Weekly Vulnerabilities Reports > January 11 to 17, 2021
Overview
410 new vulnerabilities reported during this period, including 43 critical vulnerabilities and 206 high severity vulnerabilities. This weekly summary report vulnerabilities in 306 products from 110 vendors including Cisco, Siemens, SAP, Google, and IBM. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "OS Command Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Deserialization of Untrusted Data".
- 328 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 131 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 207 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 96 reported vulnerabilities.
- Huawei has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
43 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-01-14 | CVE-2020-29495 | Dell | OS Command Injection vulnerability in Dell products DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. | 10.0 |
2021-01-12 | CVE-2021-21465 | SAP | SQL Injection vulnerability in SAP Business Warehouse The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. | 9.9 |
2021-01-15 | CVE-2021-21245 | Onedev Project | Unspecified vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 9.8 |
2021-01-15 | CVE-2021-21242 | Onedev Project | Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 9.8 |
2021-01-15 | CVE-2021-21244 | Onedev Project | Code Injection vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 9.8 |
2021-01-15 | CVE-2021-21243 | Onedev Project | Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 9.8 |
2021-01-15 | CVE-2020-24640 | Arubanetworks | Unspecified vulnerability in Arubanetworks Airwave Glass There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. | 9.8 |
2021-01-15 | CVE-2020-24639 | Arubanetworks | Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave Glass There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. | 9.8 |
2021-01-14 | CVE-2020-29493 | Dell | SQL Injection vulnerability in Dell products DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. | 9.8 |
2021-01-14 | CVE-2020-29016 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname. | 9.8 |
2021-01-14 | CVE-2020-29015 | Fortinet | SQL Injection vulnerability in Fortinet Fortiweb A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement. | 9.8 |
2021-01-14 | CVE-2021-20618 | Acmailer | Improper Privilege Management vulnerability in Acmailer and Acmailer DB Privilege chaining vulnerability in acmailer ver. | 9.8 |
2021-01-14 | CVE-2021-20617 | Acmailer | Unspecified vulnerability in Acmailer and Acmailer DB Improper access control vulnerability in acmailer ver. | 9.8 |
2021-01-14 | CVE-2020-27265 | PTC GE Rockwellautomation Softwaretoolbox | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. | 9.8 |
2021-01-13 | CVE-2020-9140 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Emui and Magic UI There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs. | 9.8 |
2021-01-13 | CVE-2020-27488 | Loxone | Improper Authentication vulnerability in Loxone Miniserver GEN 1 Firmware Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or attackers who are spoofing these devices) can continue to use an unauthenticated cloud service for an indeterminate time period (possibly forever). | 9.8 |
2021-01-13 | CVE-2020-9144 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui and Magic UI There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer. | 9.8 |
2021-01-13 | CVE-2020-23653 | Thinkadmin | Deserialization of Untrusted Data vulnerability in Thinkadmin 4.0/5.0/6.0 An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | 9.8 |
2021-01-13 | CVE-2021-3028 | GIT BIG Picture Project | Improper Input Validation vulnerability in Git-Big-Picture Project Git-Big-Picture git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution. | 9.8 |
2021-01-13 | CVE-2021-23899 | Owasp | XXE vulnerability in Owasp Json-Sanitizer OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. | 9.8 |
2021-01-13 | CVE-2020-5685 | NEC | OS Command Injection vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL. | 9.8 |
2021-01-13 | CVE-2020-5633 | NEC | Improper Authentication vulnerability in NEC Baseboard Management Controller 1.07/1.09 Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors. | 9.8 |
2021-01-12 | CVE-2020-25226 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SCALANCE X-200 switch family (incl. | 9.8 |
2021-01-12 | CVE-2020-15800 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SCALANCE X-200 switch family (incl. | 9.8 |
2021-01-12 | CVE-2021-3129 | Facade | Unspecified vulnerability in Facade Ignition Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). | 9.8 |
2021-01-12 | CVE-2020-35458 | Clusterlabs | OS Command Injection vulnerability in Clusterlabs Hawk 2.2.012/2.3.012 An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. | 9.8 |
2021-01-12 | CVE-2020-26712 | Vanderbilt | SQL Injection vulnerability in Vanderbilt Redcap 10.0.20/10.3.4 REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. | 9.8 |
2021-01-12 | CVE-2020-14275 | Hcltechsw | Unspecified vulnerability in Hcltechsw HCL Commerce Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | 9.8 |
2021-01-12 | CVE-2020-27637 | R Project | Path Traversal vulnerability in R-Project Cran 4.0.2 The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. | 9.8 |
2021-01-11 | CVE-2021-0316 | Out-of-bounds Write vulnerability in Google Android In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2021-01-11 | CVE-2020-0471 | Improper Input Validation vulnerability in Google Android In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. | 9.8 | |
2021-01-11 | CVE-2020-24027 | Live555 | Out-of-bounds Write vulnerability in Live555 Liblivemedia 20200625 In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time. | 9.8 |
2021-01-11 | CVE-2020-11995 | Apache | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. | 9.8 |
2021-01-11 | CVE-2021-3118 | Medicalexpo | SQL Injection vulnerability in Medicalexpo ECS Imaging 6.21.3/6.21.5 EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). | 9.8 |
2021-01-11 | CVE-2020-35205 | Quest | Server-Side Request Forgery (SSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. | 9.8 |
2021-01-14 | CVE-2020-16045 | Use After Free vulnerability in Google Chrome Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 | |
2021-01-14 | CVE-2021-23926 | Apache Netapp Debian Oracle | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
2021-01-14 | CVE-2020-27267 | PTC GE Rockwellautomation Softwaretoolbox | Out-of-bounds Write vulnerability in multiple products KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. | 9.1 |
