Follow Security Vulnerabilities
in your favorite software stacks

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-1721 6.5 - Medium - February 25, 2021

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-1721 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds

CVE-2021-21618 5.4 - Medium - February 24, 2021

Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2021-21618 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information

CVE-2021-21621 5.3 - Medium - February 24, 2021

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.

CVE-2021-21621 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Information Leak

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values

CVE-2021-21616 4.6 - Medium - February 24, 2021

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVE-2021-21616 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33

CVE-2021-27645 5.5 - Medium - February 24, 2021

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

CVE-2021-27645 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Double-free

A flaw was found in Red Hat Satellite

CVE-2021-20256 5.3 - Medium - February 23, 2021

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-20256 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Information Leak

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y

CVE-2021-20194 7.8 - High - February 23, 2021

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.

CVE-2021-20194 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A privilege escalation flaw was found in openshift4/ose-docker-builder

CVE-2021-20182 8.8 - High - February 23, 2021

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-20182 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Files or Directories Accessible to External Parties

A flaw was found in the Undertow AJP connector

CVE-2020-27782 7.5 - High - February 23, 2021

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.

CVE-2020-27782 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Uncontrolled Resource Consumption ('Resource Exhaustion')

A flaw was found in mbsync before v1.3.5 and v1.4.1

CVE-2021-20247 7.4 - High - February 23, 2021

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.

CVE-2021-20247 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25

CVE-2021-20229 4.3 - Medium - February 23, 2021

A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

CVE-2021-20229 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

AuthZ

A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results

CVE-2021-20226 7.8 - High - February 23, 2021

A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.

CVE-2021-20226 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

IBM Planning Analytics 2.0 could

CVE-2020-4953 4.3 - Medium - February 23, 2021

IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.

CVE-2020-4953 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Information Leak

A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper

CVE-2020-14359 7.3 - High - February 23, 2021

A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.

CVE-2020-14359 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Authentication Bypass by Primary Weakness

In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h

CVE-2020-27768 3.3 - Low - February 23, 2021

In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.

CVE-2020-27768 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Integer Overflow or Wraparound

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182

CVE-2021-21154 9.6 - Critical - February 22, 2021

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21154 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Out-of-bounds Write

Use after free in Payments in Google Chrome prior to 88.0.4324.182

CVE-2021-21151 9.6 - Critical - February 22, 2021

Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21151 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Dangling pointer

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182

CVE-2021-21156 8.8 - High - February 22, 2021

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.

CVE-2021-21156 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3

CVE-2020-29448 5.3 - Medium - February 22, 2021

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

CVE-2020-29448 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection

CVE-2020-35499 6.7 - Medium - February 19, 2021

A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.

CVE-2020-35499 can be explotited with local system access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

NULL Pointer Dereference

In the default configuration

CVE-2021-26296 8.8 - High - February 19, 2021

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.

CVE-2021-26296 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

352

An issue was discovered in Xen through 4.11.x

CVE-2021-27379 7.8 - High - February 18, 2021

An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565.

CVE-2021-27379 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry

CVE-2019-18243 5.5 - Medium - February 18, 2021

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.

CVE-2019-18243 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Incorrect Permission Assignment for Critical Resource

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects

CVE-2019-18255 5.5 - Medium - February 18, 2021

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.

CVE-2019-18255 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Incorrect Permission Assignment for Critical Resource

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features

CVE-2020-8625 8.1 - High - February 17, 2021

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

CVE-2020-8625 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

buffer overrun

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and

CVE-2021-26720 7.8 - High - February 17, 2021

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.

CVE-2021-26720 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

insecure temporary file

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could

CVE-2021-1416 4.3 - Medium - February 17, 2021

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1416 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Incorrect Privilege Assignment

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could

CVE-2021-1372 5.5 - Medium - February 17, 2021

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.

CVE-2021-1372 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Exposure of Sensitive Data Through Data Queries

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could

CVE-2021-1366 7.8 - High - February 17, 2021

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

CVE-2021-1366 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Verification of Cryptographic Signature

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could

CVE-2021-1412 6.5 - Medium - February 17, 2021

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1412 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Incorrect Privilege Assignment