Weekly Vulnerabilities Reports > January 11 to 17, 2021

Overview

517 new vulnerabilities reported during this period, including 99 critical vulnerabilities and 62 high severity vulnerabilities. This weekly summary report vulnerabilities in 338 products from 108 vendors including Cisco, Microsoft, Siemens, SAP, and Google. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "Improper Privilege Management", "Information Exposure", and "Improper Input Validation".

  • 405 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 137 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 342 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 96 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 66 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

99 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-01-15 CVE-2020-24640 Arubanetworks Unspecified vulnerability in Arubanetworks Airwave Glass

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3.

10.0
2021-01-15 CVE-2020-24639 Arubanetworks Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave Glass

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3.

10.0
2021-01-14 CVE-2020-29495 Dell OS Command Injection vulnerability in Dell products

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer.

10.0
2021-01-14 CVE-2021-20618 Acmailer Improper Privilege Management vulnerability in Acmailer and Acmailer DB

Privilege chaining vulnerability in acmailer ver.

10.0
2021-01-14 CVE-2021-20617 Acmailer Improper Privilege Management vulnerability in Acmailer and Acmailer DB

Improper access control vulnerability in acmailer ver.

10.0
2021-01-13 CVE-2020-5685 NEC OS Command Injection vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware

UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL.

10.0
2021-01-12 CVE-2020-25226 Siemens Out-Of-Bounds Write vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X-200 switch family (incl.

10.0
2021-01-12 CVE-2020-35458 Clusterlabs Code Injection vulnerability in Clusterlabs Hawk 2.2.012/2.3.012

An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x.

10.0
2021-01-12 CVE-2020-26712 Evms SQL Injection vulnerability in Evms Redcap 10.0.20/10.3.4

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter.

10.0
2021-01-12 CVE-2020-27637 R Project Path Traversal vulnerability in R-Project Cran 4.0.2

The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise.

10.0
2021-01-11 CVE-2021-0316 Google Out-Of-Bounds Write vulnerability in Google Android

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check.

10.0
2021-01-14 CVE-2020-6572 Google USE After Free vulnerability in Google Chrome

Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

9.3
2021-01-12 CVE-2020-15800 Siemens Out-Of-Bounds Write vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X-200 switch family (incl.

9.3
2021-01-12 CVE-2021-1716 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.

9.3
2021-01-12 CVE-2021-1715 Microsoft Out-Of-Bounds Write vulnerability in Microsoft products

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716.

9.3
2021-01-12 CVE-2021-1711 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office

Microsoft Office Remote Code Execution Vulnerability

9.3
2021-01-12 CVE-2021-1668 Microsoft Unspecified vulnerability in Microsoft products

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability

9.3
2021-01-12 CVE-2021-1644 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1643.

9.3
2021-01-12 CVE-2021-1643 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0/1.0.32763.0

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1644.

9.3
2021-01-11 CVE-2020-27277 Deltaww Null Pointer Dereference vulnerability in Deltaww Dopsoft 2.00.07/4.0.8.21/4.00.08.15

Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.

9.3
2021-01-11 CVE-2020-27275 Deltaww Out-Of-Bounds Write vulnerability in Deltaww Dopsoft 2.00.07/4.0.8.21/4.00.08.15

Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.

9.3
2021-01-15 CVE-2020-24638 Arubanetworks Unspecified vulnerability in Arubanetworks Airwave Glass

Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli.

9.0
2021-01-14 CVE-2020-27220 Eclipse Missing Authorization vulnerability in Eclipse Hono

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device.

9.0
2021-01-14 CVE-2020-29017 Fortinet OS Command Injection vulnerability in Fortinet Fortideceptor 3.0.0/3.0.1/3.1.0

An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.

9.0
2021-01-13 CVE-2020-14102 MI Command Injection vulnerability in MI Ax1800 Firmware and Rm1800 Firmware

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router.