2021-01-14 | CVE-2020-27263 | PTC GE Rockwellautomation Softwaretoolbox | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. | 9.1 |
2021-01-13 | CVE-2020-9142 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui and Magic UI There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file. | 9.1 |
2021-01-13 | CVE-2020-9141 | Huawei | Improper Privilege Management vulnerability in Huawei Emui and Magic UI There is a improper privilege management vulnerability in some Huawei smartphone. | 9.1 |
2021-01-13 | CVE-2020-9139 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Magic UI There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service. | 9.1 |
2021-01-13 | CVE-2020-9145 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui and Magic UI There is an Out-of-bounds Write vulnerability in some Huawei smartphone. | 9.1 |
206 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-01-15 | CVE-2021-21251 | Onedev Project | Unspecified vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |
2021-01-15 | CVE-2021-21249 | Onedev Project | Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |
2021-01-15 | CVE-2021-21248 | Onedev Project | Code Injection vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |
2021-01-15 | CVE-2021-21247 | Onedev Project | Deserialization of Untrusted Data vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 8.8 |
2021-01-14 | CVE-2020-27220 | Eclipse | Missing Authorization vulnerability in Eclipse Hono The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. | 8.8 |
2021-01-14 | CVE-2020-6572 | Use After Free vulnerability in Google Chrome Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 | |
2021-01-14 | CVE-2021-21261 | Flatpak Debian | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 8.8 |
2021-01-14 | CVE-2020-6776 | Bosch | Cross-Site Request Forgery (CSRF) vulnerability in Bosch Praesensa Firmware and Praesideo Firmware A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). | 8.8 |
2021-01-14 | CVE-2020-29018 | Fortinet | Use of Externally-Controlled Format String vulnerability in Fortinet Fortiweb A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter. | 8.8 |
2021-01-14 | CVE-2020-29017 | Fortinet | OS Command Injection vulnerability in Fortinet Fortideceptor 3.0.0/3.0.1/3.1.0 An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page. | 8.8 |
2021-01-13 | CVE-2021-1144 | Cisco | Incorrect Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. | 8.8 |
2021-01-12 | CVE-2020-26996 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26995 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26994 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26991 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). | 8.8 |
2021-01-12 | CVE-2020-26990 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). | 8.8 |
2021-01-12 | CVE-2020-26988 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26987 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26986 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26985 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26984 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26983 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26982 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2020-26980 | Siemens | Type Confusion vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 8.8 |
2021-01-12 | CVE-2021-21466 | SAP | Code Injection vulnerability in SAP Business Warehouse and Bw/4Hana SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. | 8.8 |
2021-01-12 | CVE-2021-21463 | SAP | Out-of-bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21462 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21461 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21460 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21459 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21458 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21457 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21456 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21455 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21454 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21453 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21452 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21451 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21450 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2021-21449 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 8.8 |
2021-01-12 | CVE-2020-35654 | Python Fedoraproject | Out-of-bounds Write vulnerability in multiple products In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | 8.8 |
2021-01-11 | CVE-2020-35701 | Cacti Fedoraproject | SQL Injection vulnerability in multiple products An issue was discovered in Cacti 1.2.x through 1.2.16. | 8.8 |
2021-01-11 | CVE-2020-23960 | Fork CMS | Cross-Site Request Forgery (CSRF) vulnerability in Fork-Cms Fork CMS Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale. | 8.8 |
2021-01-11 | CVE-2020-26118 | Smartbear | Deserialization of Untrusted Data vulnerability in Smartbear Collaborator In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. | 8.8 |
2021-01-11 | CVE-2020-23630 | Zzcms | SQL Injection vulnerability in Zzcms 201910 A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). | 8.8 |
2021-01-14 | CVE-2020-29494 | Dell | Path Traversal vulnerability in Dell products Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. | 8.7 |
2021-01-13 | CVE-2021-21006 | Adobe | Unspecified vulnerability in Adobe Photoshop Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. | 8.6 |
2021-01-11 | CVE-2021-3121 | Golang Hashicorp | Improper Validation of Array Index vulnerability in multiple products An issue was discovered in GoGo Protobuf before 1.3.2. | 8.6 |
2021-01-13 | CVE-2021-21013 | Adobe | Unspecified vulnerability in Adobe Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. | 8.1 |
2021-01-13 | CVE-2019-4702 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
2021-01-13 | CVE-2021-3139 | Tcmu Runner Project | Path Traversal vulnerability in Tcmu-Runner Project Tcmu-Runner In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. | 8.1 |
2021-01-13 | CVE-2020-28374 | Linux Fedoraproject Debian | Path Traversal vulnerability in multiple products In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. | 8.1 |
2021-01-13 | CVE-2021-21605 | Jenkins | Path Traversal vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | 8.0 |
2021-01-13 | CVE-2021-21604 | Jenkins | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. | 8.0 |
2021-01-15 | CVE-2021-3162 | Docker | Improper Certificate Validation vulnerability in Docker Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | 7.8 |
