Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2021-03-25 | CVE-2021-1492 | Windows Shortcut Following (.LNK) vulnerability in DUO Authentication Proxy The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. | 3.6 |
| 2021-03-25 | CVE-2020-1946 | OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. | 9.8 |
| 2021-03-25 | CVE-2021-29156 | Injection vulnerability in Forgerock Openam ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. | 5.0 |
| 2021-03-25 | CVE-2021-26715 | Server-Side Request Forgery (SSRF) vulnerability in Mitreid Connect The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. | 6.4 |
| 2021-03-25 | CVE-2021-20679 | Unspecified vulnerability in Fujixerox products Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command. | 7.8 |
| 2021-03-24 | CVE-2020-7852 | Out-of-bounds Write vulnerability in Hmtalk Daviewindy 8.98.4/8.98.7/8.98.9 DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. | 6.8 |
| 2021-03-24 | CVE-2021-21386 | Argument Injection or Modification vulnerability in Apkleaks Project Apkleaks APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. | 10.0 |
| 2021-03-24 | CVE-2021-21385 | Improper Validation of Certificate with Host Mismatch vulnerability in Mifos Mifos-Mobile Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. | 5.8 |
| 2021-03-24 | CVE-2021-1423 | Exposure of Resource to Wrong Sphere vulnerability in Cisco products A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. | 4.4 |