9.0
2021-01-13 CVE-2021-1360 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1307 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1217 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1216 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1215 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1214 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1213 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1212 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1211 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1210 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1209 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1208 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1207 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1206 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1205 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1204 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1203 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1202 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1201 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1200 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1199 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1198 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1197 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1196 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1195 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1194 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1193 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1192 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1191 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1190 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1188 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1187 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1186 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1185 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1184 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1183 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1182 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1181 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1180 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1179 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1178 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1177 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1176 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1175 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1174 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1173 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1172 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1171 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1170 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1169 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1168 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1167 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1166 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1165 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1164 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1163 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1162 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1161 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1160 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1159 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2021-1150 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

9.0
2021-01-13 CVE-2021-1149 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

9.0
2021-01-13 CVE-2021-1148 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

9.0
2021-01-13 CVE-2021-1147 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

9.0
2021-01-13 CVE-2021-1146 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.

9.0
2021-01-13 CVE-2021-1189 Cisco Out-Of-Bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.

9.0
2021-01-13 CVE-2020-35578 Nagios OS Command Injection vulnerability in Nagios XI

An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0.

9.0
2021-01-13 CVE-2020-5633 NEC Improper Authentication vulnerability in NEC Baseboard Management Controller

Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.

9.0
2021-01-12 CVE-2021-1707 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SharePoint Server Remote Code Execution Vulnerability

9.0
2021-01-12 CVE-2021-1706 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows LUAFV Elevation of Privilege Vulnerability

9.0
2021-01-12 CVE-2021-1701 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700.

9.0
2021-01-12 CVE-2021-1700 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701.

9.0
2021-01-12 CVE-2021-1667 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

9.0
2021-01-11 CVE-2020-26118 Smartbear OS Command Injection vulnerability in Smartbear Collaborator

In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability.

9.0

62 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-01-11 CVE-2018-11006 K7Computing Improper Privilege Management vulnerability in K7Computing products

An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

8.8
2021-01-13 CVE-2021-1240 Cisco Uncontrolled Search Path Element vulnerability in Cisco Proximity

A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library.

8.5
2021-01-11 CVE-2021-0313 Google Improper Input Validation vulnerability in Google Android

In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation.

7.8
2021-01-12 CVE-2021-1705 Microsoft Unspecified vulnerability in Microsoft Edge

Microsoft Edge (HTML-based) Memory Corruption Vulnerability

7.6
2021-01-15 CVE-2021-21245 Onedev Project Unrestricted Upload of File With Dangerous Type vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

7.5
2021-01-15 CVE-2021-21242 Onedev Project Deserialization of Untrusted Data vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

7.5
2021-01-15 CVE-2021-21244 Onedev Project Injection vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

7.5
2021-01-15 CVE-2021-21243 Onedev Project Deserialization of Untrusted Data vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

7.5
2021-01-14 CVE-2020-29493 Dell SQL Injection vulnerability in Dell products

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer.

7.5
2021-01-14 CVE-2020-29016 Fortinet Out-Of-Bounds Write vulnerability in Fortinet Fortiweb

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.

7.5
2021-01-14 CVE-2020-29015 Fortinet SQL Injection vulnerability in Fortinet Fortiweb

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.

7.5
2021-01-14 CVE-2020-27265 GE
PTC
Rockwellautomation
Softwaretoolbox
Out-Of-Bounds Write vulnerability in multiple products

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow.

7.5
2021-01-13 CVE-2020-9140 Huawei Out-Of-Bounds Write vulnerability in Huawei Emui and Magic UI

There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs.

7.5
2021-01-13 CVE-2020-27488 Loxone Improper Authentication vulnerability in Loxone Miniserver GEN 1 Firmware

Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or attackers who are spoofing these devices) can continue to use an unauthenticated cloud service for an indeterminate time period (possibly forever).

7.5
2021-01-13 CVE-2020-9144 Huawei Out-Of-Bounds Write vulnerability in Huawei Emui and Magic UI

There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer.

7.5
2021-01-13 CVE-2020-23653 Ctolog Deserialization of Untrusted Data vulnerability in Ctolog Thinkadmin 4.0/5.0/6.0

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.

7.5
2021-01-13 CVE-2021-3028 GIT BIG Picture Project Improper Input Validation vulnerability in Git-Big-Picture Project Git-Big-Picture

git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.

7.5
2021-01-13 CVE-2021-23899 Owasp XXE vulnerability in Owasp Json-Sanitizer

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input.

7.5
2021-01-12 CVE-2021-1694 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Update Stack Elevation of Privilege Vulnerability

7.5
2021-01-12 CVE-2021-3129 Facade Unspecified vulnerability in Facade Ignition

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents().