2021-01-15 | CVE-2021-21237 | GIT Large File Storage Project | Unspecified vulnerability in GIT Large File Storage Project GIT Large File Storage Git LFS is a command line extension for managing large files with Git. | 7.8 |
2021-01-14 | CVE-2020-16119 | Linux Canonical Debian | Use After Free vulnerability in multiple products Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. | 7.8 |
2021-01-13 | CVE-2021-1237 | Cisco | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. | 7.8 |
2021-01-13 | CVE-2021-20616 | Skygroup | Uncontrolled Search Path Element vulnerability in Skygroup Skysea Client View Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
2021-01-13 | CVE-2020-35686 | Soundresearch | Untrusted Search Path vulnerability in Soundresearch Dchu Model Software Component Modules 2.0.9.17 The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL. | 7.8 |
2021-01-12 | CVE-2020-28386 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge Se2020/Se2021 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). | 7.8 |
2021-01-12 | CVE-2020-28384 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge Se2020/Se2021 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). | 7.8 |
2021-01-12 | CVE-2020-28383 | Siemens | Unspecified vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). | 7.8 |
2021-01-12 | CVE-2020-28382 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge Se2020/Se2021 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). | 7.8 |
2021-01-12 | CVE-2020-28381 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge Se2020/Se2021 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). | 7.8 |
2021-01-12 | CVE-2020-26993 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 7.8 |
2021-01-12 | CVE-2020-26992 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 7.8 |
2021-01-12 | CVE-2020-26989 | Siemens | Unspecified vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). | 7.8 |
2021-01-12 | CVE-2021-3134 | Mubu | Unspecified vulnerability in Mubu 2.2.1 Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878. | 7.8 |
2021-01-12 | CVE-2020-35459 | Clusterlabs Debian | OS Command Injection vulnerability in multiple products An issue was discovered in ClusterLabs crmsh through 4.2.1. | 7.8 |
2021-01-12 | CVE-2021-23240 | Sudo Project Netapp Fedoraproject | Link Following vulnerability in multiple products selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. | 7.8 |
2021-01-12 | CVE-2020-26050 | Safervpn | Uncontrolled Search Path Element vulnerability in Safervpn 5.0.3.3/5.0.4.15 SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. | 7.8 |
2021-01-11 | CVE-2021-0318 | Use After Free vulnerability in Google Android In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. | 7.8 | |
2021-01-11 | CVE-2021-0317 | Incorrect Authorization vulnerability in Google Android In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. | 7.8 | |
2021-01-11 | CVE-2021-0310 | Use After Free vulnerability in Google Android 11.0 In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. | 7.8 | |
2021-01-11 | CVE-2021-0307 | Unspecified vulnerability in Google Android 10.0/11.0 In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. | 7.8 | |
2021-01-11 | CVE-2021-0306 | Improper Privilege Management vulnerability in Google Android In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. | 7.8 | |
2021-01-11 | CVE-2020-27059 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. | 7.8 | |
2021-01-11 | CVE-2020-27293 | Deltaww | Type Confusion vulnerability in Deltaww Cncsoft-B 1.0.0.2 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 |
2021-01-11 | CVE-2020-27291 | Deltaww | Out-of-bounds Read vulnerability in Deltaww Cncsoft-B 1.0.0.2 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 |
2021-01-11 | CVE-2020-27289 | Deltaww | NULL Pointer Dereference vulnerability in Deltaww Cncsoft-B 1.0.0.2 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 |
2021-01-11 | CVE-2020-27287 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft-B 1.0.0.2 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 |
2021-01-11 | CVE-2020-27281 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft Screeneditor A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code. | 7.8 |
2021-01-11 | CVE-2020-27277 | Deltaww | NULL Pointer Dereference vulnerability in Deltaww Dopsoft 2.00.07/4.0.8.21/4.00.08.15 Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 |
2021-01-11 | CVE-2020-27275 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Dopsoft 2.00.07/4.0.8.21/4.00.08.15 Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 |
2021-01-11 | CVE-2018-9333 | K7Computing | Improper Privilege Management vulnerability in K7Computing products K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. | 7.8 |
2021-01-11 | CVE-2018-9332 | K7Computing | Improper Privilege Management vulnerability in K7Computing products K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. | 7.8 |
2021-01-11 | CVE-2018-8726 | K7Computing | Classic Buffer Overflow vulnerability in K7Computing products K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. | 7.8 |
2021-01-11 | CVE-2018-8725 | K7Computing | Classic Buffer Overflow vulnerability in K7Computing products K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. | 7.8 |
2021-01-11 | CVE-2018-8724 | K7Computing | Incorrect Authorization vulnerability in K7Computing products K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. | 7.8 |
2021-01-11 | CVE-2018-8044 | K7Computing | Incorrect Authorization vulnerability in K7Computing products K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. | 7.8 |
2021-01-11 | CVE-2018-11010 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | 7.8 |
2021-01-11 | CVE-2018-11009 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | 7.8 |
2021-01-11 | CVE-2020-35483 | Anydesk | Uncontrolled Search Path Element vulnerability in Anydesk 5.4.2/6.0.8 AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. | 7.8 |
2021-01-15 | CVE-2020-35749 | Presstigers | Path Traversal vulnerability in Presstigers Simple Board JOB Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. | 7.7 |
2021-01-12 | CVE-2020-4079 | Combodo | Unspecified vulnerability in Combodo Itop Combodo iTop is a web based IT Service Management tool. | 7.7 |
2021-01-17 | CVE-2021-3113 | Netsia | Forced Browsing vulnerability in Netsia Seba+ 0.16.1 Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. | 7.5 |
2021-01-15 | CVE-2021-21246 | Onedev Project | Unspecified vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 7.5 |
2021-01-15 | CVE-2020-24641 | Arubanetworks | Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. | 7.5 |
