in ActFax Version 7.10 Build 0335 (2020-05-25) Blind Authenticated SQL Injection Vulnerability in Re:Desk 2.3 Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Insecure Permissions in Nakivo Backup & Replication Director v9.4.0.r43656 on Linux: Local Privilege Escalation Remote Access to Unencrypted Backup Repositories and Controller Configuration in Nakivo Backup & Replication Transporter version 9.4.0.r43656 I/O Port Permissions Synchronization Vulnerability in Linux Kernel 5.5 through 5.7.9 Vulnerability: Denial of Service in supybot-fedora 'refresh' Command Bodhi 5.6.1 Patched: Critical Cross-Site Scripting Vulnerabilities Resolved Directory Traversal Vulnerability in Thales DIS Devices Use-After-Free Vulnerability in QEMU 4.2.0's e1000e_core.c Business Logic Error in Parallels Remote Application Server (RAS) 17.1.1 Enables Unauthorized Remote Code Execution and Internal Domain Access Escalation of Privileges via UNIX Symbolic Link (Symlink) Following in Net-SNMP Arbitrary Command Execution via SNMP WRITE Access to EXTEND MIB in Net-SNMP 5.8 Buffer Overflow Vulnerability in XGMAC Ethernet Controller in QEMU XSS Vulnerability in Quali CloudShell 9.3 Login Page Stimulsoft Reports 2013.1.1600.0 Remote Code Execution Vulnerability Heap-Based Buffer Overflow in mrb_yield_with_class Function in mruby through 2.1.2-rc Authenticated Remote Code Execution via Git Hook in Gogs Incorrect Access Control in Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 Cross-Site Scripting (XSS) Vulnerability in Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 Windows Ancillary Function Driver for WinSock Memory Handling Vulnerability Cross-Site Scripting (XSS) Vulnerability in Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 Remote Code Execution in Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 SQL Injection in LibreNMS via customoid.inc.php device_id parameter Insufficient Access Control in LibreNMS before 1.65.1 Bitwarden Server 1.35.1 Vulnerability: Inadequate Filtering of IPv6 and IPv4 Addresses Leading to SSRF Cross-Site Scripting (XSS) Vulnerability in MunkiReport's munki_facts Module CSRF Vulnerability in MunkiReport Allows Arbitrary Machine Deletion Cross-Site Scripting (XSS) Vulnerability in MunkiReport's managedinstalls Module SQL Injection Vulnerability in MunkiReport's TableQuery.php Allows Arbitrary SQL Command Execution Cross-Site Scripting (XSS) Vulnerability in MunkiReport Comment Module SQL Injection Vulnerability in MunkiReport's reportdata_controller.php Arbitrary SQL Command Execution in MunkiReport Software Update Module Heap-based Buffer Overflow in Lua through 5.4.0 due to Mishandling of Stack Resizes and Garbage Collection Heap-based Buffer Over-read in Lua 5.4.0: Insufficient Marking in youngcollection Windows Kernel Information Disclosure Vulnerability Out-of-Bounds Read Vulnerability in LuaJit through 2.1.0-beta3 Stack-based buffer overflow vulnerability in D-Link DAP-1520 devices before 1.10b04Beta02 Command Injection Vulnerability in D-Link DIR-816L Devices Exposed Administration Function in D-Link DIR-816L Devices Allows Retrieval of Sensitive Information Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-816L Devices Authentication Bypass Vulnerability in D-Link DAP-1522 Devices Remote Traffic Loss and Incorrect Forwarding in Arista EOS Unidirectional Traffic Forwarding Vulnerability in Arista EOS Insufficient Data Validation in Grin 3.0.0 before 4.0.0: A Mimblewimble Vulnerability Elevation of Privilege Vulnerability in Connected User Experiences and Telemetry Service Memory Corruption Vulnerability in Artifex Ghostscript 9.50 and 9.52 Arbitrary Command Execution in Nagios XI before 5.7.3 via ajaxhelper.php Cross-Site Scripting (XSS) Vulnerability in Graph Explorer of Nagios XI before 5.7.2 Privilege Escalation Vulnerability in Nagios XI Backend Scripts Buffer Overflow in bsdiff4 Patching Routine: Heap Memory Write Vulnerability Blank Admin Password Vulnerability in Tiki before 21.2 JavaScript Execution in Mahara File and Folder Names Directory Traversal Vulnerability in Cauldron cbang (C-Bang or C!) before 1.6.0 Session Hijacking Vulnerability in SolarWinds N-central 2020.1 Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) SolarWinds N-Central Version 12.3 GA and Lower - HTTPOnly Cookie Vulnerability Vulnerability: Unauthorized Door Access in Tesla Model 3 Vehicles via NFC Relay Cross-Site Scripting (XSS) Vulnerability in Origin Client for Mac and PC 10.5.86 or Earlier Remote Command Execution via goform/AdvSetLanip Endpoint on Tenda AC15 AC1900 15.03.05.19 Devices Protocol Violation in Claws Mail: Mishandling of Suffix Data after STARTTLS Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Mida eFramework 2.9.0 Reflected Cross Site Scripting (XSS) Vulnerability in Mida eFramework 2.9.0 Windows Kernel Information Disclosure Vulnerability Mida eFramework OS Command Injection Vulnerability Backdoor Vulnerability in Mida eFramework 2.9.0 Allows Unauthorized Administrative Access and Code Execution Mida eFramework 2.9.0 OS Command Injection Vulnerability with Remote Code Execution Unauthenticated Directory Traversal Vulnerability in Mida eFramework 2.9.0 SQL Injection Vulnerability in Mida eFramework 2.9.0 Allows Information Disclosure SQL Injection Vulnerability in Loway QueueMetrics (before 19.10.21) via TPF_XPAR1 Parameter Rocket.Chat XSS Vulnerability Allows Remote Code Execution on Client Side Authenticated SQL Injection in Zoho ManageEngine Applications Manager SAP Module Directory Traversal Vulnerability in Ortus TestBox 2.4.0 through 4.1.0 Remote Code Execution Vulnerability in Ortus TestBox 2.4.0 through 4.1.0 Windows Media Audio Decoder Remote Code Execution Vulnerability Arbitrary Code Execution Vulnerability in Joplin Desktop 1.0.190 to 1.0.245 via Malicious HTML Embed Tag Remote Capture of Domain Administrator Net-NTLMv1/v2 Authentication Challenge Hash Vulnerability Elevation of Privileges Vulnerability in Overwolf before 0.149.2.30 Information Disclosure Vulnerability in Fortinet FortiMail Cleartext Storage of Sensitive Information in FortiADC GUI Sensitive Information Disclosure via SNI Client Hello TLS Packets in Fortinet FortiGate Stored Cross-Site Scripting (XSS) Vulnerability in FortiGate IPS and WAF Logs Dashboard Vulnerability: Non-HTTP/S Traffic Bypasses Transparent Proxy Policy in FortiGate Versions Below 6.2.5 and 6.4.2 Improper Access Control Vulnerability in FortiSandbox Versions 3.2.1 and below and 3.1.4 and below Allows Unauthorized Download of Configuration File Remote Code Execution Vulnerability in Microsoft Excel Software Remote Code Injection Vulnerability in FortiClientEMS FortiClientEMS Path Traversal Vulnerability in Deployment Packages Password Disclosure Vulnerability in Fortinet FortiWeb Web Vulnerability Scan Profile Privilege Escalation and Cross-Site Scripting (XSS) Vulnerability in Gantt-Chart Module for Jira Persistent XSS Vulnerability in Gantt-Chart Module for Jira Segmentation Fault Vulnerability in Lua 5.4.0: Incorrect Expectation of Updated oldpc Value Arbitrary SQL Command Execution in Loway QueueMetrics Cross-Site Scripting (XSS) Vulnerability in eGain Chat 15.5.5 via Name Field Insecure Permissions in Immuta v2.8.2: User Account Takeover Vulnerability Remote Code Execution Vulnerability in Microsoft SharePoint Improper Session Management in Immuta v2.8.2: User Sessions Not Revoked Upon Logout HTML Injection Vulnerability in Immuta v2.8.2 Allows for Phishing Attacks Stored and Reflected XSS Vulnerabilities in Immuta v2.8.2 STARTTLS Buffering Vulnerability in LibEtPan Unencrypted POP3 Communication Vulnerability in KDE KMail 19.12.3 Arbitrary Command Injection Vulnerability in s/qmail STARTTLS Encryption Buffer Overflow Vulnerability in ACTi NVR3 Standard Server 3.0.12.42 JWT Signature Bypass Vulnerability in DP3T-Backend-SDK Insecure Direct Object Reference Vulnerability in 1CRM System Information Disclosure via Social Engineering in Google Chrome Weak Hash Algorithm Information Disclosure Vulnerability Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Sandbox Escape Vulnerability in Google Chrome Extensions Out of Bounds Memory Access Vulnerability in Google Chrome (prior to 85.0.4183.121) Sandbox Escape Vulnerability in Google Chrome Extensions Heap Corruption Vulnerability in Google Chrome (prior to 85.0.4183.121) via Crafted HTML Page Type Confusion Vulnerability in V8: Remote Out of Bounds Memory Access in Google Chrome (CVE-2020-15999) Insufficient Policy Enforcement in Google Chrome Extensions: Exploiting Sensitive Information Leakage Remote Code Execution via Use After Free in Google Chrome Payments Remote Code Execution Vulnerability in Google Chrome Prior to 86.0.4240.75 WebRTC Use After Free Vulnerability in Google Chrome (CVE-2020-15999) ASP.NET Core Denial of Service Vulnerability NFC Use After Free Vulnerability in Google Chrome Prior to 86.0.4240.75 Sandbox Escape via Use After Free Vulnerability in Google Chrome Heap Corruption Vulnerability in Google Chrome Prior to 86.0.4240.75 via Crafted HTML Page Bypassing Same Origin Policy via Crafted Chrome Extension in Google Chrome (CVE-2020-15999) Bypassing Site Isolation via Integer Overflow in Google Chrome SwiftShader Integer Overflow Vulnerability in Google Chrome WebXR Use After Free Vulnerability in Google Chrome on Android Information Disclosure Vulnerability in Google Chrome on OS X Remote Code Execution via Navigation Bypass in Google Chrome on Android Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-15999) Elevation of Privilege Vulnerability in Windows Universal Plug and Play (UPnP) Service Bypassing Navigation Restrictions via Crafted Intents in Google Chrome on Android Audio Out of Bounds Read Vulnerability in Google Chrome Remote Information Disclosure Vulnerability in Google Chrome Bypassing Content Security Policy in Google Chrome on ChromeOS Omnibox Spoofing Vulnerability in Google Chrome on iOS Remote Security UI Spoofing Vulnerability in Google Chrome Heap Corruption via Crafted HTML Page in Google Chrome Remote Code Execution via Use After Free in WebRTC Stream Arbitrary Code Execution via Insufficient Policy Enforcement in Google Chrome Downloads Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2020-15999) Windows Identity Spoofing Vulnerability Sandbox Escape via Use After Free Vulnerability in Google Chrome Autofill Sandbox Escape via Use After Free Vulnerability in Google Chrome's Password Manager Bypassing Same Origin Policy in Google Chrome prior to 86.0.4240.75 via Insufficient Policy Enforcement Remote Code Execution via Use After Free in Google Chrome Printing Remote Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2020-15999) V8 Out of Bounds Write Vulnerability in Google Chrome (CVE-2020-15999) Sandbox Escape via Use After Free Vulnerability in Google Chrome Sandbox Escape via Use After Free Vulnerability in Mojo in Google Chrome Sandbox Escape via Use After Free Vulnerability in Google Chrome USB (CVE-2020-15999) Heap Buffer Overflow in Freetype: Remote Code Execution in Google Chrome Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS Heap Corruption Vulnerability in Google Chrome (CVE-2020-15999) Remote Code Execution Vulnerability in Google Chrome Prior to 86.0.4240.111 PDFium Use After Free Vulnerability in Google Chrome (CVE-2020-15999) Remote Code Execution via Use After Free in Google Chrome Printing Remote Code Execution Vulnerability in Google Chrome User Interface Heap Corruption Vulnerability in ANGLE in Google Chrome Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-15999) Local Privilege Escalation Vulnerability in Google Chrome Installer WebRTC Stack Buffer Overflow Vulnerability in Google Chrome Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-15999) Juniper Networks Junos OS Path Computation Element Protocol (PCEP) Malformed Packet Denial of Service Vulnerability Heap Buffer Overflow in Google Chrome for Android: Remote Code Execution and Sandbox Escape Vulnerability Heap Buffer Overflow in Google Chrome UI: Remote Code Execution and Sandbox Escape Vulnerability Cross-Origin Data Leakage in Graphics in Google Chrome Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-16040) Sandbox Escape via Use After Free Vulnerability in Google Chrome Heap Corruption Vulnerability in Google Chrome WASM (prior to 87.0.4280.66) Sandbox Escape Vulnerability in Google Chrome (prior to 86.0.4240.193) Sandbox Escape via Use After Free Vulnerability in Google Chrome's Site Isolation Remote Code Execution via Use After Free in Google Chrome Payments (CVE-2020-16013) Bypassing Noexec Restrictions in Google Chrome on ChromeOS Remote Code Execution