7.5
2021-01-12 CVE-2020-14275 Hcltechsw Unspecified vulnerability in Hcltechsw HCL Commerce

Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.

7.5
2021-01-11 CVE-2020-0471 Google Improper Privilege Management vulnerability in Google Android

In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation.

7.5
2021-01-11 CVE-2020-24027 Live555 Out-Of-Bounds Write vulnerability in Live555 Liblivemedia 20200625

In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.

7.5
2021-01-11 CVE-2020-11995 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution.

7.5
2021-01-11 CVE-2021-3121 Golang Improper Validation of Array Index vulnerability in Golang Protobuf

An issue was discovered in GoGo Protobuf before 1.3.2.

7.5
2021-01-11 CVE-2021-3118 Medicalexpo SQL Injection vulnerability in Medicalexpo ECS Imaging 6.21.3/6.21.5

** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=).

7.5
2021-01-11 CVE-2020-35205 Quest Server-Side Request Forgery (SSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file.

7.5
2021-01-15 CVE-2021-0223 Juniper Improper Privilege Management vulnerability in Juniper Junos 15.1/17.3

A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root.

7.2
2021-01-15 CVE-2021-0219 Juniper OS Command Injection vulnerability in Juniper Junos

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege.

7.2
2021-01-15 CVE-2021-0218 Juniper OS Command Injection vulnerability in Juniper Junos

A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege.

7.2
2021-01-15 CVE-2021-0212 Juniper Information Exposure vulnerability in Juniper Contrail Networking

An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system.

7.2
2021-01-15 CVE-2021-0204 Juniper Information Exposure vulnerability in Juniper Junos 15.1/17.3

A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users.

7.2
2021-01-14 CVE-2021-21261 Flatpak
Debian
Injection vulnerability in multiple products

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

7.2
2021-01-13 CVE-2021-1237 Cisco Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack.

7.2
2021-01-12 CVE-2021-1709 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Win32k Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2021-1704 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Hyper-V Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2021-1703 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Event Logging Service Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2021-1702 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2021-1697 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows InstallService Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2021-1695 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2021-1693 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688.

7.2
2021-01-12 CVE-2021-1657 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Fax Compose Form Remote Code Execution Vulnerability

7.2
2021-01-12 CVE-2021-1655 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

7.2
2021-01-12 CVE-2021-1654 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

7.2
2021-01-12 CVE-2021-1653 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

7.2
2021-01-12 CVE-2021-1652 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

7.2
2021-01-12 CVE-2021-1651 Microsoft Improper Privilege Management vulnerability in Microsoft products

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1680.

7.2
2021-01-12 CVE-2021-1650 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2021-1649 Microsoft Improper Privilege Management vulnerability in Microsoft products

Active Template Library Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2021-1648 Microsoft Improper Privilege Management vulnerability in Microsoft products

Microsoft splwow64 Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2021-1647 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Defender Remote Code Execution Vulnerability

7.2
2021-01-12 CVE-2021-1646 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows WLAN Service Elevation of Privilege Vulnerability

7.2
2021-01-12 CVE-2020-35459 Clusterlabs
Debian
Improper Privilege Management vulnerability in multiple products

An issue was discovered in ClusterLabs crmsh through 4.2.1.

7.2
2021-01-12 CVE-2020-26050 Safervpn Improper Privilege Management vulnerability in Safervpn 5.0.3.3/5.0.4.15

SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file.

7.2
2021-01-11 CVE-2021-0318 Google USE After Free vulnerability in Google Android

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free.

7.2
2021-01-11 CVE-2021-0310 Google USE After Free vulnerability in Google Android 11.0

In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free.

7.2
2021-01-11 CVE-2021-0308 Google
Debian
Out-Of-Bounds Write vulnerability in multiple products

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check.

7.2
2021-01-11 CVE-2021-0307 Google Unspecified vulnerability in Google Android 10.0/11.0

In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy.

7.2
2021-01-11 CVE-2021-0306 Google Improper Privilege Management vulnerability in Google Android

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation.

7.2
2021-01-12 CVE-2020-15799 Siemens Missing Authentication for Critical Function vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X-200 switch family (incl.

