Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2021-28109 | Cross-site Scripting vulnerability in Compassplus Tranzware Fimi TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). | 4.3 |
| 2021-03-19 | CVE-2021-27928 | Code Injection vulnerability in multiple products A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. | 9.0 |
| 2021-03-19 | CVE-2021-27221 | Unspecified vulnerability in Mikrotik Routeros 6.47.9 MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. | 8.1 |
| 2021-03-19 | CVE-2021-28653 | Insecure Storage of Sensitive Information vulnerability in Westerndigital Armorlock The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. | 4.0 |
| 2021-03-19 | CVE-2021-26275 | Command Injection vulnerability in Eslint-Fixer Project Eslint-Fixer The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. | 9.8 |
| 2021-03-19 | CVE-2021-21384 | Argument Injection or Modification vulnerability in Shescape Project Shescape shescape is a simple shell escape package for JavaScript. | 4.4 |
| 2021-03-18 | CVE-2021-27436 | Cross-site Scripting vulnerability in Advantech Webaccess/Scada WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | 4.3 |
| 2021-03-18 | CVE-2021-3416 | Infinite Loop vulnerability in multiple products A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. | 6.0 |
| 2021-03-18 | CVE-2021-27358 | The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | 5.0 |
| 2021-03-18 | CVE-2021-25764 | Unspecified vulnerability in Jetbrains PHPstorm In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. | 5.0 |