Vulnerability in Juniper Networks JDHCPD Process Bypassing Discretionary Access Control in Cryptohome on Google ChromeOS OS-level privilege escalation vulnerability in Google Chrome on ChromeOS prior to 87.0.4280.66 Bypassing Firewall Controls via Insufficient Policy Enforcement in Google Chrome WebCodecs Use After Free Vulnerability in Google Chrome Heap Buffer Overflow in Google Chrome's UI: Remote Code Execution and Sandbox Escape Vulnerability Heap Buffer Overflow in Clipboard: Remote Sandbox Escape in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome (CVE-2020-16043) Insufficient Policy Enforcement in Google Chrome Developer Tools Allows Information Disclosure via Malicious Extension WebRTC Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability PDFium Remote Navigation Bypass Vulnerability Juniper Networks Junos OS IPv6 Packet Egress Vulnerability Remote Code Injection Vulnerability in Google Chrome (CVE-2020-16009) Omnibox Spoofing Vulnerability in Google Chrome (CVE-2020-16042) Omnibox Spoofing Vulnerability in Google Chrome (CVE-2020-16042) Remote Security UI Spoofing Vulnerability in WebUSB in Google Chrome WebRTC Policy Bypass Vulnerability in Google Chrome (CVE-2020-16042) Bypassing noexec Restrictions via Insufficient Data Validation in cros-disks in Google Chrome on ChromeOS Cookie Bypass Vulnerability in Google Chrome (prior to 87.0.4280.66) Remote Code Execution Vulnerability in Google Chrome's Clipboard Handling (CVE-2020-16009) Remote Code Execution Vulnerability in Google Chrome on OS X Remote Code Execution Vulnerability in Google Chrome Extensions Vulnerability in IP Firewall Filter Evaluation on Juniper Networks Junos OS Heap Corruption Vulnerability in V8 Engine of Google Chrome (Versions prior to 87.0.4280.88) Remote Information Disclosure Vulnerability in Google Chrome Uninitialized Use Vulnerability in V8 in Google Chrome (CVE-2020-16040) Bypassing Discretionary Access Control via Insufficient Data Validation in Google Chrome Networking WebRTC Heap Corruption Vulnerability in Google Chrome 88.0.4324.96 Sandbox Escape via Use after Free Vulnerability in Google Chrome on Android Remote Code Execution Vulnerability in iOSWeb on Google Chrome for iOS Remote Code Execution Vulnerability in ANGLE Allows Unauthorized Data Access via Crafted HTML Page Arbitrary Command Execution Vulnerability in Juniper Networks JDHCPD Path Traversal Vulnerability in Juniper Networks Junos OS Insufficient Cross-Site Scripting (XSS) Protection in J-Web: Remote Code Injection and Session Hijacking Vulnerability Kernel Crash and Reboot Vulnerability in Juniper Networks Junos OS for MX Series Devices Arbitrary Command Execution Vulnerability in Zalo Desktop 19.8.1.0 Authentication Bypass Vulnerability in OpenIKED Arbitrary Command Execution Vulnerability in Juniper Networks JDHCPD Denial of Service Vulnerability in QEMU Network Packet Processing Default configuration of Net::LDAPS module in LemonLDAP::NG allows unverified X.509 certificates in remote LDAP backends Unlimited Recursion Vulnerability in Claws Mail's imap_scan_tree_recursive Function XSS Vulnerability in TYPO3 dlf Extension (aka Kitodo.Presentation) before 3.1.2 Unrestricted Access to Sensitive Data in Gallagher Command Centre Debug Port Vulnerability in T Series Readers Allows Retrieval of MIFARE Plus and Desfire Site Keys Access Card Credential Enumeration Vulnerability in Command Centre Versions Prior to v8.20.1166(MR3) Vulnerability: Denial of Service in Gallagher Command Centre v8.20 Unauthenticated Remote DCOM Websocket Connection Crash Vulnerability Remote DCOM Websocket Connection Out-of-Bounds Buffer Access Vulnerability in Command Centre Service Authentication Bypass Vulnerability in Gallagher Command Centre Server Type Confusion Vulnerability in Gallagher Command Centre Server SQL Injection Vulnerability in Gallagher Command Centre's Enterprise Data Interface Juniper Networks Junos Space Local File Inclusion Vulnerability Directory Traversal Vulnerability in KDE Ark before 20.08.0 NULL Pointer Dereference Vulnerability in GNOME Evolution-Data-Server NULL Pointer Dereference Vulnerability in GNOME Balsa before 2.6.0 Linux Kernel Use-After-Free Vulnerability in DCCP Socket Listener Overlayfs Vulnerability: Unauthorized File Access in User Namespace Detailed Error Messages in PackageKit Expose File Presence and Mimetype Vulnerability PackageKit's apt backend allows installation of malicious packages due to mistaken trust of all local deb files Race condition in Ubuntu-specific PulseAudio patch allows snap connections without proper confinement Integer Overflow or Wraparound Vulnerability in OpenRobotics ros_comm XML RPC Library Privilege Escalation via gnome-initial-setup in gdm3 Improper Dropping of ruid in Ubuntu AccountsService Allows Untrusted Users to Disrupt D-Bus Communication Unbounded Read Operations in AccountsService: Infinite Loop Vulnerability Vulnerability: aptdaemon DBus Interface File Existence Disclosure BGP FlowSpec Vulnerability in Juniper Networks Junos OS Cross-Site Scripting (XSS) Vulnerability in Tiki before 21.2 Privilege Escalation via Sysbus-API on Swisscom Internet Boxes NULL Pointer Dereference in libssh 0.9.4's tftpserver.c Directory Traversal Vulnerability in tgstation-server 4.4.0 and 4.4.1 Privilege Escalation Vulnerability in Cisco Unified IP Conference Station 7937G Denial-of-Service Vulnerability in Cisco Unified IP Conference Station 7937G Remote Denial-of-Service Vulnerability in Cisco Unified IP Conference Station 7937G Use of Hard-coded Credentials Vulnerability in Juniper Networks NFX250 Series vSRX VNF XSS Vulnerability in Greenmart Theme 2.4.2 for WordPress Search Functionality Vulnerability: Format String Exploit in Mercedes-Benz C Class AMG Premium Plus c220 BlueTec Bluetooth Stack DLL Hijacking Vulnerability in Seafile-Client 7.0.8 Permission Issue Allows Virus Upload and Fails to Delete in ownCloud Files Antivirus Component Stored XSS in Roundcube Webmail via Crafted SVG Document Buffer Overflow in BluFi Provisioning in Espressif ESP-IDF Unauthenticated Code Injection Vulnerability in Telmat AccessLog <= 6.0 (TAL_20180415) Authenticated Code Injection Vulnerability in Telmat AccessLog <= 6.0 (TAL_20180415) Default Credentials Vulnerability in Juniper Networks vMX Lucky 13 Timing Side Channel Vulnerability in Mbed TLS Remote Code Execution in ExtremeWireless Aerohive HiveOS and IQ Engine Signature Verification Bypass in App::cpanminus package 1.7044 for Perl Lack of Unique Signed Data Definition in CPAN::Checksums Package 2.12 for Perl CPAN 2.28 Signature Verification Bypass Vulnerability Stored XSS Vulnerability in Nagios Log Server 2.1.7 and earlier via Email Users menu Stack Out-of-Bounds Write Vulnerability in GoPro GPMF-Parser Heap Out-of-Bounds Read and Segfault Vulnerability in GoPro gpmf-parser 1.5 Insufficient Server-Side Login Attempt Limit Enforcement in Juniper Networks JATP and vJATP Devices GoPro gpmf-parser 1.5 Division-by-Zero Vulnerability in GPMF_Decompress() GoPro gpmf-parser 1.5 Division-by-Zero Vulnerability in GPMF_ScaledData() CRL Validation Bypass Vulnerability in RIPE NCC RPKI Validator Lack of TLS Validation in RIPE NCC RPKI Validator Allows Access Bypass and Denial of Service RPKI Validator Access Restriction Bypass and Denial of Service Vulnerability SQL Injection Vulnerability in SpringBlade's DAO/DTO Implementation Observation-based Information Leakage in Linux Kernel's Network RNG (CID-f227e3ec3b5c) Remote Call Hijacking and Unauthorized Control of temi Robox OS Remote Access to temi Robox OS and MQTT Broker via Origin Validation Error Elevated Privileges and Unauthorized Control in temi Robox OS and Android App Denial of Service Vulnerability in Juniper Networks Junos OS Devices without AFI/AFT Support Remote Eavesdropping Vulnerability in temi Robox OS and Android App SSRF Vulnerability in Acronis Cyber Backup Authentication Bypass Vulnerability on Juniper Networks EX and QFX Series Privilege Escalation Vulnerability in Juniper Networks QFX10K, EX9200, MX, and PTX Series with NG-RE Reflected XSS Vulnerability in LimeSurvey 4.3.2 Cross-Site Scripting (XSS) Vulnerability in osTicket before 1.14.3 via unvalidated echo in include/staff/banrule.inc.php Insecure Direct Object Reference (IDOR) Vulnerability in Prestashop Opart devis < 4.0.2 Allows Unauthorized Access to User's Invoice and Delivery Address Scope Validation Bypass and Unauthorized Certificate Usage in Octopus Deploy 3.4 Insufficient Identity Verification in Philips Clinical Collaboration Platform Multiple Stack-Based Buffer Overflow Vulnerabilities in Delta Industrial Automation CNCSoft ScreenEditor Password Hash Disclosure Vulnerability in Junos OS Evolved Resource Exhaustion Vulnerability in Philips Clinical Collaboration Platform Multiple Out-of-Bounds Read Vulnerabilities in Delta Industrial Automation CNCSoft ScreenEditor Incorrect Permissions in WebAccess Node Services Can Lead to Code Execution with System Privileges Uninitialized Pointer Vulnerability in Delta Industrial Automation CNCSoft ScreenEditor Undocumented Interface Vulnerability on N-Tron 702-W / 702M12-W (all versions) Remote Code Execution Vulnerability in G-Cam and G-Code Firmware Versions 1.12.0.25 and prior Stored Cross-Site Scripting Vulnerability in N-Tron 702-W / 702M12-W (all versions) Multiple Heap-Based Buffer Overflow Vulnerabilities in Advantech WebAccess HMI Designer Cross-Site Request Forgery Vulnerability in N-Tron 702-W / 702M12-W Buffer Overflow Vulnerability in Fieldcomm Group HART-IP Interface Password Hash Disclosure Vulnerability in Junos OS Evolved Remote Code Execution Vulnerability in N-Tron 702-W / 702M12-W (all versions) Out-of-Bounds Read Vulnerability in Advantech WebAccess HMI Designer Vulnerability: Unauthorized Resource Access and Local Breakout in PICiX Versions B.02, C.02, C.03 Buffer Overflow Vulnerability in Advantech WebAccess HMI Designer CSV Injection Vulnerability in Patient Information Center iX (PICiX) Versions B.02, C.02, C.03 Stack-based Buffer Overflow in Advantech WebAccess HMI Designer Input Validation Vulnerability in IntelliVue Patient Monitors Double Free Vulnerability in Advantech WebAccess HMI Designer: Remote Code Execution and Information Disclosure Unsanitized User Input in PICiX Versions B.02, C.02, C.03 Allows Unauthorized Access to Patient Data Out-of-Bounds Read Vulnerability in Delta Electronics TPEditor Versions 1.97 and Prior Vulnerability: Password and Shared Secret Hash Disclosure in Junos OS Evolved Certificate Enrollment Service Crash in PICiX and PerformanceBridge Focal Point Stack-Based Buffer Overflow in Delta Electronics TPEditor Versions 1.97 and Prior Insufficient Identity Verification in PICiX and PerformanceBridge Focal Point Heap-Based Buffer Overflow in Delta Electronics TPEditor Versions 1.97 and Prior Vulnerability: Inconsistent Length Field Handling in PICiX Versions C.02, C.03 Vulnerability in Delta Electronics TPEditor Versions 1.97 and Prior: Write-What-Where Condition Exploit Impersonation Vulnerability in Mitsubishi Electric Products Enables Remote Command Execution Improper Input Validation in Delta Electronics TPEditor Versions 1.97 and Prior Certificate Revocation Check Vulnerability in PICiX, PerformanceBridge Focal Point, and IntelliVue Patient Monitors Type Confusion Vulnerability in Advantech WebAccess HMI Designer Sensitive Configuration Information Disclosure in Junos OS Evolved CORS Configuration Vulnerability in Ewon Flexy and Cosy Allows for Information Retrieval Weak Cryptography in Bachmann Electronic M-Base Controllers: Password Vulnerability Buffer Overflow Vulnerability in Yokogawa WideField3 R1.01 - R4.03 CodeMeter Heap Data Leakage Vulnerability Stack-Based Buffer Overflow Vulnerability in PLC WinProladder Version 3.28 and Prior Emerson OpenEnterprise Vulnerability: Inadequate Encryption Allows Unauthorized Access Out-of-Bounds Read Vulnerability in FPWIN Pro Allows Remote Code Execution Input Validation Vulnerability in Philips SureSigns VS4, A.07.107 and prior Privilege Escalation Vulnerability in B. Braun Melsungen AG SpaceCom and Data Module compactplus Insufficient Identity Verification in Philips SureSigns VS4 Software Vulnerability: Password and Shared Secret Hash Disclosure in Junos OS Evolved Insecure Direct Object Reference (IDOR) Vulnerability in GE Digital APM Classic Unrestricted Access Vulnerability in Philips SureSigns VS4, A.07.107 and prior Cross-Site Scripting (XSS) Vulnerability in Reason S20 Ethernet Switch Buffer Overflow Vulnerabilities in LeviStudioU (Version 2019-09-21 and prior) Insecure Password Hashing in GE Digital APM Classic Puts