Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-17 | CVE-2020-11171 | Out-of-bounds Read vulnerability in Qualcomm products Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 6.4 |
| 2021-03-17 | CVE-2020-11166 | Out-of-bounds Read vulnerability in Qualcomm products Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 6.4 |
| 2021-03-17 | CVE-2017-20002 | Improper Privilege Management vulnerability in Debian Linux and Shadow The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. | 4.6 |
| 2021-03-16 | CVE-2021-3344 | Insufficiently Protected Credentials vulnerability in Redhat Openshift Builder and Openshift Container Platform A privilege escalation flaw was found in OpenShift builder. | 6.5 |
| 2021-03-16 | CVE-2019-3897 | Files or Directories Accessible to External Parties vulnerability in Redhat Certification It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. | 5.0 |
| 2021-03-16 | CVE-2021-20218 | Path Traversal vulnerability in Redhat products A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. | 5.8 |
| 2021-03-16 | CVE-2021-3127 | Improper Handling of Exceptional Conditions vulnerability in Nats JWT Library and Nats Server NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. | 5.0 |
| 2021-03-16 | CVE-2021-28381 | SQL Injection vulnerability in VHS Project VHS The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper. | 7.5 |
| 2021-03-16 | CVE-2021-28380 | Cross-site Scripting vulnerability in Aimeos Project Aimeos The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account. | 3.5 |
| 2021-03-16 | CVE-2021-28295 | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0 Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure. | 5.0 |