See a list of the latest CVEs we send weekly to subscribers.
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
dlink:dap-1860_firmware
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
redhat:enterprise_linux cesnet:libyang
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
gnome:evolution-data-server3
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
gnupg:libgcrypt gnupg:gnupg debian:debian_linux
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
redhat:openshift
COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.
copadata:zenon
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
progress:sitefinity
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.
dlink:dap-1860_firmware
openstack-utils openstack-db has insecure password creation
redhat:openstack redhat:openstack_essex
HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130
qualcomm:sdm845_firmware qualcomm:sm7150_firmware qualcomm:sdm850_firmware qualcomm:sm6150_firmware qualcomm:sm8150_firmware qualcomm:sda845_firmware qualcomm:sdm710_firmware qualcomm:qcs404_firmware qualcomm:mdm9205_firmware qualcomm:sxr1130_firmware qualcomm:sxr2130_firmware qualcomm:qcs605_firmware qualcomm:sdm670_firmware
Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."
puppet:puppet_enterprise
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
openslp:openslp canonical:ubuntu_linux fedoraproject:fedora debian:debian_linux
katello-headpin is vulnerable to CSRF in REST API
redhat:subscription_asset_manager
While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130
qualcomm:msm8917_firmware qualcomm:msm8953_firmware qualcomm:sda845_firmware qualcomm:sm8250_firmware qualcomm:msm8920_firmware qualcomm:apq8098_firmware qualcomm:qcm2150_firmware qualcomm:qcs605_firmware qualcomm:msm8996au_firmware qualcomm:msm8940_firmware qualcomm:apq8053_firmware qualcomm:sdm429_firmware qualcomm:sdm670_firmware qualcomm:msm8909w_firmware qualcomm:nicobar_firmware qualcomm:mdm9206_firmware qualcomm:mdm9655_firmware qualcomm:sm6150_firmware qualcomm:sm8150_firmware qualcomm:sdm439_firmware qualcomm:mdm9650_firmware qualcomm:msm8998_firmware qualcomm:sdm636_firmware qualcomm:sda660_firmware qualcomm:sxr1130_firmware qualcomm:sxr2130_firmware qualcomm:sdm450_firmware qualcomm:sdx20_firmware qualcomm:sdx55_firmware qualcomm:sdm845_firmware qualcomm:sm7150_firmware qualcomm:sdm850_firmware qualcomm:msm8976_firmware qualcomm:sc8180x_firmware qualcomm:sdm660_firmware qualcomm:msm8937_firmware qualcomm:qm215_firmware qualcomm:msm8909_firmware qualcomm:snapdragon_high_med_2016_firmware qualcomm:sdm710_firmware qualcomm:msm8905_firmware qualcomm:mdm9150_firmware qualcomm:sdm632_firmware qualcomm:sdm630_firmware qualcomm:mdm9640_firmware qualcomm:mdm9205_firmware qualcomm:apq8096au_firmware qualcomm:sdx24_firmware
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.
microsoft:windows_10 microsoft:windows_server_2008 microsoft:windows_rt_8.1 microsoft:windows_server_2012 microsoft:windows_server_2016 microsoft:windows_7 microsoft:windows_server_2019 microsoft:windows_8.1
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
jetbrains:ktor
JBossWeb Bayeux has reflected XSS
redhat:jboss_enterprise_application_platform redhat:jboss_portal
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
xmlsoft:libxslt
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.
amazon:blink_xt2_sync_module_firmware
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
fig2dev_project:fig2dev
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.
ibm:cloud_pak_system
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
redhat:satellite
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case.
apache:olingo
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.
atlassian:fisheye atlassian:crucible
Orca has arbitrary code execution due to insecure Python module load
debian:debian_linux gnome:orca
ReviewBoard: has an access-control problem in REST API
reviewboard:reviewboard fedoraproject:fedora
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
microsoft:windows_10 microsoft:windows_server_2008 microsoft:windows_rt_8.1 microsoft:windows_server_2012 microsoft:windows_server_2016 microsoft:windows_7 microsoft:windows_server_2019 microsoft:windows_8.1
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed.