User Accounts at Risk Path Traversal Vulnerabilities in Advantech iView 5.7 and Prior Versions Cross-Site Scripting (XSS) Vulnerability in Reason S20 Ethernet Switch Inappropriate Access Control Vulnerability in Philips Clinical Collaboration Platform SSRF Vulnerability in Prometheus Blackbox Exporter Memory Leak Vulnerability in Juniper Networks Junos OS Authentication Bypass Vulnerability in HashiCorp Vault with AWS IAM Auth Method Authentication Bypass Vulnerability in HashiCorp Vault with GCP GCE Auth Method CSRF Vulnerability in Field Test Gem 0.2.0 - 0.3.2 for Ruby CSRF Vulnerability in PgHero Gem (Ruby) CSS Injection Vulnerability in Chartkick Gem XSS Vulnerability in ownCloud (Core) Login Page 'Forgot Password' CSRF Vulnerability in Winston 1.5.4 API Command Injection Vulnerability in Winston 1.5.4 API Default Credentials in Monit Service of Winston 1.5.4 Devices Undocumented SSH User Account Vulnerability in Winston 1.5.4 Devices Juniper Networks Junos OS Evolved Denial of Service Vulnerability Unauthenticated Access Control Vulnerability in Winston 1.5.4 Devices U-Boot Interrupt Vulnerability in Winston 1.5.4 Devices Enables Local Root Access Root Privilege Escalation Vulnerability in Winston 1.5.4 Devices Arbitrary Origin Trust Vulnerability in Winston 1.5.4 Devices Arbitrary HTML Injection in MantisBT Custom Field Leads to XSS Vulnerability Authenticated SQL Injection in Zoho ManageEngine Applications Manager (CVE-2021-40539) Elevation of Privileges via MSI Installer in 1E Client Segmentation Fault Vulnerability in radare2 4.5.0 due to Misparsed DWARF Information Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on vMX and MX150 Devices OLIMPOKS 3.3.39 Auth/Admin ErrorMessage XSS Vulnerability: Exploiting a Critical XSS Vulnerability in a Widely Used Application Insufficiently Random Number Generation in Kee Vault KeePassRPC Allows Remote Data Manipulation Missing Validation in SRP-6a Implementation in Kee Vault KeePassRPC Allows Remote Data Manipulation Stack-Underflow Attack Vulnerability in Armv8-M TrustZone Processors Arbitrary Script Execution via Cross-Site Scripting (XSS) in SAINT Security Suite Credential Manager SQL Injection Vulnerability in SAINT Security Suite 8.0 through 9.8.20 Allows Unauthorized Database Access SQL Injection Vulnerability in SAINT Security Suite Analytics Component SAINT Security Suite 8.0 through 9.8.20 Cross-Site Scripting (XSS) Vulnerability Remote Code Execution Vulnerability in Kommbox Component of RangeeOS 8.0.4 Information Exposure Vulnerability in Juniper Networks Junos OS on EX4300 Switches Plaintext Storage of Credentials in RangeeOS 8.0.4 Modules Unrestricted Context Menus Vulnerability in Kommbox Component of RangeeOS 8.0.4 Privilege Escalation and Full System Compromise in RangeeOS 8.0.4 Buffer Overflow Vulnerability in lprn_is_black() in GhostScript v9.50 Buffer Overflow Vulnerability in GhostScript v9.50 Allows Remote DoS via Crafted PDF Buffer Overflow Vulnerability in cif_print_page() in Artifex Software GhostScript v9.50 Allows Remote DoS via Crafted PDF Race Condition Vulnerability in Juniper Network Junos OS Devices Buffer Overflow Vulnerability in jetp3852_print_page() in Artifex Software GhostScript v9.50 Allows Remote DoS Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Remote Denial of Service Buffer Overflow Vulnerability in GhostScript v9.50 Allows Remote DoS via Crafted PDF Null Pointer Dereference Vulnerability in GhostScript v9.50 Allows Remote DoS Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Remote DoS via Crafted PDF File Null Pointer Dereference Vulnerability in clj_media_size() in GhostScript v9.50 Buffer Overflow Vulnerability in GetNumWrongData() in GhostScript v9.50 Allows Remote DoS Buffer Overflow Vulnerability in FloydSteinbergDitheringC() in GhostScript v9.50 Buffer Overflow Vulnerability in mj_color_correct() in GhostScript v9.50 Division by Zero Vulnerability in bj10v_print_page() in GhostScript v9.50 Privilege Escalation Vulnerability in Juniper Networks Junos OS Devices with Dual Routing Engines Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Remote DoS via Crafted PDF Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Remote DoS via Crafted PDF File Buffer Overflow Vulnerability in jetp3852_print_page() in Artifex Software GhostScript v9.50 Allows Privilege Escalation via Crafted PDF File Use-After-Free Vulnerability in Artifex Software GhostScript v9.50 Allows Privilege Escalation via Crafted PDF File Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Privilege Escalation via Crafted EPS File Buffer Overflow Vulnerability in pcx_write_rle() in GhostScript v9.50 Allows Remote DoS Null Pointer Dereference Vulnerability in Artifex Software GhostScript v9.50 Allows Remote Denial of Service Null Pointer Dereference Vulnerability in Artifex Software GhostScript v9.50 Allows Remote Denial of Service Buffer Overflow Vulnerability in p_print_image() in GhostScript v9.50 Allows Remote DoS Buffer Overflow Vulnerability in lxm5700m_print_page() in Artifex Software GhostScript v9.50 Vulnerability in Juniper Networks Junos OS HTTP/HTTPS Service Division by Zero Vulnerability in dot24_print_page() in GhostScript v9.50 BGP UPDATE Message DoS Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) vulnerability in Junos OS 17.4 and later releases Denial of Service Vulnerability in Juniper Networks Junos OS on High-End SRX Series Devices Vulnerability in Juniper Networks SRX Series Device: Unauthorized Access to Network Resources Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Juniper Networks Junos OS Ethernet OAM Packet Handling Denial of Service Vulnerability Denial of Service Vulnerability in Juniper Networks Junos OS BGP Packet Processing Race Condition Vulnerability in Juniper Networks Junos OS LLDP Implementation Leading to Denial of Service (DoS) Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS BGP UPDATE Packet Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Devices Vulnerability: DNS Filtering Service Crash on Juniper Networks Junos MX Series Juniper Networks Junos OS and Junos OS Evolved BGP UPDATE Processing Vulnerability Double Free Vulnerability in Juniper Networks SRX Series with ICAP Redirect Service Juniper Networks Junos OS and Junos OS Evolved BGP Packet Processing Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS with MPC7, MPC8, or MPC9 Line Cards Denial of Service Vulnerability in Juniper Networks Junos MX Series with Service Card Memory Leak Vulnerability in Juniper Networks MX Series OpenNMS Port 9443 Vulnerability Vulnerability: Juniper Networks Junos OS TCP Packet Mbuf Leak Vulnerability: Denial of Service (DoS) and Remote Code Execution (RCE) in Juniper Networks SRX Series with ICAP Redirect Service Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS with Inline IP Reassembly Juniper Networks Junos OS DHCPv6 Relay-Agent Service Denial of Service (DoS) and Remote Code Execution (RCE) Vulnerability Vulnerability in Juniper Networks Junos OS Allows Spoofing of IPSec Peers on SRX Series Devices Heap-based Buffer Overflow Vulnerability in Academy Software Foundation OpenEXR 2.3.0 Null Pointer Dereference Vulnerability in Academy Software Foundation OpenEXR 2.3.0 Head-based Buffer Overflow in OpenEXR 2.3.0: Denial of Service Vulnerability Double Free Vulnerability in GNU Binutils 2.35's Binary File Descriptor (BFD) Library Denial of Service Vulnerability in GNU Binutils 2.35: Invalid Read in BFD's process_symbol_table Use After Free Vulnerability in GNU Binutils 2.34's BFD Library Null Pointer Dereference Vulnerability in GNU Binutils 2.35's libbfd Library Null Pointer Dereference Vulnerability in GNU Binutils 2.35 Denial of Service (DoS) Vulnerability in Juniper Networks Junos MX Series with DNS Filtering Enabled Use After Free Vulnerability in MuPDF Library 1.17.0-rc1 and Earlier Razer Chroma SDK Rest Server Remote Code Execution Vulnerability Remote Code Execution via Cross-Site Scripting (XSS) in Notable 1.8.4 Denial of Service (DoS) vulnerability in Juniper Networks Junos OS DHCP Forwarder Cross-Site Request Forgery (CSRF) vulnerability in Hoosk Codeigniter CMS before 1.7.2 allows unauthorized deletion of user accounts BGP Session Flapping Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Devices SQL Injection Vulnerability in PhpOK 5.4.137 Allows Remote File Write Vulnerability: Unauthorized Access to Attributes in TI BLE Stack Remote Code Execution Vulnerability in DedeCMS V5.7 SP2 via action_search.php Stack Buffer Overflow Vulnerability in Juniper Networks Junos OS DCD Allows for DoS and Arbitrary Code Execution IPv6 DDoS Protection Bypass Vulnerability on Juniper Networks MX and EX9200 Series Vulnerability: Unauthorized Access to Active CLI Session in Juniper Networks Junos OS Evolved Race Condition Vulnerability in Juniper Networks Junos MX Series with DNS Filtering Enabled High CPU Load Vulnerability in Juniper Networks EX2300 Series Insecure Storage of Password Hashes in Juniper NFX350 Series Devices Juniper Networks EX4300 Series IPv4 Packet Stream Vulnerability Juniper Networks Junos OS DHCPv6 Malformed Packet Crash Vulnerability Juniper Networks Junos OS DHCPv6 Relay Denial of Service Vulnerability Insufficient Cross-Site Scripting (XSS) Protection in Juniper Networks J-Web and Web-Based Services SAML Authentication Bypass Vulnerability in Juniper Networks Mist Cloud UI SAML Authentication Bypass Vulnerability in Juniper Networks Mist Cloud UI SAML Response Modification Vulnerability in Juniper Networks Mist Cloud UI Memory Leak Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Platforms with EVPN Configuration Stuck Kernel Routing Table (KRT) Queue Vulnerability in Juniper Networks PTX and QFX Series Devices Denial of Service Vulnerability in Juniper Networks MX Series with NAT64 Configuration Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved Input Validation Vulnerability in Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based Platforms Memory Leak Vulnerability in Juniper Networks Junos OS Devices Unauthenticated WebSocket Request Allows Password Change on Crestron DM-NVX-DIR Devices High CPU Load Vulnerability in Juniper Networks SRX Series with Application Identification Inspection Enabled Denial of Service Vulnerability in Firecracker Network Stack Authorization Bypass Vulnerability in Istio 1.5.0 - 1.5.8 and 1.6.0 - 1.6.7 Infinite Read Loop Vulnerability in encoding/binary's ReadUvarint and ReadVarint Shell Injection Vulnerability in SaltStack Salt API with SSH Client Enabled Unauthenticated Reflected XSS Vulnerability in Extreme Management Center (EMC) before 8.5.0.169 (CFD-4887) Canon MF237w 06.07 Devices Vulnerability: Improper Handling of Length Parameter Inconsistency in IPv4/ICMPv4 Component VXLAN Firewall Filter Discard Action Failure Denial of Service Vulnerability in Mitsubishi MELSEC iQ-R Series PLCs with Firmware 49 Elevation of Privilege Vulnerability in OneDrive for Windows Desktop Elevation of Privilege Vulnerability in OneDrive for Windows Desktop Elevation of Privilege Vulnerability in OneDrive for Windows Desktop Windows Kernel Information Disclosure Vulnerability Uninitialized Variable Information Disclosure Vulnerability in Microsoft Office Software Remote Code Execution Vulnerability in Visual Studio Remote Code Execution Vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Denial of Service Vulnerability in Juniper Networks Junos OS Devices via Malformed IPv6 Packet Remote Code Execution Vulnerability in Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Remote Code Execution Vulnerability in Microsoft Dynamics 365 (On-Premises) Windows Remote Desktop Service Denial of Service Vulnerability Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) High CPU Load and Traffic Interruption Vulnerability in Juniper Networks EX4300-MP, EX4600, and QFX5K Series Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Xamarin.Forms Android WebView Spoofing Vulnerability Remote Code Execution Vulnerability in Visual Studio Remote Code Execution Vulnerability in Microsoft Exchange Server Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in Microsoft Windows Handling of Reparse Points Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Windows Projected Filesystem Information Disclosure Vulnerability Vulnerability: Unauthorized Access to Juniper Networks Web API Service Private Key Remote Code Execution Vulnerability in Visual Studio Code via Malicious 'package.json' File Remote Code Execution Vulnerability in IEToEdge BHO Plugin Elevation of Privilege Vulnerability in Windows Storage VSP Driver PowerShellGet V2 Module Security Feature Bypass Vulnerability Elevation of