Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-16 | CVE-2021-28294 | Unrestricted Upload of File with Dangerous Type vulnerability in Online Ordering System Project Online Ordering System 1.0 Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). | 7.5 |
| 2021-03-16 | CVE-2020-28899 | Missing Authentication for Critical Function vulnerability in Zyxel products The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. | 6.4 |
| 2021-03-16 | CVE-2021-27938 | Cross-site Scripting vulnerability in Symbiote Silverstripe Queued Jobs A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. | 4.3 |
| 2021-03-16 | CVE-2021-25916 | Unspecified vulnerability in Patchmerge Project Patchmerge 1.0.0/1.0.1 Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | 9.8 |
| 2021-03-16 | CVE-2021-22887 | A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. | 2.1 |
| 2021-03-16 | CVE-2021-28543 | Reachable Assertion vulnerability in multiple products Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. | 7.5 |
| 2021-03-16 | CVE-2021-21193 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-16 | CVE-2021-21192 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-16 | CVE-2021-21191 | Use After Free vulnerability in multiple products Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-16 | CVE-2020-24264 | Incorrect Authorization vulnerability in Portainer Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. | 10.0 |