Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2021-26275 | Command Injection vulnerability in Eslint-Fixer Project Eslint-Fixer The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. | 9.8 |
| 2021-03-19 | CVE-2021-21384 | Argument Injection or Modification vulnerability in Shescape Project Shescape shescape is a simple shell escape package for JavaScript. | 4.4 |
| 2021-03-18 | CVE-2021-27436 | Cross-site Scripting vulnerability in Advantech Webaccess/Scada WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | 4.3 |
| 2021-03-18 | CVE-2021-3416 | Infinite Loop vulnerability in multiple products A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. | 6.0 |
| 2021-03-18 | CVE-2021-27358 | The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | 5.0 |
| 2021-03-18 | CVE-2021-25764 | Unspecified vulnerability in Jetbrains PHPstorm In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. | 5.0 |
| 2021-03-18 | CVE-2020-9367 | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Desktop Central 10.0.486 The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. | 6.9 |
| 2021-03-18 | CVE-2020-36144 | Injection vulnerability in Redash 8.0.0 Redash 8.0.0 is affected by LDAP Injection. | 4.3 |
| 2021-03-18 | CVE-2020-26886 | Improper Initialization vulnerability in Softaculous Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. | 6.9 |
| 2021-03-18 | CVE-2020-26797 | Out-of-bounds Write vulnerability in multiple products Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. | 7.5 |