Privilege Vulnerability in Windows Network Connections Service Windows KernelStream Information Disclosure Vulnerability High CPU Load Vulnerability in Juniper Networks EX4300-MP, EX4600, and QFX5K Series in Virtual Chassis Configuration Windows Kernel Elevation of Privilege Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Elevation of Privilege Vulnerability in Windows Kernel Image Handling Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Error Reporting Manager Elevation of Privilege Vulnerability Information Disclosure Vulnerability in Remote Desktop Protocol (RDP) NetBIOS over TCP Information Disclosure Vulnerability Remote Code Execution Vulnerability in Windows TCP/IP Stack Windows TCP/IP Stack Denial of Service Vulnerability Improper Authorization Flaw in openstack-selinux Allows Privilege Escalation and Denial of Service Windows Event System Elevation of Privilege Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Installer Elevation of Privilege Vulnerability Azure Functions Access Key Validation Elevation of Privilege Vulnerability Windows Error Reporting (WER) Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Setup Elevation of Privilege Vulnerability Windows Error Reporting (WER) Elevation of Privilege Vulnerability Stored Cross-Site Scripting Vulnerability in Moodle 3.8 Conversation Overview Windows UEFI File Creation Permissions Bypass Vulnerability Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows GDI+ Information Disclosure Vulnerability Windows Media Foundation Memory Corruption Vulnerability Elevation of Privilege Vulnerability in Windows COM Object Creation Remote Code Execution Vulnerability in Base3D Rendering Engine Windows Enterprise App Management Service Information Disclosure Vulnerability Information Exposure of Service Tokens in Moodle Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Information Disclosure Vulnerability in Text Services Framework Windows Spoofing Vulnerability: Bypassing File Signature Validation Remote Code Execution Vulnerability in Microsoft Graphics Components Windows Jet Database Engine Remote Code Execution Vulnerability Denial of Service Vulnerability in Remote Desktop Protocol (RDP) Microsoft Office Click-to-Run (C2R) AppVLP Privilege Escalation Vulnerability Remote Code Execution Vulnerability in Microsoft Excel Software XML Internal Entity Attack Vulnerability in Spacewalk 2.9 Remote Code Execution Vulnerability in Microsoft Excel Software Remote Code Execution Vulnerability in Microsoft Excel Software Remote Code Execution Vulnerability in Microsoft Excel Software Microsoft Word Security Feature Bypass Vulnerability Microsoft Office Click-to-Run (C2R) AppVLP Privilege Escalation Vulnerability Elevation of Privilege Vulnerability in Windows COM Object Creation Windows Backup Service Elevation of Privilege Vulnerability .NET Framework Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Elevation of Privilege Vulnerability in Group Policy Access Check Inadequate Token Audience Verification in Keycloak NodeJS Adapter Windows User Profile Service (ProfSvc) Elevation of Privilege Vulnerability Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft SharePoint Server Information Disclosure Vulnerability Elevation of Privilege Vulnerability in Microsoft Dynamics 365 Commerce Allows Unauthorized Data Updates SharePoint Server Cross-Site Scripting Vulnerability Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Microsoft Outlook Remote Code Execution Vulnerability Information Disclosure Vulnerability in Microsoft SharePoint Server Denial of Service Vulnerability in Microsoft Outlook Improper Input Validation Leading to Illegal Header Injection in Resteasy Information Disclosure Vulnerability in Microsoft SharePoint Server Remote Code Execution Vulnerability in Microsoft SharePoint Remote Code Execution Vulnerability in Microsoft SharePoint Information Disclosure Vulnerability in Microsoft SharePoint Server Remote Code Execution Vulnerability in Microsoft Office Software Microsoft Office Click-to-Run (C2R) AppVLP Privilege Escalation Vulnerability Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in pki-core 10.x.x Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability Microsoft Exchange Information Disclosure Vulnerability Stored XSS Vulnerability in Keycloak Admin Console Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Azure SDK for Java Security Feature Bypass Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in Visual Studio Code Python Extension Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Password Leakage Vulnerability in Keycloak Elevation of Privilege Vulnerability in Windows iSCSI Target Service Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Unveiling the Azure Sphere Tampering Vulnerability: A Critical Security Breach Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Azure Sphere Information Leakage Vulnerability Azure Sphere DoS Vulnerability: Disrupting Service Availability Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Ceph Dashboard Path Traversal Vulnerability Azure Sphere Information Leakage Vulnerability Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Elevation of Privilege Vulnerability in Network Watcher Agent for Linux Kerberos Ticket Replay Vulnerability Exposed Server Information: Remote Desktop Protocol Vulnerability Unprivileged Access Exploit in DirectX Windows WalletService Information Leakage Vulnerability Ceph RGW Beast Front-End Denial of Service Vulnerability Exposed Remote Desktop Protocol Client Information Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Azure SDK for C Security Feature Bypass Vulnerability: Exploiting Weak Authentication Mechanisms Remote Code Execution Vulnerability in Base3D Rendering Engine Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Windows Error Reporting Privilege Escalation Vulnerability KubeVirt Main virt-handler Access Permissions Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Windows Port Class Library Privilege Escalation Vulnerability Windows Bind Filter Driver Privilege Escalation Vulnerability Win32k Information Disclosure Vulnerability Exposes Sensitive Data Print Spooler Privilege Escalation Vulnerability in Windows Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unbounded Memory Consumption Vulnerability in Containers-Image Word Security Feature Bypass Vulnerability: Exploiting Microsoft Word's Security Measures Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Remote Code Execution Vulnerability in Visual Studio Code via Malicious 'package.json' File Windows Client Side Rendering Print Provider Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Canonical Display Driver Information Leakage Vulnerability Windows MSCTF Server Information Disclosure Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Function Discovery SSDP Provider Information Leakage Vulnerability Windows WalletService Privilege Escalation Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Insecure Modification Vulnerability in OpenShift ServiceMesh (Maistra) Allows Privilege Escalation Hyper-V Security Feature Bypass Vulnerability in Windows PrintNightmare Vulnerability PrintNightmare: Windows Print Spooler Remote Code Execution Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows KernelStream Information Disclosure Vulnerability: Exposing Sensitive Data Windows Error Reporting Service Denial of Service Vulnerability Windows Network File System (NFS) Denial of Service Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Kerberos Constrained Delegation Service Ticket Tampering Vulnerability Insecure Modification Vulnerability in openshift/template-service-broker-operator Windows Network File System RCE Vulnerability Exploiting the Scripting Engine Memory Corruption Vulnerability Exploiting Internet Explorer's Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Network File System (NFS) Information Disclosure Vulnerability Windows Win32k Privilege Escalation Vulnerability Microsoft Browser Memory Corruption Vulnerability: A Critical Security Risk Privilege Escalation Vulnerability in openshift/apb-tools-container Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server SharePoint Remote Code Execution: A Critical Vulnerability in Microsoft's Collaboration Platform Access Connectivity Engine Remote Code Execution Vulnerability in Microsoft Office Office Online Spoofing Vulnerability: Exploiting Microsoft's Online Suite Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Security Feature Bypass Vulnerability Exploiting the Windows GDI+ Remote Code Execution Vulnerability Windows NDIS Information Leakage Vulnerability Insecure Modification Vulnerability in openshift/postgresql-apb Container Windows Update Medic Service Privilege Escalation Vulnerability Windows Delivery Optimization Information Leakage Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability: A Critical Security Flaw in Windows Windows Update Orchestrator Service Elevation of Privilege Vulnerability: A Critical Security Flaw in Windows Windows USO Core Worker Elevation of Privilege Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability: A Critical Security Flaw in Windows Windows Update Stack Privilege Escalation Vulnerability Raw Image Extension RCE Vulnerability Raw Image Extension RCE Vulnerability Privilege Escalation Vulnerability in Openshift-Enterprise Microsoft Raw Image Extension Remote Code Execution Vulnerability Raw Image Extension RCE Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Exchange Server DoS Vulnerability: Disrupting Microsoft's Communication Platform Raw Image Extension RCE Vulnerability Windows Kernel Local Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability SharePoint Privilege Escalation Vulnerability Insecure Modification Vulnerability in openshift/mediawiki Allows Privilege Escalation Exploiting Microsoft Defender for Endpoint Security Feature Bypass Vulnerability Exploiting the Microsoft Teams Remote Code Execution Vulnerability Windows Network Connections Service Privilege Escalation Vulnerability Windows Error Reporting Data Leakage Vulnerability Hyper-V Remote Code Execution Vulnerability in Windows NTFS Remote Code Execution: A Critical Windows Vulnerability Windows Digital Media Receiver Privilege Escalation Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data Lock Screen Bypass Vulnerability in Windows Operating System Vulnerability: Improper Parsing of Field-Name in JBoss EAP 6.4.21 Visual Studio Code Injection Vulnerability HEIF Image Extensions Remote Code Execution Vulnerability WebP Image Format Information Disclosure Vulnerability Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Remote Code Execution Vulnerability in Visual Studio Code JSHint Extension AV1 Video Extension Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Out-of-Bounds Heap Buffer Access Vulnerability in QEMU iSCSI Block Driver Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Camera Codec Information Leakage Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Exploiting the Microsoft SharePoint Remote Code Execution Vulnerability Outlook Data Exposure Vulnerability Heap Use-After-Free Vulnerability in systemd Allows Privilege Escalation Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Exploiting the Microsoft SharePoint Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel PowerPoint Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft PowerPoint Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Data Leakage Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Security Feature Bypass Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Unveiling Sensitive Data: Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Exploiting the DirectX Graphics Kernel for Privilege Escalation Windows Error Reporting Data Leakage Vulnerability Windows Overlay Filter Security Bypass Vulnerability Arbitrary Java Object Deserialization Vulnerability in Keycloak Windows SMB Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Exposed: Microsoft Exchange Server Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Azure DevOps Server and Team Foundation Services Spoofing Vulnerability: Exploiting Trust in Communication Channels Dynamics CRM Webclient XSS Vulnerability Visual Studio Code Remote Development Extension RCE Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) Edge for Android Spoofing Vulnerability Exposes Users to Phishing Attacks Exploiting Visual Studio Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) Visual Studio Code Java Extension Pack RCE Vulnerability Hardcoded Passwords in ceph-ansible Playbook Allow Unauthorized Access to Ceph Clusters Windows Security Feature Bypass: A Critical