7.1
2021-01-11 CVE-2021-0312 Google Integer Overflow OR Wraparound vulnerability in Google Android

In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow.

7.1
2021-01-11 CVE-2021-0311 Google Out-Of-Bounds Write vulnerability in Google Android

In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check.

7.1

278 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-01-15 CVE-2020-25533 Malwarebytes Race Condition vulnerability in Malwarebytes

An issue was discovered in Malwarebytes before 4.0 on macOS.

6.9
2021-01-11 CVE-2021-0303 Google USE After Free vulnerability in Google Android 11.0

In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition.

6.9
2021-01-14 CVE-2020-16045 Google USE After Free vulnerability in Google Chrome

Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

6.8
2021-01-14 CVE-2020-6776 Bosch Cross-Site Request Forgery (CSRF) vulnerability in Bosch Praesensa Firmware and Praesideo Firmware

A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery).

6.8
2021-01-13 CVE-2021-21013 Adobe Incorrect Authorization vulnerability in Adobe Bridge

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module.

6.8
2021-01-13 CVE-2021-21012 Adobe Incorrect Authorization vulnerability in Adobe Bridge

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module.

6.8
2021-01-13 CVE-2021-21008 Adobe Uncontrolled Search Path Element vulnerability in Adobe Animate 15.2.1.95/20.5/21.0

Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user.

6.8
2021-01-13 CVE-2021-21007 Adobe Uncontrolled Search Path Element vulnerability in Adobe Illustrator

Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user.

6.8
2021-01-13 CVE-2021-21006 Adobe Heap-Based Buffer Overflow vulnerability in Adobe Photoshop

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file.

6.8
2021-01-12 CVE-2020-28386 Siemens Out-Of-Bounds Write vulnerability in Siemens Solid Edge Se2021

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2).

6.8
2021-01-12 CVE-2020-28384 Siemens Out-Of-Bounds Write vulnerability in Siemens Solid Edge Se2021

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2).

6.8
2021-01-12 CVE-2020-28383 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All Versions < V13.1.0).

6.8
2021-01-12 CVE-2020-28382 Siemens Out-Of-Bounds Write vulnerability in Siemens Solid Edge Se2021

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2).

6.8
2021-01-12 CVE-2020-28381 Siemens Out-Of-Bounds Write vulnerability in Siemens Solid Edge Se2021

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2).

6.8
2021-01-12 CVE-2020-26996 Siemens Out-Of-Bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26995 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26994 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26993 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26992 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26991 Siemens Null Pointer Dereference vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

6.8
2021-01-12 CVE-2020-26990 Siemens Type Confusion vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

6.8
2021-01-12 CVE-2020-26989 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go, Solid Edge and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All Versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26988 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26987 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26986 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26985 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26984 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26983 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26982 Siemens Out-Of-Bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2020-26980 Siemens Type Confusion vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

6.8
2021-01-12 CVE-2021-1714 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1713.

6.8
2021-01-12 CVE-2021-1713 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1714.

6.8
2021-01-12 CVE-2021-1710 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

6.8
2021-01-12 CVE-2021-1665 Microsoft Unspecified vulnerability in Microsoft products

GDI+ Remote Code Execution Vulnerability

6.8
2021-01-12 CVE-2021-3133 Sean Barton Cross-Site Request Forgery (CSRF) vulnerability in Sean-Barton Elementor Contact Form DB

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.

6.8
2021-01-12 CVE-2021-21463 SAP Out-Of-Bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21462 SAP Out-Of-Bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21461 SAP Out-Of-Bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21460 SAP Out-Of-Bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21459 SAP Out-Of-Bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21458 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21457 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21456 SAP Out-Of-Bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21455 SAP Out-Of-Bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21454 SAP Out-Of-Bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21453 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21452 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21451 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21450 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2021-21449 SAP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

6.8
2021-01-12 CVE-2020-35654 Python
Fedoraproject
Out-Of-Bounds Write vulnerability in multiple products

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

6.8
2021-01-11 CVE-2020-27293 Deltaww Type Confusion vulnerability in Deltaww Cncsoft-B 1.0.0.2

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.

6.8
2021-01-11 CVE-2020-27291 Deltaww Out-Of-Bounds Read vulnerability in Deltaww Cncsoft-B 1.0.0.2

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.