2021-01-15 | CVE-2021-22167 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.1. | 7.5 |
2021-01-15 | CVE-2021-22166 | Gitlab | Resource Exhaustion vulnerability in Gitlab 13.7.0/13.7.1 An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method | 7.5 |
2021-01-15 | CVE-2020-35733 | Erlang Fedoraproject | Improper Certificate Validation vulnerability in multiple products An issue was discovered in Erlang/OTP before 23.2.2. | 7.5 |
2021-01-14 | CVE-2020-26732 | Skyworth | Missing Encryption of Sensitive Data vulnerability in Skyworth Gn542Vf BOA Firmware 0.94.13 SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 7.5 |
2021-01-14 | CVE-2021-3138 | Discourse | Improper Restriction of Excessive Authentication Attempts vulnerability in Discourse In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. | 7.5 |
2021-01-13 | CVE-2020-14101 | MI | Unspecified vulnerability in MI Ax1800 Firmware and Rm1800 Firmware The data collection SDK of the router web management interface caused the leakage of the token. | 7.5 |
2021-01-13 | CVE-2020-14098 | MI | Improper Synchronization vulnerability in MI Ax1800 Firmware and Rm1800 Firmware The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. | 7.5 |
2021-01-13 | CVE-2020-14097 | MI | Unspecified vulnerability in MI Redmi AX6 Firmware Wrong nginx configuration, causing specific paths to be downloaded without authorization. | 7.5 |
2021-01-13 | CVE-2021-1223 | Cisco Snort | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 7.5 |
2021-01-13 | CVE-2021-21252 | Jqueryvalidation Netapp | The jQuery Validation Plugin provides drop-in validation for your existing forms. | 7.5 |
2021-01-13 | CVE-2020-4596 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-01-13 | CVE-2020-4595 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-01-13 | CVE-2020-4594 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-01-13 | CVE-2019-4160 | IBM | Inadequate Encryption Strength vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2021-01-13 | CVE-2021-3131 | 1C | Inadequate Encryption Strength vulnerability in 1C 1C:Enterprise The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter. | 7.5 |
2021-01-13 | CVE-2021-23900 | Owasp | Unspecified vulnerability in Owasp Json-Sanitizer OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. | 7.5 |
2021-01-13 | CVE-2020-5686 | NEC | Improper Authentication vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. | 7.5 |
2021-01-12 | CVE-2021-21469 | SAP | Information Exposure vulnerability in SAP Netweaver Master Data Management 7.10/7.10.750/710 When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. | 7.5 |
2021-01-12 | CVE-2021-21446 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service. | 7.5 |
2021-01-12 | CVE-2020-14274 | Hcltechsw | Unspecified vulnerability in Hcltechsw HCL Commerce Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. | 7.5 |
2021-01-12 | CVE-2020-16146 | Espressif | Classic Buffer Overflow vulnerability in Espressif Esp-Idf Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. | 7.5 |
2021-01-11 | CVE-2021-0313 | Improper Input Validation vulnerability in Google Android In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. | 7.5 | |
2021-01-11 | CVE-2020-13559 | Freyrscada | Incorrect Comparison vulnerability in Freyrscada Iec-60879-5-104 Server Simulator 21.04.028 A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. | 7.5 |
2021-01-11 | CVE-2018-11246 | K7Computing | Memory Leak vulnerability in K7Computing products K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak. | 7.5 |
2021-01-11 | CVE-2020-17509 | Apache | HTTP Request Smuggling vulnerability in Apache Traffic Server ATS negative cache option is vulnerable to a cache poisoning attack. | 7.5 |
2021-01-11 | CVE-2020-17508 | Apache | Unspecified vulnerability in Apache Traffic Server The ATS ESI plugin has a memory disclosure vulnerability. | 7.5 |
2021-01-11 | CVE-2021-3116 | Proxy PY Project | Incorrect Comparison vulnerability in Proxy.Py Project Proxy.Py before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or). | 7.5 |
2021-01-11 | CVE-2021-21241 | Flask Security TOO Project | Unspecified vulnerability in Flask-Security-Too Project Flask-Security-Too The Python "Flask-Security-Too" package is used for adding security features to your Flask application. | 7.4 |
2021-01-13 | CVE-2021-1240 | Cisco | Uncontrolled Search Path Element vulnerability in Cisco Proximity A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. | 7.3 |
2021-01-11 | CVE-2021-0319 | Incorrect Authorization vulnerability in Google Android In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. | 7.3 | |
2021-01-11 | CVE-2021-0315 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. | 7.3 | |
2021-01-15 | CVE-2020-24638 | Arubanetworks | Unspecified vulnerability in Arubanetworks Airwave Glass Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. | 7.2 |
2021-01-13 | CVE-2020-14102 | MI | Command Injection vulnerability in MI Ax1800 Firmware and Rm1800 Firmware There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. | 7.2 |
2021-01-13 | CVE-2021-1360 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1307 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1217 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1216 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1215 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1214 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1213 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1212 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1211 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1210 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1209 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1208 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1207 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1206 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1205 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1204 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1203 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1202 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1201 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1200 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1199 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1198 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1197 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1196 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1195 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1194 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1193 