Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-22 | CVE-2021-27594 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. network sap | 4.3 |
| 2021-03-22 | CVE-2021-27593 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. network sap | 4.3 |
| 2021-03-22 | CVE-2020-4882 | Server-Side Request Forgery (SSRF) vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . | 5.8 |
| 2021-03-22 | CVE-2021-28968 | Cross-site Scripting vulnerability in GNU Punbb An issue was discovered in PunBB before 1.4.6. | 3.5 |
| 2021-03-22 | CVE-2021-28148 | Missing Authentication for Critical Function vulnerability in Grafana One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. | 5.0 |
| 2021-03-22 | CVE-2021-28147 | Unspecified vulnerability in Grafana The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. network grafana | 3.5 |
| 2021-03-22 | CVE-2021-27308 | Cross-site Scripting vulnerability in 4Homepages 4Images 1.8 A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter. | 3.5 |
| 2021-03-22 | CVE-2021-28146 | Incorrect Authorization vulnerability in Grafana The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. | 4.0 |
| 2021-03-22 | CVE-2021-27962 | Unspecified vulnerability in Grafana Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. network grafana | 4.9 |
| 2021-03-22 | CVE-2021-26295 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. | 9.8 |