6.8
2021-01-11 CVE-2020-27289 Deltaww Null Pointer Dereference vulnerability in Deltaww Cncsoft-B 1.0.0.2

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.

6.8
2021-01-11 CVE-2020-27287 Deltaww Out-Of-Bounds Write vulnerability in Deltaww Cncsoft-B 1.0.0.2

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.

6.8
2021-01-11 CVE-2020-27281 Deltaww Out-Of-Bounds Write vulnerability in Deltaww Cncsoft Screeneditor 1.00.88/1.00.96/1.01.23

A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code.

6.8
2021-01-11 CVE-2020-23960 Fork CMS Cross-Site Request Forgery (CSRF) vulnerability in Fork-Cms Fork

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.

6.8
2021-01-11 CVE-2018-11010 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

6.8
2021-01-11 CVE-2018-11009 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

6.8
2021-01-15 CVE-2021-21251 Onedev Project Path Traversal vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

6.5
2021-01-15 CVE-2021-21249 Onedev Project Injection vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

6.5
2021-01-15 CVE-2021-21248 Onedev Project Injection vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

6.5
2021-01-15 CVE-2021-21247 Onedev Project Deserialization of Untrusted Data vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

6.5
2021-01-14 CVE-2020-29018 Fortinet USE of Externally-Controlled Format String vulnerability in Fortinet Fortiweb 6.3.0/6.3.5

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.

6.5
2021-01-13 CVE-2021-1144 Cisco Incorrect Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2

A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system.

6.5
2021-01-12 CVE-2021-1718 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation 2010

Microsoft SharePoint Server Tampering Vulnerability

6.5
2021-01-12 CVE-2021-1674 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability

6.5
2021-01-12 CVE-2021-1673 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1700, CVE-2021-1701.

6.5
2021-01-12 CVE-2021-1671 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

6.5
2021-01-12 CVE-2021-1669 Microsoft Incorrect Authorization vulnerability in Microsoft products

Windows Remote Desktop Security Feature Bypass Vulnerability

6.5
2021-01-12 CVE-2021-1666 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

6.5
2021-01-12 CVE-2021-1664 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

6.5
2021-01-12 CVE-2021-1660 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

6.5
2021-01-12 CVE-2021-1658 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.

6.5
2021-01-12 CVE-2021-1636 Microsoft SQL Injection vulnerability in Microsoft SQL Server

Microsoft SQL Elevation of Privilege Vulnerability

6.5
2021-01-12 CVE-2021-21466 SAP Code Injection vulnerability in SAP Business Warehouse and Bw/4Hana

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network.

6.5
2021-01-12 CVE-2021-21465 SAP SQL Injection vulnerability in SAP Business Warehouse

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database.

6.5
2021-01-11 CVE-2020-35701 Cacti SQL Injection vulnerability in Cacti

An issue was discovered in Cacti 1.2.x through 1.2.16.

6.5
2021-01-11 CVE-2020-2508 Qnap Command Injection vulnerability in Qnap QTS

A command injection vulnerability has been reported to affect QTS and QuTS hero.

6.5
2021-01-11 CVE-2020-23630 Zzcms SQL Injection vulnerability in Zzcms 201910

A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).

6.5
2021-01-15 CVE-2021-0211 Juniper Improper Check for Unusual OR Exceptional Conditions vulnerability in Juniper Junos

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition.

6.4
2021-01-14 CVE-2021-23926 Apache
Netapp
XML Entity Expansion vulnerability in multiple products

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input.

6.4
2021-01-14 CVE-2020-27267 GE
PTC
Rockwellautomation
Softwaretoolbox
Out-Of-Bounds Write vulnerability in multiple products

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow.

6.4
2021-01-14 CVE-2020-27263 GE
PTC
Rockwellautomation
Softwaretoolbox
Out-Of-Bounds Write vulnerability in multiple products

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow.

6.4
2021-01-13 CVE-2020-9142 Huawei Out-Of-Bounds Write vulnerability in Huawei Emui and Magic UI

There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file.

6.4
2021-01-13 CVE-2020-9141 Huawei Insufficient Verification of Data Authenticity vulnerability in Huawei Emui and Magic UI

There is a improper privilege management vulnerability in some Huawei smartphone.