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1192 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1191 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1190 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1188 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1187 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1186 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1185 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1184 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1183 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1182 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1181 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1180 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1179 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1178 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1177 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1176 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1175 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1174 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1173 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1172 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1171 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1170 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1169 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1168 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1167 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1166 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1165 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1164 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1163 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1162 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1161 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1160 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1159 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2021-1150 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
2021-01-13 | CVE-2021-1149 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
2021-01-13 | CVE-2021-1148 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
2021-01-13 | CVE-2021-1147 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
2021-01-13 | CVE-2021-1146 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
2021-01-13 | CVE-2021-1189 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. | 7.2 |
2021-01-13 | CVE-2020-35578 | Nagios | OS Command Injection vulnerability in Nagios XI An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. | 7.2 |
2021-01-13 | CVE-2020-26262 | Coturn Project Fedoraproject | Coturn is free open source implementation of TURN and STUN Server. | 7.2 |
2021-01-11 | CVE-2020-2508 | Qnap | Command Injection vulnerability in Qnap QTS A command injection vulnerability has been reported to affect QTS and QuTS hero. | 7.2 |
2021-01-12 | CVE-2020-27148 | Tibco | XXE vulnerability in Tibco EBX Add-Ons The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. | 7.1 |
2021-01-12 | CVE-2020-35653 | Python Fedoraproject Debian | Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | 7.1 |
2021-01-15 | CVE-2020-25533 | Malwarebytes | Race Condition vulnerability in Malwarebytes An issue was discovered in Malwarebytes before 4.0 on macOS. | 7.0 |
2021-01-11 | CVE-2021-0303 | Use After Free vulnerability in Google Android 11.0 In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. | 7.0 | |
2021-01-11 | CVE-2020-17534 | Apache | Race Condition vulnerability in Apache Html/Java API 1.7 There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. | 7.0 |
157 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-01-13 | CVE-2020-15218 | Combodo | Unspecified vulnerability in Combodo Itop Combodo iTop is a web based IT Service Management tool. | 6.8 |
2021-01-11 | CVE-2021-0308 | Google Debian | Out-of-bounds Write vulnerability in multiple products In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. | 6.8 |
2021-01-13 | CVE-2020-9209 | Huawei | Missing Authorization vulnerability in Huawei Smc2.0 Firmware There is a privilege escalation vulnerability in SMC2.0 product. | 6.7 |
2021-01-11 | CVE-2021-0301 | Out-of-bounds Write vulnerability in Google Android In ged, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2021-01-11 | CVE-2021-0342 | Use After Free vulnerability in Google Android In tun_get_user of tun.c, there is possible memory corruption due to a use after free. | 6.7 | |
2021-01-15 | CVE-2021-21250 | Onedev Project | Unspecified vulnerability in Onedev Project Onedev OneDev is an all-in-one devops platform. | 6.5 |
2021-01-15 | CVE-2021-0221 | Juniper | Infinite Loop vulnerability in Juniper Junos In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. | 6.5 |
2021-01-15 | CVE-2021-0209 | Juniper | Access of Uninitialized Pointer vulnerability in Juniper Junos OS Evolved 19.4/20.1 In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). | 6.5 |
2021-01-15 | CVE-2021-22171 | Gitlab | Improper Authentication vulnerability in Gitlab Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | 6.5 |
2021-01-15 | CVE-2021-22168 | Gitlab | Resource Exhaustion vulnerability in Gitlab A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. | 6.5 |
2021-01-15 | CVE-2020-26414 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.4. | 6.5 |
2021-01-15 | CVE-2021-23837 | Flatcore | SQL Injection vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 6.5 |
2021-01-13 | CVE-2020-1866 | Huawei | Out-of-bounds Read vulnerability in Huawei products There is an out-of-bounds read vulnerability in several products. | 6.5 |
2021-01-13 | CVE-2020-1865 | Huawei | Out-of-bounds Read vulnerability in Huawei products There is an out-of-bounds read vulnerability in Huawei CloudEngine products. | 6.5 |
2021-01-13 | CVE-2021-1226 | Cisco | Information Exposure Through Log Files vulnerability in Cisco products A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. | 6.5 |
2021-01-13 | CVE-2021-1145 | Cisco | Link Following vulnerability in Cisco Staros A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. | 6.5 |
2021-01-13 | CVE-2021-21607 | Jenkins | Allocation of Resources Without Limits or Throttling vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors. | 6.5 |
2021-01-13 | CVE-2021-21602 | Jenkins | Link Following vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. | 6.5 |
2021-01-12 | CVE-2020-26981 | Siemens | XXE vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 6.5 |
2021-01-12 | CVE-2020-15799 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SCALANCE X-200 switch family (incl. | 6.5 |
