Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-17 | CVE-2020-35456 | Cleartext Transmission of Sensitive Information vulnerability in Taidii Diibear 2.4.0 The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging. | 4.3 |
2021-03-17 | CVE-2020-35455 | Cleartext Storage of Sensitive Information vulnerability in Taidii Diibear 2.4.0 The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. | 2.1 |
2021-03-17 | CVE-2020-35454 | Cleartext Storage of Sensitive Information vulnerability in Taidii Diibear 2.4.0 The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration. | 2.1 |
2021-03-17 | CVE-2021-27292 | Unspecified vulnerability in Ua-Parser-Js Project Ua-Parser-Js ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. | 5.0 |
2021-03-17 | CVE-2021-27291 | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. | 7.5 |
2021-03-17 | CVE-2020-28873 | Use of Password Hash With Insufficient Computational Effort vulnerability in Fluxbb 1.5.11 Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. | 7.5 |
2021-03-17 | CVE-2020-17525 | NULL Pointer Dereference vulnerability in multiple products Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. | 4.3 |
2021-03-17 | CVE-2021-22860 | Improper Authentication vulnerability in EIC E-Document System 2.9/3.0.2 EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. | 7.5 |
2021-03-17 | CVE-2021-22859 | SQL Injection vulnerability in EIC E-Document System 3.0.2 The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege. | 7.5 |
2021-03-17 | CVE-2020-13924 | Path Traversal vulnerability in Apache Ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 5.0 |