6.4
2021-01-13 CVE-2020-9139 Huawei Improper Input Validation vulnerability in Huawei Emui and Magic UI

There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service.

6.4
2021-01-13 CVE-2020-9145 Huawei Out-Of-Bounds Write vulnerability in Huawei Emui and Magic UI

There is an Out-of-bounds Write vulnerability in some Huawei smartphone.

6.4
2021-01-13 CVE-2020-26262 Coturn Project Confused Deputy vulnerability in Coturn Project Coturn

Coturn is free open source implementation of TURN and STUN Server.

6.4
2021-01-15 CVE-2021-0222 Juniper Unspecified vulnerability in Juniper Junos 14.1X53/15.1

A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device.

6.1
2021-01-13 CVE-2021-21605 Jenkins Improper Input Validation vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.

6.0
2021-01-13 CVE-2021-21604 Jenkins Deserialization of Untrusted Data vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.

6.0
2021-01-12 CVE-2021-1719 Microsoft Improper Privilege Management vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1712.

6.0
2021-01-12 CVE-2021-1712 Microsoft Improper Privilege Management vulnerability in Microsoft products

Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1719.

6.0
2021-01-13 CVE-2020-15220 Combodo Insufficient Session Expiration vulnerability in Combodo Itop

Combodo iTop is a web based IT Service Management tool.

5.8
2021-01-12 CVE-2021-1717 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1641.

5.8
2021-01-12 CVE-2021-1641 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1717.

5.8
2021-01-12 CVE-2020-35655 Python
Fedoraproject
Out-Of-Bounds Read vulnerability in multiple products

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

5.8
2021-01-12 CVE-2020-35653 Python
Fedoraproject
Out-Of-Bounds Read vulnerability in multiple products

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

5.8
2021-01-15 CVE-2021-0209 Juniper Access of Uninitialized Pointer vulnerability in Juniper Junos Evolved 19.4/20.1

In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS).

5.7
2021-01-14 CVE-2020-29494 Dell Path Traversal vulnerability in Dell products

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM.

5.5
2021-01-13 CVE-2021-1311 Cisco Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Webex Meetings

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting.

5.5
2021-01-13 CVE-2019-4702 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

5.5
2021-01-13 CVE-2021-3139 Tcmu Runner Project Path Traversal vulnerability in Tcmu-Runner Project Tcmu-Runner

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request.

5.5
2021-01-13 CVE-2020-28374 Linux
Fedoraproject
Debian
Path Traversal vulnerability in multiple products

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.

5.5
2021-01-12 CVE-2021-23927 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.

5.5
2021-01-12 CVE-2020-27148 Tibco XXE vulnerability in Tibco EBX Add-Ons

The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack.

5.5
2021-01-12 CVE-2020-24700 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig.

5.5
2021-01-13 CVE-2021-21011 Adobe Uncontrolled Search Path Element vulnerability in Adobe Captivate

Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation.

5.1
2021-01-13 CVE-2021-21010 Adobe Uncontrolled Search Path Element vulnerability in Adobe Incopy 15.1.3

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user.

5.1
2021-01-17 CVE-2021-3113 Netsia Information Exposure vulnerability in Netsia Seba+ 0.16.1

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request.

5.0
2021-01-15 CVE-2021-21246 Onedev Project Missing Authorization vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

5.0
2021-01-15 CVE-2020-24641 Arubanetworks Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass

In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information.

5.0
2021-01-15 CVE-2021-0210 Juniper Information Exposure vulnerability in Juniper Junos

An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session.

5.0
2021-01-15 CVE-2021-0207 Juniper Interpretation Conflict vulnerability in Juniper Junos 17.3/17.4/18.1

An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain specific types of traffic which is then being redirected to an egress interface on a different VLAN.

5.0
2021-01-15 CVE-2021-0206 Juniper Null Pointer Dereference vulnerability in Juniper Junos

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS).

5.0
2021-01-15 CVE-2021-0202 Juniper Resource Exhaustion vulnerability in Juniper Junos

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge (CE) device may cause memory leak in the MPC which can cause an out of memory and MPC restarts.

5.0
2021-01-15 CVE-2021-22167 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.1.

