Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-15 | CVE-2021-20282 | Incorrect Authorization vulnerability in multiple products When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.3 |
| 2021-03-15 | CVE-2021-20281 | Incorrect Authorization vulnerability in multiple products It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.3 |
| 2021-03-15 | CVE-2021-20280 | Cross-site Scripting vulnerability in multiple products Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.4 |
| 2021-03-15 | CVE-2021-20279 | Cross-site Scripting vulnerability in multiple products The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | 5.4 |
| 2021-03-15 | CVE-2020-27290 | Information Exposure vulnerability in Hamilton-Medical Hamilton-T1 Firmware In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface's logs to get valid checksums for tampered configuration files. | 2.1 |
| 2021-03-15 | CVE-2020-27282 | Missing XML Validation vulnerability in Hamilton-Medical Hamilton-T1 Firmware In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files. | 2.1 |
| 2021-03-15 | CVE-2020-27278 | Use of Hard-coded Credentials vulnerability in Hamilton-Medical Hamilton-T1 Firmware In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface. | 3.6 |
| 2021-03-15 | CVE-2021-3150 | Cross-site Scripting vulnerability in Cryptshare Server A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. | 4.3 |
| 2021-03-15 | CVE-2021-23879 | Unquoted Search Path or Element vulnerability in Mcafee Endpoint Product Removal Tool Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. | 6.7 |
| 2021-03-15 | CVE-2020-29553 | Cross-Site Request Forgery (CSRF) vulnerability in Getgrav Grav CMS The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF). | 5.1 |