Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2021-02-24 CVE-2021-27645 Double Free vulnerability in multiple products
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system.
local
high complexity
gnu fedoraproject debian CWE-415
2.5
2021-02-23 CVE-2020-27768 In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h.
local
low complexity
imagemagick debian
3.3
2021-02-16 CVE-2021-23839 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
OpenSSL 1.0.2 supports SSLv2.
network
high complexity
openssl oracle siemens CWE-327
3.7
2021-02-16 CVE-2020-29023 Improper Encoding or Escaping of Output vulnerability in Secomea products
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel).
network
low complexity
secomea CWE-116
3.5
2021-02-11 CVE-2019-19004 Integer Overflow or Wraparound vulnerability in multiple products
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.
local
low complexity
autotrace-project fedoraproject CWE-190
3.3
2021-02-11 CVE-2020-1717 Information Exposure Through an Error Message vulnerability in Redhat products
A flaw was found in Keycloak 7.0.1.
network
low complexity
redhat CWE-209
2.7
2021-02-11 CVE-2020-10734 Unspecified vulnerability in Redhat products
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection.
local
low complexity
redhat
3.3
2021-02-11 CVE-2021-20402 Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
2.7
2021-02-10 CVE-2021-21296 Unspecified vulnerability in Fleetdm Fleet
Fleet is an open source osquery manager.
network
low complexity
fleetdm
2.7
2021-02-10 CVE-2021-22133 Information Exposure Through Log Files vulnerability in Elastic APM Agent
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic.
low complexity
elastic CWE-532
2.4