Vulnerability in Microsoft Windows Remote Code Execution Vulnerability in Visual Studio Code Python Extension Account Email Enumeration Vulnerability in Keycloak 7.0.1 Unauthorized Access Vulnerability in Keycloak Reset Credential Flow EJBContext Principle Leakage Vulnerability in WildFly PostgreSQL Vulnerability: Unauthorized Object Dropping via ALTER ... DEPENDS ON EXTENSION Reflected Cross-Site Scripting (XSS) Vulnerability in Key Recovery Authority (KRA) Agent Service Denial of Service Vulnerability in IPA Versions 4.x.x through 4.8.0 Arbitrary Redirect Vulnerability in Keycloak Gatekeeper (Louketo) Logout Endpoint Information Leakage Vulnerability in Keycloak Persistent Access Flaw in Keycloak: Unauthorized Resource Access After Role Mapping Change and Token Expiration Podman Vulnerability: Unauthorized File Overwrite in Read-Only Volumes Improper Input Validation in Keycloak Allows Crafting of Malicious Deep Links Missing HTTP Security Headers in Keycloak Admin Console SmallRye API ClassLoader Bypass Vulnerability Vulnerability: Crash on Uninitialized Connection Cleanup in libssh Static Admin Password Vulnerability in Keycloak Operator Concurrent Request Vulnerability in Soteria before 1.0.1 Race Condition Vulnerability in Ansible Engine Arbitrary Command Execution Vulnerability in Ansible's Pipe Lookup Plugin Vulnerability in Ansible Engine's Fetch Module Allows Path Injection and Destination Manipulation Remote Code Execution Vulnerabilities in Sophos XG Firewall User Portal LilyPond Vulnerability: Unrestricted Embedded PostScript and SVG Execution Arbitrary Code Execution Vulnerability in LilyPond before 2.24 Denial of Service Vulnerability in Arista EOS DHCP Packet Handling Vulnerability in Ansible Engine: File Disclosure via Atomic Move Primitive Integer Overflow Bypass in vm::arrayCopy Method in ReadyTalk Avian 1.2.0 Silent Data Loss Vulnerability in ReadyTalk Avian 1.2.0 Reflected XSS Vulnerability in Nova Lite WordPress Theme (<= 1.3.9) Remote Code Execution in USVN (User-friendly SVN) Timeline Module Cross-Site Scripting (XSS) Vulnerability in USVN (User-friendly SVN) before 1.0.9 via SVN Logs Privilege Escalation via Improper Directory Permissions in Hotspot Shield VPN Client Software Vulnerability: RPKI Route Origin Authorisation and X509 Certificate Revocation List Manipulation Command Injection Vulnerability in Firejail through 0.9.62 Command Injection Vulnerability in Firejail through 0.9.62 Path Traversal Vulnerability in Ansible's win_unzip Module Cross-Site Scripting (XSS) Vulnerability in SugarCRM before 10.1.0 (Q3 2020) SQL Injection Vulnerability in SugarCRM before 10.1.0 (Q3 2020) Vulnerability: Unauthorized Access to Destination Host Devices in OpenStack Nova Unspecified Module Selection Vulnerability in Ansible Engine Heap-based Buffer Overflow in QEMU SDHCI Device Emulation Privilege Escalation via Total Commander Default Installation Directory MSI AmbientLink MsIo64 Driver Buffer Overflow Vulnerability Telos Z/IP One Directory Traversal Vulnerability Remote Code Execution Vulnerability in Cellopoint Cellos v4.1.10 Build 20190922 Path Traversal Vulnerability in Cellopoint Cellos v4.1.10 Build 20190922 Arbitrary File Access Vulnerability in Cellopoint Cellos v4.1.10 Build 20190922 Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Authentication Bypass and Remote Code Execution in Marvell QConvergeConsole 5.5.0.64 Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Vulnerability: Password Disclosure in Ansible's SVN Module Privilege Escalation Vulnerability in Parallels Desktop 15.1.2-47123 Local Privilege Escalation Vulnerability in Parallels Desktop 15.1.3-47255 (ZDI-CAN-10518) Privilege Escalation Vulnerability in Parallels Desktop 15.1.3-47255 (ZDI-CAN-10519) Parallels Desktop 15.1.3-47255 Local Information Disclosure Vulnerability Parallels Desktop 15.1.4 OEMNet Component Buffer Overflow Vulnerability Privilege Escalation Vulnerability in Parallels Desktop 15.1.4 Integer Overflow Privilege Escalation in Parallels Desktop 15.1.4 Privilege Escalation via Network Packet Handling in Parallels Desktop 15.1.4 Buffer Overflow Vulnerability in Parallels Desktop 15.1.4 Privilege Escalation Vulnerability in Parallels Desktop 15.1.4 Insecure Secret Handling in Ansible Vault Privilege Escalation in Parallels Desktop 15.1.4 (ZDI-CAN-11304) Vulnerability Title: Parallels Desktop 15.1.4 Local Information Disclosure Vulnerability Local Information Disclosure Vulnerability in Parallels Desktop 15.1.4 (47270) Arbitrary Code Execution via PSD File Handling in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via PSD File Handling in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution Vulnerability in Senstar Symphony 7.3.2.2 Arbitrary Code Execution Vulnerability in Microhard Bullet-LTE (ZDI-CAN-10595) Remote Code Execution in Microhard Bullet-LTE (CVE-2021-XXXX) XXE vulnerability in NEC ExpressCluster 4.1 allows remote information disclosure Unauthenticated Information Disclosure in NETGEAR Routers (ZDI-CAN-10754) OpenShift Container Platform (OCP) 3.11 CORS Misconfiguration Vulnerability Arbitrary Code Execution via GIF Parsing in Foxit PhantomPDF 10.0.0.35798 Remote Code Execution Vulnerability in Foxit PhantomPDF 10.0.0.35798 via U3D Object Handling Remote Code Execution Vulnerability in Foxit PhantomPDF 10.0.0.35798 via U3D Objects in PDF Files (ZDI-CAN-11224) Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 10.0.0.35798 Privilege Escalation Vulnerability in Foxit Reader 10.0.0.35798 Privilege Escalation Vulnerability in Foxit PhantomPDF 10.0.0.35798 Arbitrary Code Execution via JPEG2000 Image Parsing in Foxit Reader 10.0.0.35798 Arbitrary Code Execution Vulnerability in Foxit Reader 10.0.1.35811 Arbitrary Code Execution via Crafted EZIX Files in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via NEF File Handling in Foxit Studio Photo 3.6.6.922 Insecure Modification Vulnerability in nmstate/kubernetes-nmstate-handler Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via NEF File Handling Arbitrary Code Execution via NEF File Handling in Foxit Studio Photo 3.6.6.922 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via EPS File Handling Arbitrary Code Execution via ARW File Handling in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via EZI File Parsing in Foxit Studio Photo 3.6.6.922 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via EPS File Parsing (ZDI-CAN-11259) Arbitrary Code Execution via CR2 File Handling in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via NEF File Processing in Foxit Studio Photo 3.6.6.922 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CMP Files Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CMP Files Arbitrary Code Execution via CR2 File Parsing in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via CR2 File Parsing in Foxit Studio Photo 3.6.6.922 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CR2 Files Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CMP Files Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via ARW File Parsing Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CR2 Files (ZDI-CAN-11358) Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CMP Files Buffer Overflow Vulnerability in uIP 1.0 Buffer Overflow Vulnerability in uIP 1.0 DNS Cache Poisoning Vulnerability in uIP 1.0 Failure to Send OTP Failure Login Events to Brute Force Protection Event Queue in Keycloak DNS Response Parsing Vulnerability in uIP 1.0 Out-of-Bounds Read Vulnerability in picoTCP 1.7.0 Integer Wraparound Vulnerability in picoTCP 1.7.0 Integer Wraparound Vulnerability in picoTCP 1.7.0 ICMPv6 Echo Replies Denial-of-Service Vulnerability in picoTCP 1.7.0 due to IPv6 Extension Header Processing Out-of-Bounds Read Vulnerability in picoTCP 1.7.0 Uninitialized Pointer Vulnerability in asyncpg before 0.21.0 Bypassing Dangerous File Type Execution Protection in Telegram Desktop Cross-Site Scripting (XSS) Vulnerability in PHP-Fusion 9.03 via error_log File Undertow AJP Connector File Inclusion Vulnerability Cross-Site Scripting (XSS) Vulnerability in PHP-Fusion 9.03 Preview Page Cross-Site Scripting (XSS) Vulnerability in flatCore before 1.5.7 via ACP Pages and System Preferences Arbitrary PHP File Upload and Execution in flatCore before 1.5.7 XSS Vulnerability in WSO2 Management Console (5.10) via msgId Parameter Reflected XSS Vulnerability in WSO2 API Manager's Publisher Component Remote Code Execution Vulnerability in SEOWON INTECH SLC-130 and SLR-120S Devices via system_log.cgi XSS Vulnerability in Fujitsu ServerView Suite iRMC before 9.62F Post-Authenticated Stored XSS Vulnerability in MultiUx v.3.1.12.0 via /multiux/SaveMailbox LastName Field LDAP Bind Password Disclosure Vulnerability Authenticated Arbitrary File Upload in CMS Made Simple 2.2.14 via Unblocked .ptar Files SQL Injection Vulnerability in FUEL CMS 1.4.7 via col Parameter Stored XSS Vulnerability in ForgeRock Identity Manager (Versions 6.5.0.4 and 6.0.0.6) Authentication Bypass Vulnerability in Turcom TRCwifiZone (CVE-2020-08-10) Information Disclosure Vulnerability in FNET LLMNR Request Processing IPv6 Extension Header Processing Vulnerability in FNET Uninitialized Pointer Dereference in IPv6 Fragment Reassembly Leading to Denial-of-Service Arbitrary Code Execution Vulnerability in PyYAML Library Vulnerability: Insufficiently Random Transaction IDs in FNET DNS Client Interface Authentication Bypass Vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 Token-reuse vulnerability in ZKTeco FaceDepot 7B and ZKBiosecurity Server allows unauthorized user manipulation and data extraction Unauthenticated Physical Access Vulnerability in MEGVII Koala 2.9.1-c3s Network Relays Cross-Site Scripting (XSS) Vulnerability in Mibew Messenger before 3.2.7 via Crafted User Name Remote Code Execution via Incorrect LDAP ACLs in UCS@school Timing Attack Vulnerability in ECDSA/EC/Point.pm Improper Input Validation in jpv (aka Json Pattern Validator) before 2.2.2 Bypass of WildFlySecurityManager Checks Leading to Unauthorized Access Cross-Site Scripting (XSS) Vulnerability in TinyMCE Core Parser, Paste Plugin, and Visualchars Plugin Memory Leakage Vulnerability in PowerDNS Authoritative Server Improper Access Control Vulnerability in Uffizio GPS Tracker Allows Sensitive Information Disclosure Open Redirection Vulnerability in Uffizio GPS Tracker: Arbitrary External Domain Redirection Remote Code Execution Vulnerability in Uffizio's GPS Tracker: Compromising Web Server and Executing Arbitrary Commands Segmentation Fault in radare2 4.5.0 due to Misparsed Signature Information in PE Files Password Visibility Vulnerability during Logout in GNOME gnome-shell Data Confidentiality Vulnerability in Linux Kernel's IPsec Implementation for VXLAN and GENEVE Tunnels Weak File Permissions in TLS Module of SaltStack Salt through 3002 Weak Password Encryption in Untangle Firewall NG Sensitive Cleartext Information Storage in Database Remote Command Execution in vBulletin 5.5.4 through 5.6.2 via Crafted SubWidgets Data PTK Reinstallation Vulnerability in iNet Wireless Daemon (IWD) through 1.8 Double Free Vulnerability in Wireshark 3.2.0 to 3.2.5 Kafka Protocol Dissector Denial of Service Vulnerability in OpenShift Machine-Config-Operator Unauthenticated Remote Code Execution in Barco TransForm NDN-210 Series Command Injection Vulnerability in Barco TransForm NDN-210 Web Administration Panel Command Injection Vulnerability in NDN-210 Web Administration Panel Command Injection Vulnerability in NDN-210 Web Administration Panel Command Injection Vulnerability in Artica Web Proxy 4.30.000000 via service-cmds Parameter in cyrus.php SQL Injection Vulnerability in Artica Web Proxy 4.30.00000000 Allows Remote Privilege Escalation Buffer Over-read in Qt's read_xbm_body Function Memory Disclosure Vulnerability in ATS ESI Plugin Vulnerability: Cache Poisoning Attack in ATS Negative Cache Option Out-of-Bounds Write Vulnerability in glibc Signal Trampolines on PowerPC Authentication Bypass Vulnerability in Apache Shiro with Spring Plain Text Password Logging Vulnerability in Airflow Metadata SSRF Vulnerability in Apache Airflow's Charts and Query View Insecure HTTPS Hostname Verification in Apache Fineract Prior to 1.5.0 Persistent Cross-Site Scripting (XSS) Vulnerability in Apache Airflow Unencrypted Internode Connection Bypass in Apache Cassandra Unauthenticated Access to S3 Buckets and Keys in Apache Ozone Cluster Arbitrary File Write Vulnerability in Apache Flink 1.5.1 REST Handler Local File Read Vulnerability in Apache Flink 1.11.0 - 1.11.2 Use-after-free vulnerability in glibc's tilde expansion leads to arbitrary code