2021-01-12 | CVE-2021-3133 | Sean Barton | Cross-Site Request Forgery (CSRF) vulnerability in Sean-Barton Elementor Contact Form DB The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. | 6.5 |
2021-01-12 | CVE-2021-21471 | SAP | Unspecified vulnerability in SAP Cla-Assistant In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. | 6.5 |
2021-01-12 | CVE-2021-21468 | SAP | Missing Authorization vulnerability in SAP Business Warehouse The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. | 6.5 |
2021-01-12 | CVE-2021-21448 | SAP | Unspecified vulnerability in SAP Graphical User Interface 7.60 SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. | 6.5 |
2021-01-11 | CVE-2021-0312 | Integer Overflow or Wraparound vulnerability in Google Android In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. | 6.5 | |
2021-01-11 | CVE-2021-0311 | Out-of-bounds Write vulnerability in Google Android In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. | 6.5 | |
2021-01-11 | CVE-2020-4869 | IBM | Classic Buffer Overflow vulnerability in IBM MQ Appliance 9.2.0.0 IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. | 6.5 |
2021-01-11 | CVE-2020-13922 | Apache | Incorrect Default Permissions vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1/1.3.1 Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | 6.5 |
2021-01-11 | CVE-2020-35722 | Quest | Cross-Site Request Forgery (CSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. | 6.5 |
2021-01-12 | CVE-2021-23927 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. | 6.4 |
2021-01-17 | CVE-2020-15864 | Quali | Cross-site Scripting vulnerability in Quali Cloudshell 9.3 An issue was discovered in Quali CloudShell 9.3. | 6.1 |
2021-01-15 | CVE-2020-16255 | Owncloud | Cross-site Scripting vulnerability in Owncloud ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.' | 6.1 |
2021-01-14 | CVE-2020-27219 | Eclipse | Cross-site Scripting vulnerability in Eclipse Hawkbit In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. | 6.1 |
2021-01-14 | CVE-2020-16046 | Cross-site Scripting vulnerability in Google Chrome Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 6.1 | |
2021-01-14 | CVE-2020-28470 | Scully | Cross-site Scripting vulnerability in Scully This affects the package @scullyio/scully before 1.0.9. | 6.1 |
2021-01-13 | CVE-2021-1246 | Cisco | Cross-site Scripting vulnerability in Cisco Finesse Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unauthenticated Access Vulnerability A vulnerability in the web management interface of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP could allow an unauthenticated, remote attacker to access the OpenSocial Gadget Editor without providing valid user credentials. The vulnerability is due to missing authentication for a specific section of the web-based management interface. | 6.1 |
2021-01-13 | CVE-2021-1245 | Cisco | Cross-site Scripting vulnerability in Cisco Finesse Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco Finesse and Cisco Unified CVP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
2021-01-13 | CVE-2020-15220 | Combodo | Unspecified vulnerability in Combodo Itop Combodo iTop is a web based IT Service Management tool. | 6.1 |
2021-01-13 | CVE-2021-21613 | Jenkins | Cross-site Scripting vulnerability in Jenkins Tics 2020.3.0.6 Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content. | 6.1 |
2021-01-13 | CVE-2021-21610 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup. | 6.1 |
2021-01-12 | CVE-2021-23936 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows XSS via the subject of a task. | 6.1 |
2021-01-12 | CVE-2021-23935 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. | 6.1 |
2021-01-12 | CVE-2021-23934 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. | 6.1 |
2021-01-12 | CVE-2021-23933 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. | 6.1 |
2021-01-12 | CVE-2021-23932 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. | 6.1 |
2021-01-12 | CVE-2021-23931 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows XSS via an inline binary file. | 6.1 |
2021-01-12 | CVE-2021-23930 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile. | 6.1 |
2021-01-12 | CVE-2021-23929 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI. | 6.1 |
2021-01-12 | CVE-2021-23928 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. | 6.1 |
2021-01-12 | CVE-2021-23125 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! An issue was discovered in Joomla! 3.1.0 through 3.9.23. | 6.1 |
2021-01-12 | CVE-2021-23124 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! An issue was discovered in Joomla! 3.9.0 through 3.9.23. | 6.1 |
2021-01-12 | CVE-2020-36190 | Rails Admin Project | Cross-site Scripting vulnerability in Rails Admin Project Rails Admin RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms. | 6.1 |
2021-01-12 | CVE-2020-26713 | Vanderbilt | Cross-site Scripting vulnerability in Vanderbilt Redcap 10.0.20/10.3.4 REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. | 6.1 |
2021-01-12 | CVE-2020-24701 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). | 6.1 |
2021-01-11 | CVE-2020-23631 | Wdja | Cross-Site Request Forgery (CSRF) vulnerability in Wdja CMS 1.5 Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter. | 6.1 |
2021-01-11 | CVE-2020-23849 | Jsoneditoronline | Cross-site Scripting vulnerability in Jsoneditoronline Jsoneditor Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript. | 6.1 |
2021-01-11 | CVE-2020-23644 | Jizhicms | Cross-site Scripting vulnerability in Jizhicms 1.7.1 XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | 6.1 |
2021-01-11 | CVE-2020-23643 | Jizhicms | Cross-site Scripting vulnerability in Jizhicms 1.7.1 XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | 6.1 |
2021-01-11 | CVE-2020-35726 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. | 6.1 |
2021-01-11 | CVE-2020-35725 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. | 6.1 |
2021-01-11 | CVE-2020-35719 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. | 6.1 |
2021-01-11 | CVE-2020-35206 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. | 6.1 |
2021-01-11 | CVE-2020-35204 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. | 6.1 |
2021-01-11 | CVE-2020-35203 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. | 6.1 |
2021-01-14 | CVE-2021-24122 | Apache Debian Oracle | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. | 5.9 |
2021-01-12 | CVE-2020-28395 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. | 5.9 |
2021-01-12 | CVE-2020-28391 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SCALANCE X-200 switch family (incl. | 5.9 |
