Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-16 | CVE-2020-24263 | Incorrect Permission Assignment for Critical Resource vulnerability in Portainer Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. | 6.5 |
2021-03-16 | CVE-2020-4891 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. | 2.1 |
2021-03-16 | CVE-2020-4890 | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. | 2.1 |
2021-03-16 | CVE-2020-4851 | Injection vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. | 2.1 |
2021-03-16 | CVE-2020-1926 | Information Exposure Through Discrepancy vulnerability in Apache Hive Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. | 4.3 |
2021-03-15 | CVE-2021-27230 | Code Injection vulnerability in Expressionengine ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. | 6.5 |
2021-03-15 | CVE-2021-3418 | Improper Preservation of Permissions vulnerability in GNU Grub2 If certificates that signed grub are installed into db, grub can be booted directly. | 4.4 |
2021-03-15 | CVE-2021-26987 | Element Plug-in for vCenter Server incorporates SpringBoot Framework. | 7.5 |
2021-03-15 | CVE-2021-24029 | Reachable Assertion vulnerability in Facebook Mvfst and Proxygen A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. | 5.0 |
2021-03-15 | CVE-2021-20283 | Missing Authorization vulnerability in multiple products The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 4.3 |