bmc:remedy_smart_reporting
Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
qualcomm:sm7150_firmware qualcomm:msm8953_firmware qualcomm:apq8017_firmware qualcomm:sda845_firmware qualcomm:apq8009_firmware qualcomm:sm8250_firmware qualcomm:apq8098_firmware qualcomm:msm891_firmware qualcomm:sdm660_firmware qualcomm:qm215_firmware qualcomm:apq8064_firmware qualcomm:msm8909_firmware qualcomm:qcs605_firmware qualcomm:msm8996au_firmware qualcomm:qcs405_firmware qualcomm:apq8053_firmware qualcomm:sdm429_firmware qualcomm:msm8909w_firmware qualcomm:msm8996_firmware qualcomm:nicobar_firmware qualcomm:mdm9206_firmware qualcomm:sm6150_firmware qualcomm:sm8150_firmware qualcomm:msm8905_firmware qualcomm:mdm9207c_firmware qualcomm:sdm439_firmware qualcomm:mdm9607_firmware qualcomm:sdm630_firmware qualcomm:sdm632_firmware qualcomm:sdm636_firmware qualcomm:msm8939_firmware qualcomm:sda660_firmware qualcomm:sxr1130_firmware qualcomm:apq8096au_firmware qualcomm:sdm450_firmware qualcomm:sxr2130_firmware qualcomm:sdx20_firmware
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
kubernetes:kubernetes
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
apache:olingo
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.
wp-pdf:pdf_embedder
The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack.
apache:olingo
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
ibm:cloud_pak_system
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
radare:radare2
Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.
maxpcsecure:anti_virus_plus
An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'.
microsoft:authentication_library
When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.
gnome:dia
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.
facebook:folly
SQLite 3.30.1, during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name, as demonstrated by the sqlite_ substring.
sqlite:sqlite
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.
redhat:keycloak
Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130
qualcomm:sm6150_firmware qualcomm:msm8937_firmware qualcomm:nicobar_firmware qualcomm:sdm632_firmware qualcomm:sdx24_firmware qualcomm:sm8250_firmware qualcomm:mdm9207c_firmware qualcomm:sdm636_firmware qualcomm:sdm845_firmware qualcomm:msm8996au_firmware qualcomm:sdm630_firmware qualcomm:msm8909w_firmware qualcomm:qm215_firmware qualcomm:sdm710_firmware qualcomm:mdm9607_firmware qualcomm:msm8917_firmware qualcomm:msm8940_firmware qualcomm:sdm660_firmware qualcomm:apq8098_firmware qualcomm:qcs405_firmware qualcomm:mdm9650_firmware qualcomm:sdm670_firmware qualcomm:sdm439_firmware qualcomm:sdm450_firmware qualcomm:sdx20_firmware qualcomm:apq8096au_firmware qualcomm:sa6155p_firmware qualcomm:sm8150_firmware qualcomm:sm7150_firmware qualcomm:sxr2130_firmware qualcomm:sda845_firmware qualcomm:apq8017_firmware qualcomm:mdm9206_firmware qualcomm:sdm429_firmware qualcomm:msm8909_firmware qualcomm:qcn7605_firmware qualcomm:msm8920_firmware qualcomm:qcs605_firmware qualcomm:apq8053_firmware qualcomm:sda660_firmware qualcomm:msm8953_firmware
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.
amazon:blink_xt2_sync_module_firmware
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
amazon:blink_xt2_sync_module_firmware
An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855
qualcomm:sd_712_firmware qualcomm:sd_850_firmware qualcomm:sd_855_firmware qualcomm:sd_675_firmware qualcomm:sd_665_firmware qualcomm:sd_730_firmware qualcomm:sd_670_firmware qualcomm:sd_205_firmware qualcomm:sd_845_firmware qualcomm:sd_210_firmware qualcomm:sd_212_firmware qualcomm:sd_710_firmware qualcomm:qcs405_firmware
Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150
qualcomm:sm6150_firmware qualcomm:qcs605_firmware qualcomm:sm8150_firmware qualcomm:sm7150_firmware qualcomm:sdm670_firmware qualcomm:sdm710_firmware
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.
amazon:blink_xt2_sync_module_firmware
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.
amazon:blink_xt2_sync_module_firmware
OpenShift cartridge allows remote URL retrieval
redhat:openshift
OpenStack nova base images permissions are world readable
debian:debian_linux openstack:nova