execution Bypassing Admin Permission Verification in Pulsar Manager 0.1.0 Insecure Usage of Superseded Java JDK Method in Apache Groovy Insecure Permissions in Apache Traffic Control's ip_allow.config Generation Authentication Bypass Vulnerability in Apache Shiro with Spring Crash Vulnerability in Subversion's mod_authz_svn Module Session Hijacking Vulnerability in Apache Airflow Webserver HTTP/2 Header Value Reuse Vulnerability Arbitrary Memory Corruption via Out-of-Bounds Write in Apache NuttX TCP Stack Invalid Fragmentation Offset Vulnerability in Apache NuttX TCP Stack Vulnerability: Disclosure of Passwords and Tokens in Ansible Engine Kubernetes Management Remote Code Execution Vulnerability in Apache Struts 2.0.0 - 2.5.25 Apache Tapestry 4 Java Serialization Vulnerability Arbitrary Code Execution Vulnerability in ServiceComb-Java-Chassis 2.0.0 - 2.1.3 Inadequate Return Value Checking in Apache Accumulo Allows Unauthorized Administrative Operations Race Condition Vulnerability in HTML/Java API Version 1.7: Temporary File Deletion and Directory Creation Buffer Overflow Vulnerability in GetNumSameData() in GhostScript v9.50 Allows Remote DoS Grade History Report Access Control Vulnerability Stack-based Buffer Overflow in Libjpeg-turbo's transform Component Allows Remote Code Execution or Denial of Service Arbitrary Code Execution via Cross Site Scripting (XSS) in dotCMS v5.1.5 IP Spoofing Vulnerability in Moodle Versions 3.8.2, 3.7.5, 3.6.9, and 3.5.11 XSS Vulnerability in ImpressCMS 1.4.0's modules/system/admin.php Allows Arbitrary Remote Code Execution Insufficient Input Escaping in Moodle PHP Unit Webrunner Admin Tool Arbitrary File Deletion Vulnerability in FeiFeiCMS v4.0 Arbitrary File Deletion Vulnerability in FeiFeiCMS v4.0 Undertow Servlet Container Security Bypass Vulnerability Keycloak SMTP Server TLS Hostname Verification Bypass Vulnerability Nonce Reuse Vulnerability in Red Hat Ceph Storage and Openshift Container Storage Ceph Object Gateway XSS Vulnerability OpenShift Web Console Access Token Exposure Vulnerability Insufficient JWT Validation Vulnerability in Kiali Allows Session Spoofing and Privilege Escalation Buffer Overflow Vulnerability in libreswan's pluto Daemon Hard-coded Cryptographic Key Vulnerability in Kiali Allows Unauthorized Access to Istio Configuration Vulnerability: Spoofing of From Fields in OTRS Community Edition and OTRS Remote Code Execution via SVG File Upload in OTRS Community Edition Draft Manipulation Vulnerability in ((OTRS)) Community Edition 6.0.x and 7.0.x Session Hijacking Vulnerability in OTRS 7.0.x version 7.0.14 and prior versions Autocomplete Vulnerability in OTRS Login Screens Sensitive Information Disclosure in Support Bundle Generated Files Unsanitized Parameter Encoding Vulnerability in OTRS Community Edition and OTRS Wildcard Token Vulnerability in ((OTRS)) Community Edition and OTRS Session ID and Password Reset Token Prediction Vulnerability in OTRS Community Edition Vulnerability: Key Mix-up in PGP/S/MIME Key Export BCC Recipients Exposed in OTRS Article Detail on External Interface Integer Overflow Vulnerability in Payable Function of MillionCoin (MON) Smart Contract Implementation Arbitrary Token Transfer Vulnerability in RC Smart Contract Arbitrary Command Execution Vulnerability in Evernote Client for Windows (WINNOTE-19941) Session Persistence Vulnerability in OTRS Community Edition: 6.0.28 and prior, OTRS: 7.0.18 and prior, 8.0.4 and prior Agent Name Disclosure Vulnerability in OTRS Authentication Bypass Vulnerability in OTRS 8.0.9 and Prior Versions Improper Masking of OTRS Tags in OTRSTicketForms Denial of Service Vulnerability in Mate 10 Pro, Honor V10, Honor 10, and Nova 4 Smartphones Improper Authentication Vulnerability in HUAWEI Mate 20 Pro Allows Bypass of Digital Balance Function Improper Authentication Vulnerability in HUAWEI Mate 20 Smartphones Improper Authentication in Honor V30 Smartphones Insufficient Authentication Vulnerability in Huawei OSCA-550 Series Archer C1200 Firmware Version 1.13 XSS Vulnerability Command Injection Vulnerability in GaussDB 200 (Version 6.5.1) CSRF Vulnerability in PbootCMS 1.3.2 Allows Unauthorized Password Change Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones Out of Bounds Write Vulnerability in Honor V10 Smartphones Improper Authentication in Smartphone Applock Allows Unauthorized Access Improper Authentication in Smartphone Applock Allows Unauthorized Access Digital Balance Bypass Vulnerability in HUAWEI Mate 20 and Mate 30 Pro Smartphones Remote Code Execution (RCE) Vulnerability in Twothink v2.0's /library/think/App.php Allows Arbitrary PHP Code Execution Improper Authorization Vulnerability in Huawei Mate 20 and Mate 30 Pro Smartphones Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones Improper Authentication Vulnerability in HUAWEI P30 Smartphones Use After Free Vulnerability in E6878-370 (Versions 10.0.3.1) Arbitrary Code Execution via Cross Site Scripting (XSS) in MiniCMS v1.10 Improper Access Control Vulnerability in HUAWEI P30 Smartphones Improper Authentication Vulnerability in Mate 30 and Mate 30 Pro Smartphones SQL Injection Vulnerability in Whatsns 4.0 via ip Parameter in index.php?admin_banned/add.htm SQL Injection in Xinhu OA System v1.8.3: Remote Information Disclosure Insufficient Integrity Validation Vulnerability in Multiple Products SQL Injection in PHPSHE Mall System v1.7: Remote Code Execution via user_phone Parameter Arbitrary Code Execution and Information Disclosure in Qibosoft QiboCMS v7 and Earlier Information Disclosure Vulnerability in Huawei Honor V20 Smartphones Buffer Overflow in Graphviz Graph Visualization Tools Arbitrary Code Execution via Cross Site Scripting (XSS) in Jeesns v1.4.2 Out of Bounds Read Vulnerability in Huawei Honor V10 Smartphones Arbitrary Command Execution Vulnerability in CraigMS 1.0 Out of Bounds Read Vulnerabilities in Huawei Honor V10 Smartphones Out of Bounds Read Vulnerabilities in Huawei Honor V10 Smartphones Cross Site Scripting (XSS) Vulnerability in PopojiCMS 2.0.1 Admin Menu Manager Cross Site Scripting Vulnerability in ZrLog 2.1.0 via post/addComment Parameters Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones Path Traversal Vulnerability in iCMS v7.0.13 Allows Remote Folder Deletion Virtual Path Mapping Buffer Overflow Vulnerability in FTPShell v6.83 Resetting Administrator Account Password Vulnerability in SEMCMS v3.8 Out of Bound Read Vulnerability in Huawei and Honor Smartphones Plaintext Password Retrieval Vulnerability in SEMCMS 3.8's checkuser Function Remote Code Execution via Cross Site Scripting (XSS) in yzmCMS v5.2 Information Disclosure Vulnerability in HUAWEI Mate 10 Smartphones RSA Algorithm Weakness in Huawei Products: Potential Information Leakage Vulnerability Arbitrary Code Execution via Cross Site Scripting (XSS) in Hotels_Server v1.0 SQL Injection Vulnerability in WMS v1.0 Command Injection Vulnerability in GaussDB 200 (Version 6.5.1) Arbitrary File Upload Vulnerability in DedeCMS V5.7SP2 Allows Webshell Upload SQL Injection Vulnerability in YouDianCMS 8.0 Search Bar Improper Authentication Vulnerability in HUAWEI P30 Smartphones Authenticated Remote Code Execution in Indexhibit 2.1.5 CSRF Vulnerability in Indexhibit 2.1.5 Allows Arbitrary Deletion of Admin Accounts CSRF Vulnerability in Indexhibit 2.1.5 Allows Arbitrary Password Reset Reflected XSS Vulnerability in Indexhibit 2.1.5's /plugin/ajax.php Component Stored Cross-Site Scripting (XSS) Vulnerabilities in Indexhibit 2.1.5 Sections Module Arbitrary File Viewing Vulnerability in Indexhibit 2.1.5 CSRF Vulnerability in Eyoucms v1.2.7: Unauthorized Admin Account Addition via login.php Improper Authentication Vulnerability in HUAWEI P30 Smartphones Bluethrust Clan Scripts v4 Cross Site Request Forgery (CSRF) Privilege Escalation Vulnerability Arbitrary Code Execution via Category Name Field in MIPCMS 3.6.0 Dangling Pointer Dereference Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 SQL Injection Vulnerability in ECTouch v2: Exploiting the integral_min Parameter in index.php XSS Vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php Memory Leak Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 ThinkCMF v5.1.0 CSRF Vulnerability Allows Unauthorized Admin Account Creation Critical SQL Injection Vulnerability in Subrion CMS v4.2.1: Exploiting PDO Connection on Search Page CSRF Vulnerability in MetInfo 6.1.3 via doaddsave Action in admin/index.php HuCart 5.7.4 XSS Vulnerability via nickname in index.php Denial of Service (DoS) Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 SQL Injection Vulnerability in tp-shop 2.x-3.x via /index.php/home/api/shop fBill Parameter Arbitrary Code Execution via Cross Site Scripting (XSS) in LAOBANCMS v2.0 Arbitrary File Upload Vulnerability in LAOBANCMS v2.0 Arbitrary Code Execution via Cross Site Scripting (XSS) in LAOBANCMS v2.0 Privilege Escalation Vulnerability in TechSmith Snagit 19.1.1.2860 Installer Privilege Escalation Vulnerability in Huawei PCManager (Versions < 10.0.1.36) Privilege Escalation Vulnerability in Abloy Key Manager Version 7.14301.0.0 Privilege Escalation via Obfuscated OLE Files in TechSmith Snagit 19.1.0.2653 Privilege Escalation Vulnerability in Trezor Bridge 2.0.27: Code Injection in SeDebugPrivilege Component 1Password 7.3.712 DLL Injection Arbitrary Code Execution Vulnerability Privilege Escalation via Process Injection in AutoHotkey 1.1.32.00 Setup.exe SQL Injection Vulnerability in Metinfo 6.1.3: Exploiting dosafety_emailadd Action in basic.php Arbitrary File Access and Manipulation in HongCMS v4.0.0 Arbitrary PHP Code Execution Vulnerability in PluxXml V5.7 Theme Edit Function Arbitrary PHP Code Execution via Configuration File Modification in PluXml 5.7 Directory Traversal Vulnerability in Bludit v3.8.1 Allows Remote File Deletion Arbitrary File Deletion Vulnerability in GetSimpleCMS-3.3.15 Arbitrary Code Execution via Cross Site Scripting (XSS) in emlog v6.0.0 Arbitrary Code Execution and Article Deletion Vulnerability in Pluck CMS v4.7.9 Arbitrary Code Execution and Image Deletion Vulnerability in Pluck CMS v4.7.9 Multiple SQL Injection Vulnerabilities in PHPSHE 1.7 via ad_id, menu_id, and cashout_id Parameters in admin.php Insecure Password Encryption in DoraCMS v2.1.1 and Earlier Arbitrary Code Execution via Cross Site Scripting (XSS) in Typora v0.9.65 and Earlier Arbitrary Code Execution via Cross Site Scripting (XSS) in PHPMyWind v5.5 Arbitrary Code Execution via Cross Site Scripting (XSS) in PHPMyWind v5.5 Arbitrary Code Execution via Buffer Overflow in HDF5 1.10.4 Denial of Service (DoS) Vulnerability in FusionAccess Versions Earlier than 6.5.1.SPC002 Reflective Cross-Site Scripting (XSS) Vulnerability in ED01-CMS v1.0's sposts.php Component Information Leak Vulnerability in Huawei Honor Magic2 Mobile Phones Arbitrary File Upload Vulnerability in ED01-CMS v1.0 Image Upload Function Allows Remote Command Execution SQL Injection Vulnerability in ED01-CMS v1.0 via cposts.php (cid parameter) SQL Injection Vulnerability in PHP-CMS v1.0's search.php Component CSRF Vulnerability in Simple-Log v1.6 Allows Remote Code Execution CSRF Vulnerability in Simple-Log v1.6 Allows Remote Code Execution Open Redirect Vulnerability in Z-BlogPHP v1.5.2 and Earlier Information Leakage Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 Input Validation Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 Phodal CMD v.1.0 Cross Site Scripting Vulnerability via EMBED SRC Function Cross-Site Scripting (XSS) Vulnerability in NoneCms 1.3.0 Feedback Feature Double Free Memory Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 Memory Management Error in Huawei NIP6800 and Secospace USG6600/USG9500 IPSec Module Unrestricted URL Access Vulnerability in Extreme Networks EXOS Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones Stack Buffer Overflow Vulnerability in E6878-370 Products (Versions 10.0.3.1 H557SP27C233 and 10.0.3.1 H563SP1C00) XSS Vulnerability in Subrion CMS 4.2.1 via q Parameter in Kickstart Template Multiple Cross Site Scripting (XSS) Vulnerabilities in Intelliants Subrion CMS v4.2.1 Configuration Panel CSRF Vulnerability in Intelliants Subrion CMS v4.2.1 Allows Unauthorized Creation of Administrator User Alfresco Community Edition v5.2.0 Cross Site Scripting (XSS) Vulnerability in admin-nodebrowser API Unauthenticated Access Vulnerability in Rehau pCOWeb Card Improper Authentication Vulnerability in Honor 9X Smartphones Default Configuration Vulnerability in ChinaMobile PLC Wireless Router Model GPN2.4P21-C-CN ChinaMobile PLC Wireless Router GPN2.4P21-C-CN Firmware W2000EN-01 Directory Traversal