Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-22886 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. | 4.3 |
| 2021-03-26 | CVE-2021-29255 | Insufficiently Protected Credentials vulnerability in Microseven Mym71080I-B Firmware MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. | 2.9 |
| 2021-03-26 | CVE-2021-21403 | Improper Authentication vulnerability in Kongchuanhujiao Project Kongchuanhujiao In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. | 9.8 |
| 2021-03-26 | CVE-2020-28695 | OS Command Injection vulnerability in Askey Rtf3505Vw-N1 BR SV G000 R3505Vwn1001 S32 7 Firmware Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. | 8.3 |
| 2021-03-26 | CVE-2021-20289 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. | 5.0 |
| 2021-03-26 | CVE-2021-20285 | Out-of-bounds Write vulnerability in UPX Project UPX 3.96 A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. | 8.3 |
| 2021-03-26 | CVE-2021-20284 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. | 5.5 |
| 2021-03-26 | CVE-2021-20271 | Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in RPM's signature check functionality when reading a package file. | 7.0 |
| 2021-03-26 | CVE-2021-20197 | Link Following vulnerability in multiple products There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. | 6.3 |
| 2021-03-26 | CVE-2021-20193 | Memory Leak vulnerability in GNU TAR A flaw was found in the src/list.c of tar 1.33 and earlier. | 5.5 |