2021-01-12 | CVE-2020-25657 | M2Crypto Project Redhat Fedoraproject | A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. | 5.9 |
2021-01-11 | CVE-2020-25659 | Cryptography IO Oracle | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | 5.9 |
2021-01-14 | CVE-2020-27368 | Totolink | Files or Directories Accessible to External Parties vulnerability in Totolink A702R Firmware 1.0.0B20161227.1023 Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. | 5.5 |
2021-01-13 | CVE-2013-1053 | Canonical | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Canonical Remote-Login-Service 1.0.00Ubuntu3 In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. | 5.5 |
2021-01-13 | CVE-2021-1258 | Cisco Mcafee | Improper Privilege Management vulnerability in multiple products A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. | 5.5 |
2021-01-13 | CVE-2021-1126 | Cisco | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Secure Firewall Management Center A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. | 5.5 |
2021-01-13 | CVE-2021-21614 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Bumblebee HP ALM Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 |
2021-01-13 | CVE-2021-21612 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Tracetronic Ecu-Test Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 5.5 |
2021-01-12 | CVE-2020-28390 | Siemens | Insufficiently Protected Credentials vulnerability in Siemens Opcenter Execution Core 8.2/8.3 A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). | 5.5 |
2021-01-11 | CVE-2021-0321 | Information Exposure Through Discrepancy vulnerability in Google Android 11.0 In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determine if a package is installed due to side channel information disclosure. | 5.5 | |
2021-01-11 | CVE-2021-0309 | Unspecified vulnerability in Google Android In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. | 5.5 | |
2021-01-11 | CVE-2021-0304 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. | 5.5 | |
2021-01-11 | CVE-2018-11008 | K7Computing | Improper Privilege Management vulnerability in K7Computing products An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | 5.5 |
2021-01-11 | CVE-2018-11007 | K7Computing | Out-of-bounds Write vulnerability in K7Computing products A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | 5.5 |
2021-01-11 | CVE-2018-11006 | K7Computing | Improper Privilege Management vulnerability in K7Computing products An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | 5.5 |
2021-01-11 | CVE-2018-11005 | K7Computing | Out-of-bounds Read vulnerability in K7Computing products A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | 5.5 |
2021-01-11 | CVE-2020-26800 | Ethereum | Out-of-bounds Write vulnerability in Ethereum Aleth A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service. | 5.5 |
2021-01-15 | CVE-2020-35748 | Foliovision | Cross-site Scripting vulnerability in Foliovision FV Flowplayer Video Player Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter. | 5.4 |
2021-01-15 | CVE-2019-16961 | Solarwinds | Cross-site Scripting vulnerability in Solarwinds web Help Desk 12.7.0 SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. | 5.4 |
2021-01-15 | CVE-2020-35582 | Enviragallery | Cross-site Scripting vulnerability in Enviragallery Envira Gallery A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter. | 5.4 |
2021-01-15 | CVE-2020-35581 | Enviragallery | Cross-site Scripting vulnerability in Enviragallery Envira Gallery A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter. | 5.4 |
2021-01-14 | CVE-2020-29587 | Simplcommerce | Cross-site Scripting vulnerability in Simplcommerce 1.0.0 SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. | 5.4 |
2021-01-14 | CVE-2020-26733 | Skyworth | Cross-site Scripting vulnerability in Skyworth Gn542Vf Firmware 2.0.0.16 Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section. | 5.4 |
2021-01-13 | CVE-2021-1311 | Cisco | Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Webex Meetings Server A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. | 5.4 |
2021-01-13 | CVE-2021-1127 | Cisco | Cross-site Scripting vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 5.4 |
2021-01-13 | CVE-2020-15221 | Combodo | Unspecified vulnerability in Combodo Itop Combodo iTop is a web based IT Service Management tool. | 5.4 |
2021-01-13 | CVE-2021-21611 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types. | 5.4 |
2021-01-13 | CVE-2021-21608 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels. | 5.4 |
2021-01-13 | CVE-2021-21603 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. | 5.4 |
2021-01-12 | CVE-2020-13116 | Carbonite | Cross-site Scripting vulnerability in Carbonite Server Backup Portal 8.81/8.85 OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation. | 5.4 |
2021-01-12 | CVE-2021-21447 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 410/420 SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting. | 5.4 |
2021-01-12 | CVE-2021-21445 | SAP | HTTP Request Smuggling vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. | 5.4 |
2021-01-12 | CVE-2020-4838 | IBM | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. | 5.4 |
2021-01-12 | CVE-2020-35655 | Python Fedoraproject | Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | 5.4 |
2021-01-12 | CVE-2020-24700 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. | 5.4 |
2021-01-11 | CVE-2020-26298 | Redcarpet Project Debian | Redcarpet is a Ruby library for Markdown processing. | 5.4 |
2021-01-11 | CVE-2020-35727 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. | 5.4 |
2021-01-11 | CVE-2020-35724 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). | 5.4 |
2021-01-11 | CVE-2020-35723 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. | 5.4 |
2021-01-11 | CVE-2020-35721 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. | 5.4 |
2021-01-11 | CVE-2020-35720 | Quest | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. | 5.4 |
2021-01-14 | CVE-2020-29019 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header. | 5.3 |
2021-01-13 | CVE-2021-1236 | Cisco Snort | Always-Incorrect Control Flow Implementation vulnerability in multiple products Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. | 5.3 |
2021-01-13 | CVE-2021-1224 | Cisco Snort | Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 5.3 |
2021-01-13 | CVE-2020-9143 | Huawei | Missing Authentication for Critical Function vulnerability in Huawei Emui and Magic UI There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure. | 5.3 |
2021-01-13 | CVE-2020-9138 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui and Magic UI There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating. | 5.3 |