Vulnerability Typora v.0.9.65 XSS Vulnerability in PDF Export Function Insufficient Integrity Check Vulnerability in HUAWEI P30 and P30 Pro Information Disclosure Vulnerability in HUAWEI Mate 30 Bluetooth Connection Handling Information Disclosure Vulnerability in HUAWEI P30 and P30 Pro Denial of Service Vulnerability in ChangXiang 8 Plus Devices NULL Pointer Dereference in SExpressionWasmBuilder::makeBlock in Binaryen 1.38.26 Improper Authentication Vulnerability in HUAWEI Mate 30 Pro Heap-buffer-overflow vulnerability in wasm::WasmBinaryBuilder::visitBlock() in Binaryen 1.38.26 Race Condition Vulnerability in HUAWEI Mate 30 Allows Code Execution Stack Overflow Vulnerability in parse_array Cesanta MJS 1.20.1: Remote DoS via Crafted File NULL-Pointer Dereference Vulnerability in GNU_gama::set() in Gama 2.04 Insufficient Authentication Vulnerability in HUAWEI Mate 20 Smart Phones Cross Site Scripting (XSS) Vulnerability in espcms P8.18101601 via Title Parameter Clear Text Transmission of User Credentials in cmseasy v7.0.0 CSRF Vulnerability in CatfishCMS 4.8.63 Allows Unauthorized Administrator Access Information Leak Vulnerability in Huawei CloudLink Board and RSE6500/TE60 Devices Stored XSS Vulnerability in Chaoji CMS v2.18 Allows for Administrator Privilege Escalation Stored XSS Vulnerability in Chaoji CMS v2.18: Arbitrary Code Execution via /index.php?admin-master-navmenu-add Chaoji CMS v2.18 Stored XSS Vulnerability in admin-master-webset CSRF Vulnerability in Jymusic v2.0.0 Allowing Arbitrary Code Execution CSRF Vulnerability in FeiFeiCMS v4.1.190209 Allows Unauthorized Administrator Account Creation Insufficient Authentication Vulnerability in Huawei HEGE-560 and OSCA-550 Devices Array Index Error in tinyexr::SaveEXR Component Leading to Denial of Service (DoS) Insufficient Verification Vulnerability in Huawei HEGE-560 and OSCA-550 Series Array Index Error in tinyexr::DecodeEXRImage Component Leading to Denial of Service (DoS) Arbitrary File Upload Vulnerability in SEMCMS PHP 3.7 Title: qinggan phpok 5.1 Directory Traversal Vulnerability Allows Information Disclosure Arbitrary File Write and Shell Access Vulnerability in Qinggan PHPok 5.1 Privilege Escalation Vulnerability in PCManager Versions Earlier than 10.0.5.51 Buffer Overflow Vulnerability in qinggan phpok 5.1's framework/init.php Allows Arbitrary Code Execution Denial of Service Vulnerability in zziplib v0.13.69 via Infinite Loop in unzzip_cat_file YUNUCMS 1.1.9 Cross Site Scripting (XSS) Vulnerability in upurl Function XSS Vulnerability in YUNUCMS 1.1.9 via insertContent function in ContentModel.php XSS Vulnerability in UKCMS v1.1.10 via Single.php's Index Function Local Privilege Escalation Vulnerability in Huawei PCManager (Versions < 10.0.5.53) Title: Cross Site Scripting (XSS) Vulnerability in DamiCMS v6.0.6 via the title Parameter in LabelAction.class.php CSRF Vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html XSS Vulnerability in bycms v3.0.4 via Title Parameter in Document.php Edit Function Title: PbootCMS v1.3.7 SingleController.php Title Parameter XSS Vulnerability CSRF Vulnerability in bycms v1.3.0 Allows Unauthorized Addition of Admin Account CSRF Vulnerability in DamiCMS v6.0.6 Allows Unauthorized Admin Account Creation CSRF Vulnerability in 711cms v1.0.7 Allows Unauthorized Addition of Admin Account Unrestricted File Upload Vulnerability in AikCms v2.0.0 CSRF Vulnerability in video_list.php Allows Unauthorized Video Deletion CSRF Vulnerability in AikCms 2.0.0 Allows Unauthorized Deletion of Movie Information XSS Vulnerability in BigTree-CMS 4.4.3: Crafted Website Name in Tags Page XSS Vulnerability in qdPM 9.1 Login Page Heading Field Stored XSS Vulnerability in Copyright Text Field in Rukovoditel 2.4.1 Configuration Menu Denial of Service Vulnerability in Huawei Products: Lack of Protection Against Specific Protocol Attack Stored XSS Vulnerability in Name of Application Field in Rukovoditel 2.4.1 XSS Vulnerability in Hucart CMS 5.7.4 via mes_title Field SQL Injection Vulnerability in Hucart CMS 5.7.4 via Avatar USD_Image Field SQL Injection Vulnerability in Hucart CMS 5.7.4: Exploiting the Purchase Enquiry Field in the Message con_content Field Resource Management Error Vulnerability in Jackman-AL00D 8.2.0.185(C00R2P1): Local Application File Manipulation Arbitrary Code Execution via Buffer Overflow in HDF5 1.10.4 Path Traversal Vulnerability in GaussDB 200 (Version 6.5.1): Information Leakage via Directory Traversal Arbitrary Code Execution via SQL Injection in WMS v1.0 Insufficient Verification Vulnerability in Huawei HEGE-570 and OSCA-550 Series Information Leakage Vulnerability in Huawei NGFW Module and Secospace USG Series Command Injection Vulnerability in D-Link DSR-250 and DSR-1000N UPnP Service Information Leakage Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 Denial of Service Vulnerability in Huawei NIP6800, Secospace USG6600, and USG9500 Access Control Bypass Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products Information Leakage Vulnerability in CloudEngine 12800 Series Double Free Vulnerability in Huawei Products: Exploitable Memory Deallocation Flaw Out-of-Bounds Read Vulnerability in Huawei USG6000V Huawei Secospace AntiDDoS8000: Improper Authentication Vulnerability Information Disclosure in NoneCMS v1.3: Remote Access to Sensitive Data via /public/index.php Component Information Disclosure in NoneCMS v1.3 via /nonecms/vendor Component CSRF Vulnerability in JuQingCMS v1.0 Allows Remote Privilege Escalation Out-of-Bounds Read Vulnerability in Huawei CloudEngine Products Buffer Overflow Vulnerability in ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier Buffer Overflow Vulnerability in WEBP_Support.cpp in Exempi 2.5.0 and Earlier: Denial of Service via Crafted WebP File Arbitrary Code Execution via Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 XSS Vulnerability in GetSimpleCMS <= 3.3.15 via redirect_url Parameter and headers_sent Function XSS Vulnerability in GetSimpleCMS <=3.3.15 via Timezone Parameter Cross Site Scripting Vulnerability in GetSimpleCMS <=3.3.15 via /admin/setup.php Parameters Out-of-bounds read vulnerability in DHCP message parsing Open Redirect Vulnerability in GetSimpleCMS <=3.3.15 via admin/changedata.php XSS Vulnerability in gnuboard5 <=v5.3.2.8 via url parameter in bbs/login.php SQL Injection Vulnerability in GNUBoard5 (<=v5.3.2.8) via table_prefix Parameter in install_db.php XSS Vulnerability in gnuboard5 <=v5.3.2.8 via act parameter in bbs/move_update.php WebPort <=1.19.1 XSS Vulnerability via Connection Name Parameter in type-conn WebPort <=1.19.1 Directory Traversal Vulnerability in System Settings Tags SQL Injection Vulnerability in WebPort <=1.19.1: New Connection Parameter Name Type-Conn WebPort <=1.19.1 XSS Vulnerability via description parameter in script/listcalls Cross Site Scripting (XSS) Vulnerability in Roundcube Mail 4.4 via Database Host and User in /installer/test.php SMTP Configuration Cross Site Scripting (XSS) Vulnerability in Roundcube Mail <=1.4.4 Undefined Fields Mishandling in Floodlight 1.2's StaticFlowEntryPusherResource.java Leads to Poor Input Validation in checkFlow Integer Overflow Vulnerability in Floodlight 1.2's StaticFlowEntryPusherResource.java Insecure Input Validation in Floodlight 1.2's StaticFlowEntryPusherResource.java Arbitrary Code Execution via Cross Site Scripting (XSS) in MineWebCMS v1.7.0 CSRF Vulnerability in IgnitedCMS v1.0 Allows Information Disclosure and Privilege Escalation Brute Force Login Vulnerability in Lin-CMS-Flask v0.1.1 Arbitrary Code Execution via Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 Denial of Service Vulnerability in Huawei Products: Memory Leakage Exploit Authentication Token Replay Vulnerability in Lin-CMS-Flask v0.1.1 Arbitrary Code Execution via Cross Site Scripting (XSS) in Quokka v0.4.0 Arbitrary Code Execution via XXE in Quokka v0.4.0 Arbitrary Code Execution via Unrestricted File Upload in Django-Widgy v0.8.4 Arbitrary Code Execution via XXE in Quokka v0.4.0 Improper Credentials Management Vulnerability in USG9500 Software Remote Code Execution via SQL Injection in Rockoa v1.8.7 SQL Injection in Rockoa v1.8.7: Privilege Escalation via Loose Parameter Filtering in wordModel.php's getdata Function SQL Injection in Rockoa v1.8.7: Remote Privilege Escalation via wordAction.php Arbitrary Code Execution Vulnerability in ZZZCMS zzzphp 1.7.1 Digital Balance Bypass Vulnerability in Huawei P10 Plus Smartphones Stored XSS in File Attachment Field in MDaemon Webmail 19.5.5: Exploiting Email Forwarding for Code Execution Authenticated Stored XSS in MDaemon Webmail 19.5.5 via Contact Name Field in Distribution List Out-of-Bounds Read Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products Segmentation Violation Vulnerability in IEC104 v1.0 Allows for Denial of Service (DoS) Segmentation Violation Vulnerability in IEC104 v1.0 Allows for Denial of Service (DoS) Stack Buffer Overflow Vulnerability in Eclipse IOT Cyclone DDS Project v0.1.0 Heap Buffer Overflow Vulnerability in Eclipse IOT Cyclone DDS Project v0.1.0 XSS Vulnerability in Typora 0.9.67 Allows Remote Code Execution Invalid Pointer Access Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products ThinkSAAS v2.7 Improper Authorization Vulnerability Allows Unauthorized Modification of User Photo Descriptions Remote Code Execution via SQL Injection in AiteCMS v1.0 Arbitrary Code Execution via MathJax Syntax in Typora v0.9.65 Invalid Pointer Access Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products Arbitrary Code Execution Vulnerability in pdf2json 0.69 via Crafted PDF File Privilege Escalation Vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 Information Disclosure Vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 Arbitrary Memory Access Vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 EPA Protocol Persistent Denial of Service (DOS) Vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 PLC MAC1100 Vulnerability: Arbitrary Code Execution EPA Protocol Information Disclosure Vulnerability in PLC MAC1100 Out-of-Bounds Write Vulnerability in NIP6800, Secospace USG6600, and USG9500 Remote Code Execution Vulnerability in AntSword v2.0.7 Heap Buffer Overflow in libtiff 4.0.10's _TIFFmemcpy in tif_unix.c Allows Denial-of-Service Invalid Pointer Access Vulnerability in NIP6800, Secospace USG6600, and USG9500 Denial-of-Service Vulnerability in zziplib 0.13.69 Exiv2 0.27.99.0 Nikon1MakerNote Buffer Over-read Vulnerability Denial of Service Vulnerability in Exiv2 0.27.99.0 via Crafted TIF File Float Point Exception Vulnerability in Exiv2 0.27.99.0's printLong Function Heap-based Buffer Over-read Vulnerability in Libav 12.3's vc1_decode_b_mb_intfi Function Segmentation Fault Vulnerability in Libav 12.3 Allows Denial-of-Service via Crafted File Heap-based Buffer Over-read Vulnerability in Libav 12.3's vc1_decode_p_mb_intfi Function Improper Authentication Vulnerability in Huawei Smartphone OxfordS-AN00A Use After Free Vulnerability in nasm 2.14.02's new_Token Function Allows Denial of Service Heap Buffer Overflow Vulnerability in audiofile 0.3.6: Denial-of-Service via Crafted WAV File Improper Integrity Checking Vulnerability on Huawei Products Denial of Service Vulnerability in Huawei Smartphone Lion-AL00C Resource Management Error Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products Improper Authorization Vulnerability in Huawei Mobile Phones and Honor Magic2 Memory Leak Vulnerability in Huawei Products NIP6800, Secospace USG6600, and USG9500 Buffer Overflow Vulnerability in tEXtToDataBuf Function in Exiv2 0.27.1 Buffer Overflow Vulnerability in HtmlOutputDev::page in Poppler 0.75.0: Denial of Service Exploit Privilege Escalation via Unprivileged File Writing in Oculus Desktop WhatsApp Android Buffer Overflow Vulnerability via Malicious Video Call TLS SNI Hostname Validation Bypass in osquery Versions 2.9.0 - 4.2.0 Privilege Escalation through Client Configuration Injection in DotCMS Versions before 5.1 SQL Injection in Wuzhi CMS v4.1.0: Remote Information Disclosure Directory Traversal Vulnerability in Skycaiji v1.3 Arbitrary Code Execution via Unrestricted File Upload in Bludit v3.8.1 Out-of-Bounds Memory Read Vulnerability in HHVM JSON Decoding PHPMyWind v5.6 Command Injection Vulnerability in '/admin/web_config.php' Arbitrary Code Execution via Unrestricted File Upload in PHPMyWind v5.6 Arbitrary File Deletion Vulnerability in puppyCMS v5.1 CSRF Vulnerability in puppyCMS v5.1 Allows Unauthorized Password Change for Admin WhatsApp Desktop Sandbox Escape Vulnerability Remote Code Execution (RCE) Vulnerability in puppyCMS v5.1: Insecure