| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. |
| An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable. |
| An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. |
| Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. |
| This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. |
| This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. |
| This affects the package image-tiler before 2.0.2. |
| This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) |
| The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. |
| This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function. |
| This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. |
| This affects all versions of package google-cloudstorage-commands. |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. |
| This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. |
| This affects all versions of package node-latex-pdf. |
