Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-19 | CVE-2021-27807 | Excessive Iteration vulnerability in multiple products A carefully crafted PDF file can trigger an infinite loop while loading the file. | 5.5 |
2021-03-19 | CVE-2021-21390 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Minio MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. | 4.3 |
2021-03-19 | CVE-2021-21387 | Cleartext Transmission of Sensitive Information vulnerability in Wrongthink Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. | 5.0 |
2021-03-19 | CVE-2020-4635 | Unspecified vulnerability in IBM Soar 40.0 IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames. | 5.0 |
2021-03-19 | CVE-2021-27506 | The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. | 5.5 |
2021-03-19 | CVE-2021-28834 | Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. | 9.8 |
2021-03-19 | CVE-2021-28831 | Improper Handling of Exceptional Conditions vulnerability in multiple products decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | 7.5 |
2021-03-19 | CVE-2021-28090 | Reachable Assertion vulnerability in multiple products Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. | 5.3 |
2021-03-19 | CVE-2021-28089 | Resource Exhaustion vulnerability in multiple products Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | 7.5 |
2021-03-19 | CVE-2020-25097 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. | 8.6 |