2021-01-13 | CVE-2020-4600 | IBM | Information Exposure Through an Error Message vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
2021-01-13 | CVE-2020-4599 | IBM | Information Exposure Through an Error Message vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
2021-01-13 | CVE-2019-4687 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. | 5.3 |
2021-01-13 | CVE-2021-21609 | Jenkins | Incorrect Authorization vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. | 5.3 |
2021-01-12 | CVE-2021-23123 | Joomla | Missing Authorization vulnerability in Joomla Joomla! An issue was discovered in Joomla! 3.0.0 through 3.9.23. | 5.3 |
2021-01-11 | CVE-2020-24025 | Sass Lang | Improper Certificate Validation vulnerability in Sass-Lang Node-Sass Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. | 5.3 |
2021-01-11 | CVE-2021-23253 | Opera | Unspecified vulnerability in Opera Mini Opera Mini for Android below 53.1 displays URL left-aligned in the address field. | 5.3 |
2021-01-11 | CVE-2019-3405 | 360 | Unspecified vulnerability in 360 360F5 Firmware 3.1.3.64296 In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router wireless by DoS. | 5.3 |
2021-01-11 | CVE-2021-0322 | Improper Input Validation vulnerability in Google Android 10.0/11.0/9.0 In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. | 5.0 | |
2021-01-15 | CVE-2021-23835 | Flatcore | Improper Input Validation vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 4.9 |
2021-01-15 | CVE-2021-23838 | Flatcore | Cross-site Scripting vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 4.8 |
2021-01-15 | CVE-2021-23836 | Flatcore | Cross-site Scripting vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 4.8 |
2021-01-14 | CVE-2021-22132 | Elastic Oracle | Insufficiently Protected Credentials vulnerability in multiple products Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. | 4.8 |
2021-01-14 | CVE-2020-6777 | Bosch | Cross-site Scripting vulnerability in Bosch Praesensa Firmware and Praesideo Firmware A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. | 4.8 |
2021-01-13 | CVE-2021-1239 | Cisco | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. | 4.8 |
2021-01-13 | CVE-2021-1238 | Cisco | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. | 4.8 |
2021-01-13 | CVE-2021-1158 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.8 |
2021-01-13 | CVE-2021-1157 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.8 |
2021-01-13 | CVE-2021-1156 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.8 |
2021-01-13 | CVE-2021-1155 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.8 |
2021-01-13 | CVE-2021-1154 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.8 |
2021-01-13 | CVE-2021-1153 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.8 |
2021-01-13 | CVE-2021-1152 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.8 |
2021-01-13 | CVE-2021-1151 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. | 4.8 |
2021-01-13 | CVE-2021-1130 | Cisco | Cross-site Scripting vulnerability in Cisco DNA Center A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 4.8 |
2021-01-13 | CVE-2021-1310 | Cisco | Open Redirect vulnerability in Cisco Webex Meetings A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. | 4.7 |
2021-01-11 | CVE-2021-0320 | Race Condition vulnerability in Google Android 10.0/11.0 In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. | 4.7 | |
2021-01-13 | CVE-2020-36191 | Jupyter | Cross-Site Request Forgery (CSRF) vulnerability in Jupyter Jupyterhub 1.1.0 JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account). | 4.5 |
2021-01-14 | CVE-2021-21722 | ZTE | Information Exposure Through Log Files vulnerability in ZTE Zxv10 B860A Firmware V2.1Tv0032.1.1.04Jiangsutelecom A ZTE Smart STB is impacted by an information leak vulnerability. | 4.4 |
2021-01-13 | CVE-2020-4604 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. | 4.4 |
2021-01-13 | CVE-2020-4602 | IBM | Insufficiently Protected Credentials vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. | 4.4 |
2021-01-12 | CVE-2021-21470 | SAP | XXE vulnerability in SAP Enterprise Performance Management 1010/2.8 SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configuration files. | 4.4 |
2021-01-13 | CVE-2021-1267 | Cisco | XML Entity Expansion vulnerability in Cisco Secure Firewall Management Center A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 4.3 |
2021-01-13 | CVE-2021-1242 | Cisco | Unspecified vulnerability in Cisco Webex Teams A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. | 4.3 |
2021-01-13 | CVE-2021-1143 | Cisco | Missing Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. | 4.3 |
2021-01-13 | CVE-2021-1131 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. | 4.3 |
2021-01-13 | CVE-2020-4597 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2021-01-13 | CVE-2020-35687 | PHP Fusion | Cross-Site Request Forgery (CSRF) vulnerability in PHP-Fusion PHPfusion 9.03.90 PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim. | 4.3 |
2021-01-13 | CVE-2020-15219 | Combodo | Unspecified vulnerability in Combodo Itop Combodo iTop is a web based IT Service Management tool. | 4.3 |
2021-01-13 | CVE-2021-21606 | Jenkins | Improper Input Validation vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path. | 4.3 |
2021-01-12 | CVE-2021-21467 | SAP | Missing Authorization vulnerability in SAP Banking Services SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 4.3 |
2021-01-12 | CVE-2021-21464 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2021-01-12 | CVE-2020-4674 | IBM | Insecure Storage of Sensitive Information vulnerability in IBM Workload Automation 9.5 IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. | 4.3 |
2021-01-12 | CVE-2020-4673 | IBM | Insecure Storage of Sensitive Information vulnerability in IBM Workload Automation 9.5 IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-01-13 | CVE-2020-9203 | Huawei | Resource Exhaustion vulnerability in Huawei P30 Firmware There is a resource management errors vulnerability in Huawei P30. | 3.3 |
2021-01-11 | CVE-2020-24003 | Microsoft | Unspecified vulnerability in Microsoft Skype 8.59.0.77 Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access. | 3.3 |
2021-01-12 | CVE-2020-14341 | Redhat | Unspecified vulnerability in Redhat Single Sign-On The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. | 2.7 |
2021-01-12 | CVE-2021-23239 | Sudo Project Netapp Fedoraproject Debian | Link Following vulnerability in multiple products The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | 2.5 |