Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-26 | CVE-2021-28246 | Untrusted Search Path vulnerability in Broadcom Ehealth CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. | 7.8 |
2021-03-26 | CVE-2020-28346 | NULL Pointer Dereference vulnerability in Projectacrn Acrn ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference. | 5.0 |
2021-03-26 | CVE-2021-3153 | Improper Authentication vulnerability in Hashicorp Terraform Enterprise 2020071 HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. | 4.0 |
2021-03-26 | CVE-2021-3027 | Injection vulnerability in Librit Passhport app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. | 4.0 |
2021-03-26 | CVE-2020-23517 | Cross-site Scripting vulnerability in Aryanic High CMS Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. | 4.3 |
2021-03-25 | CVE-2021-3119 | NULL Pointer Dereference vulnerability in Zetetic Sqlcipher 4.0/4.4.1/4.4.2 Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. | 5.0 |
2021-03-25 | CVE-2021-27372 | Insufficiently Protected Credentials vulnerability in Realtek Xpon Rtl9601D Software Development KIT 1.9 Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | 10.0 |
2021-03-25 | CVE-2021-29098 | Access of Uninitialized Pointer vulnerability in Esri products Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. | 7.8 |
2021-03-25 | CVE-2021-29097 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Esri products Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. | 7.8 |
2021-03-25 | CVE-2021-29095 | Access of Uninitialized Pointer vulnerability in Esri Arcgis Server Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. | 6.8 |