Permissions in /admin/functions.php Use-after-free vulnerability in libpff_item_tree_create_node function of libyal Libpff before 20180623 Exiv2 0.27 PrintIFDStructure Function Stack Exhaustion Vulnerability Uncontrolled Memory Allocation Vulnerability in Exiv2 0.27 Remote Code Execution Vulnerability in WhatsApp for Android and WhatsApp Business for Android Heap-based Buffer Overflow in libyal libexe Out-of-Bounds Write Vulnerability in WhatsApp Video Call Feature Remote Code Execution Vulnerability in Earcms Ear App v.20181124 SQL Injection Vulnerability in EARCLINK ESPCMS-P8 via attr_array Parameter Arbitrary PHP Code Execution in DedeCMS 5.7 SP2 via plus/search.php Component Boundary Check Vulnerability in HHVM JSON_parser Allows Information Leak and DOS Boundary Check Vulnerability in JSON Decoding in HHVM Arbitrary Code Execution Vulnerability in WhatsApp for Android and iPhone Critical Heap Overflow Vulnerability in Instagram for Android (Versions Prior to 128.0.0.26.128) Stack Overflow Vulnerability in Facebook Hermes 'builtin apply' Allows Arbitrary Code Execution CSRF Vulnerability in ForestBlog Allows Remote Privilege Escalation Use-After-Free Vulnerability in Proxygen Request Adaptor Stack-based Buffer Overflow in PoDoFo v0.9.6: Denial of Service in PdfDictionary.cpp:65 Information Disclosure Vulnerability in PoDoFo v0.9.6 via 'IsNextToken' in 'PdfTokenizer.cpp' Buffer Overflow in NASM v2.15.xx: Denial of Service via 'crc64i' in nasmlib/crc64 Buffer Overflow in Tcpreplay v4.3.2 via 'do_checksum' function in 'checksum.c' leading to Denial of Service XSS Vulnerability in Halo 0.4.3 via X-Forwarded-For Header Parameter Unbounded Nested Deserialization Vulnerability in fb_unserialize Halo 0.4.3 Remote Code Execution via remoteAddr and themeName Parameters XSS Vulnerability in Halo 0.4.3 via CommentAuthorUrl Zimbra Collaboration 8.8.12 Reflected XSS Vulnerability via Host Header Injection Arbitrary Website Redirection Vulnerability in Zimbra Collaboration 8.8.12 Arbitrary Memory Access Vulnerability in HHVM's unserialize() Function Arbitrary Code Execution via Cross Site Scripting (XSS) in Blog_mini v1.0 Arbitrary Code Execution via Cross Site Scripting (XSS) in Blog_mini v1.0 Unserialized Object Dynamic Property Array Resizing Vulnerability Arbitrary Code Execution Vulnerability in Simiki v1.6.2.1 and Prior Simiki v1.6.2.1 Command Injection Vulnerability Arbitrary Code Execution via Description Field in Mezzanine v4.3.1 Bypassing Verification Check in Gate One 1.2.0 Allows Unauthorized Access Unauthenticated Users Can Download Database Backup File in zrlog v2.1.0 Cross-Site Scripting (XSS) Vulnerability in Halo Blog 1.2.0 WhatsApp for iOS prior to v2.20.91.4 Vulnerability: Freezing from Large Text Message with URLs WhatsApp Android Vulnerability: Insecure Transmission of Highly Forwarded Messages Remote File Upload Vulnerability in Emlog EmlogCMS v.6.0.0 via /admin/plugin.php Out-of-Memory Denial of Service Vulnerability in WhatsApp for iOS Cookie-based Encryption Bypass Vulnerability in Halo 0.4.3 Halo 0.4.3 delBackup File Deletion Vulnerability Path Traversal Vulnerability in WhatsApp for iOS and WhatsApp Business for iOS XSS Vulnerability in zzcms 2019 via User/adv.php Modify Action Arbitrary Code Execution Vulnerability in S-CMS v1.0 via '/admin/tpl.php?page=' Component Arbitrary Code Execution Vulnerability in iWebShop v5.3 MyBB v1.8.20 Authenticated Cross Site Scripting (XSS) in Add New Forum Title Field MyBB v1.8.20 Cross Site Scripting (XSS) Vulnerability in Add New Forum Description Field Sequential Generation of Media ContentProvider URIs in WhatsApp for Android v2.20.185 and Earlier Versions Buffer Overflow Vulnerability in WhatsApp for Android and WhatsApp Business for Android Arbitrary Code Execution Vulnerability in WhatsApp for Android, iOS, and Portal Siri Exploit Allows Unauthorized Access to WhatsApp on Locked iOS Devices Use-after-free vulnerability in WhatsApp for iOS and WhatsApp Business for iOS allows for memory corruption and potential code execution Out-of-Bounds Read and Write Vulnerability in WhatsApp for Android and WhatsApp Business for Android SQL Injection Vulnerability in Online Book Store v1.0 via isbn Parameter in edit_book.php SQL Injection Vulnerability in Online Book Store v1.0: Remote Code Execution via pubid Parameter SQL Injection Vulnerability in Online Book Store v1.0 via bookisbn Parameter in admin_edit.php Type Confusion Vulnerability in Facebook Hermes Allows Arbitrary Code Execution SQL Injection Vulnerability in Online Book Store v1.0 via bookisbn Parameter Authentication Bypass Vulnerability in Online Book Store v1.0 via admin_verify.php Arbitrary Code Execution via SQL Injection in Online Book Store v1.0 Arbitrary File Upload Vulnerability in Online Book Store v1.0 SQL Injection Vulnerability in Online Book Store v1.0 via Publisher Parameter in edit_book.php XSS Vulnerability in YzmCMS 5.2 via site_code Parameter in admin/index/init.html Out-of-Bounds Read/Write Vulnerability in Facebook Hermes Integer Signedness Error in Facebook Hermes JavaScript Interpreter Denial of Service Vulnerability in LibTiff v4.0.10 via invertImage() Function in tiffcrop Component Autumn v1.0.4 and Earlier: Clear-Text Login Credential Exposure via Incorrect Access Control Arbitrary Code Execution Vulnerability in DotCMS v5.2.3 and Earlier Logic Vulnerability in Facebook Hermes: Potential Out-of-Bounds Read and Arbitrary Code Execution Remote Command Execution in iCMS 7 via DB_PREFIX Parameter in install.php Buffer Overflow in LibTiff v4.0.10: Denial of Service via TIFFVGetField in tif_dir.c Buffer Overflow in LibTiff v4.0.10: Denial of Service via 'in _TIFFmemcpy' in 'tif_unix.c' Improper Access Control in Jfinal CMS v4.7.1 and earlier: Sensitive Information Disclosure via 'TemplatePath' Parameter Improper Access Control in Jfinal CMS v4.7.1 and earlier: Sensitive Information Disclosure via 'getFolder()' Function Arbitrary Code Execution via Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and Earlier Out-of-Bounds Read Vulnerability in Facebook Hermes JavaScript Interpreter Improper Access Control in Jfinal CMS v4.7.1 and earlier: Remote Information Disclosure and Denial of Service Vulnerability Arbitrary Code Execution via File Upload in Jfinal CMS v4.7.1 and Earlier Improper Access Control in Jfinal CMS v4.7.1 and earlier: Sensitive Information Disclosure via FileManager.editFile() Arbitrary Code Execution and Information Disclosure in Jfinal CMS v4.7.1 and earlier Arbitrary Code Execution via XSS in Ari Adminer v1 Arbitrary Code Execution via 'Intro' Parameter in Wenku CMS v3.4 Arbitrary Code Execution via Cross Site Scripting (XSS) in S-CMS build 20191014 and Earlier Arbitrary Code Execution Vulnerability in LaikeTui v3 via CSRF in '/index.php?module=member&action=add' Component Integer Overflow Vulnerability in ldap_escape in HHVM SQL Injection Vulnerability in PHPSHE 1.7 via admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter Out-of-bounds write vulnerability in xbuf_format_converter in HHVM Memory Leakage Vulnerability in HHVM Versions Prior to 4.56.3 and Between 4.57.0 and 4.98.0 Buffer Overflow Vulnerability in ncurses 6.1: Remote Denial of Service via Crafted Command Buffer Overflow Vulnerability in _nc_find_entry Function in ncurses 6.1 Buffer Overflow Vulnerability in fmt_entry Function in ncurses 6.1 Buffer Overflow Vulnerability in fmt_entry Function in ncurses 6.1 Buffer Overflow Vulnerability in postprocess_terminfo Function in ncurses 6.1 Out-of-bounds read vulnerability in substr_compare in HHVM versions prior to 4.56.3, 4.57.0-4.80.1, 4.81.0-4.93.1, 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0 Buffer Overflow Vulnerability in _nc_find_entry in ncurses 6.1 CSRF Vulnerability in PHPOK 5.2.060 Allows Remote Code Execution Title: React Native ReDoS Vulnerability in validateBaseUrl Function (CVE-XXXX-XXXX) Stored Cross-Site Scripting (XSS) Vulnerability in pfSense WebGUI Authenticated Stored XSS in IPFire Captive Portal via Title of Login Page Text Box or TITLE Parameter Stored XSS Vulnerability in pfSense Software WebGUI Authenticated Stored XSS Vulnerability in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 Buffer Overflow Vulnerability in Crypt Function SQL Injection Vulnerability in Piwigo v2.9.5: admin/group_list.php (group parameter) SQL Injection Vulnerability in Piwigo v2.9.5: cat_move.php via selection parameter SQL Injection Vulnerability in Piwigo v2.9.5 via cat_false Parameter SQL Injection Vulnerability in Piwigo v2.9.5: admin/user_perm.php SQL Injection Vulnerability in Piwigo v2.9.5: admin/batch_manager.php Arbitrary File Upload Vulnerability in Bludit v3.13.0 Backup Plugin Apache Shiro 1.2.3 Java Deserialization Vulnerability in Jeesite 1.2.7 SSRF Vulnerability in Apache Olingo Versions 4.0.0 to 4.7.0 Timing Attack Vulnerability in Apache Hive Cookie Signature Verification Arbitrary Privilege Escalation via CSRF in MipCMS v5.0.1 Arbitrary User Addition Vulnerability in MipCMS v5.0.1 Stored XSS Vulnerability in Dswjcms 1.6.4 index.php/Dswjcms/Basis/links Component Stored XSS Vulnerability in Dswjcms 1.6.4 index.php/Dswjcms/Site/articleList Component Arbitrary Code Execution Vulnerability in Dswjcms 1.6.4 Arbitrary Administrator User Addition Vulnerability in Dswjcms 1.6.4 Apache HTTP Server mod_rewrite Redirect Vulnerability Dhcms 2017-09-18 Guestbook Cross Site Scripting (XSS) Arbitrary Code Execution Vulnerability Information Disclosure Vulnerability in dhcms 2017-09-18: Path Leakage via Invalid Character Input Cross Site Scripting (XSS) Vulnerability in Phachon mm-wiki v.0.1.2 Cross-Site Request Forgery Vulnerability in Phachon mm-wiki v.0.1.2 Allows Remote Code Execution Directory Traversal Vulnerability in B3log Wide: Privilege Escalation via Symbolic Links Apache NiFi 1.10.0 Information Disclosure Vulnerability Jeesns 1.4.2 Cross-Site Request Forgery (CSRF) Vulnerability: Privilege Escalation and Sensitive Operation Exploitation Stored XSS Vulnerability in Jeesns 1.4.2 Loginusername Component Reflected Cross-Site Scripting (XSS) Vulnerability in Jeesns 1.4.2 Reflected XSS Vulnerability in Jeesns 1.4.2's /newVersion Component Stored XSS Vulnerability in Jeesns 1.4.2 Group Comment Component Stored XSS Vulnerability in Jeesns 1.4.2 /group/apply Component Stored XSS Vulnerability in Jeesns 1.4.2 /question/detail Component Stored XSS Vulnerability in Jeesns 1.4.2 /group/post Component Stored XSS Vulnerability in Jeesns 1.4.2 Allows Arbitrary Code Execution via Private Messages Stored XSS Vulnerability in Jeesns 1.4.2 /member/picture/album Component Apache Beam MongoDB Connector SSL Trust Verification Bypass Stored XSS Vulnerability in Jeesns 1.4.2 Weibo Comment Component Stored Cross-Site Scripting (XSS) Vulnerability in Jeesns 1.4.2 Weibo Publishdata Component Stored XSS Vulnerability in Jeesns 1.4.2 /question/ask Component Stored XSS Vulnerability in Jeesns 1.4.2 /article/add Component Stored XSS Vulnerability in Jeesns 1.4.2 Article Comment Component Reflected XSS Vulnerability in Jeesns 1.4.2 /weibo/topic Component Command Execution Vulnerability in Apache SpamAssassin (CVE-2020-XXXX) Arbitrary Code Execution Vulnerability in vaeThink v1.0.1 Arbitrary File Upload Vulnerability in vaeThink v1.0.1 Allows Webshell Upload via File Suffix Manipulation Arbitrary Code Execution via File Upload in hdcms 5.7 Directory Traversal Vulnerability in Metinfo v7.0.0 Privilege Escalation Vulnerability in Metinfo v7.0.0 Command Execution Vulnerability in Apache SpamAssassin OS Command Injection Vulnerability in Laravel Framework's Filesystem.php (before version 5.8.17) Buffer Overflow Vulnerability in D-Link DIR-605L Firmware 1.17beta and Below Critical Buffer Overflow Vulnerability in DLINK 619L Version B 2.06beta: Exploiting FILECODE Parameter on Login Apache Superset Information Disclosure Vulnerability Critical Buffer Overflow Vulnerability in DLINK 619L Version B 2.06beta: Exploiting the curTime Parameter on Login Heap Buffer Overflow in D-Link DIR-619L 2.06beta Allows Remote Router Restart Cross-Site Scripting (XSS) Vulnerability in Apache NiFi 1.0.0 to 1.10.0 Uninitialized Memory Vulnerability in Apache HTTP Server's mod_proxy_ftp HTTP Request Smuggling Vulnerability in Apache Tomcat Apache Ambari Views Cross-Site Scripting Vulnerability Local File Inclusion Vulnerability in FHEM 6.0: File Parameter Allows Sensitive Information Disclosure Reflected XSS Vulnerability in Medintux v2.16.000 CCAM.php Reflected XSS Vulnerability in Vtiger CRM v7.2.0 Vtiger CRM v7.2.0 Directory Listing Vulnerability Arbitrary PHP Script Execution Vulnerability in OpenEMR 5.0.1