5.0
2021-01-15 CVE-2021-22166 Gitlab Resource Exhaustion vulnerability in Gitlab 13.7.0

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method

5.0
2021-01-15 CVE-2020-35733 Erlang
Fedoraproject
Improper Certificate Validation vulnerability in multiple products

An issue was discovered in Erlang/OTP before 23.2.2.

5.0
2021-01-14 CVE-2020-29019 Fortinet Out-Of-Bounds Write vulnerability in Fortinet Fortiweb

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.

5.0
2021-01-14 CVE-2020-26732 Skyworth Missing Encryption of Sensitive Data vulnerability in Skyworth Gn542Vf BOA Firmware 0.94.13

Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

5.0
2021-01-14 CVE-2021-3138 Discourse Improper Restriction of Excessive Authentication Attempts vulnerability in Discourse

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.

5.0
2021-01-13 CVE-2021-21009 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Campaign Classic

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability.

5.0
2021-01-13 CVE-2020-14101 MI Unspecified vulnerability in MI Ax1800 Firmware and Rm1800 Firmware

The data collection SDK of the router web management interface caused the leakage of the token.

5.0
2021-01-13 CVE-2020-14098 MI Improper Synchronization vulnerability in MI Ax1800 Firmware and Rm1800 Firmware

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts.

5.0
2021-01-13 CVE-2020-14097 MI Unspecified vulnerability in MI Redmi AX6 Firmware

Wrong nginx configuration, causing specific paths to be downloaded without authorization.

5.0
2021-01-13 CVE-2021-1236 Cisco
Snort
Always-Incorrect Control Flow Implementation vulnerability in multiple products

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system.

5.0
2021-01-13 CVE-2021-1224 Cisco
Snort
Improper Privilege Management vulnerability in multiple products

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP.

5.0
2021-01-13 CVE-2021-1223 Cisco
Snort
Improper Privilege Management vulnerability in multiple products

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP.

5.0
2021-01-13 CVE-2020-9143 Huawei Improper Authentication vulnerability in Huawei Emui and Magic UI

There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure.

5.0
2021-01-13 CVE-2020-9138 Huawei Out-Of-Bounds Write vulnerability in Huawei Emui and Magic UI

There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating.

5.0
2021-01-13 CVE-2021-21252 Jqueryvalidation
Netapp
Resource Exhaustion vulnerability in multiple products

The jQuery Validation Plugin provides drop-in validation for your existing forms.

5.0
2021-01-13 CVE-2020-4600 IBM Information Exposure Through AN Error Message vulnerability in IBM Security Guardium Insights 2.0.2

IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

5.0
2021-01-13 CVE-2020-4599 IBM Information Exposure Through AN Error Message vulnerability in IBM Security Guardium Insights 2.0.2

IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

5.0
2021-01-13 CVE-2020-4596 IBM Inadequate Encryption Strength vulnerability in IBM Security Guardium Insights 2.0.2

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2021-01-13 CVE-2020-4595 IBM Inadequate Encryption Strength vulnerability in IBM Security Guardium Insights 2.0.2

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2021-01-13 CVE-2020-4594 IBM Inadequate Encryption Strength vulnerability in IBM Security Guardium Insights 2.0.2

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2021-01-13 CVE-2019-4687 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters.

5.0
2021-01-13 CVE-2019-4160 IBM Inadequate Encryption Strength vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

5.0
2021-01-13 CVE-2021-3131 1C Insufficiently Protected Credentials vulnerability in 1C 1C:Enterprise

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.

5.0
2021-01-13 CVE-2021-23900 Owasp Unspecified vulnerability in Owasp Json-Sanitizer

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input.

5.0
2021-01-13 CVE-2021-21609 Jenkins Incorrect Authorization vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.

5.0
2021-01-13 CVE-2020-5686 NEC Improper Authentication vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware

Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.

5.0
2021-01-12 CVE-2021-23123 Joomla Missing Authorization vulnerability in Joomla Joomla!

An issue was discovered in Joomla! 3.0.0 through 3.9.23.

5.0
2021-01-12 CVE-2021-1723 Microsoft
Fedoraproject
ASP.NET Core and Visual Studio Denial of Service Vulnerability
5.0
2021-01-12 CVE-2021-1678 Microsoft Unspecified vulnerability in Microsoft products

NTLM Security Feature Bypass Vulnerability

5.0
2021-01-12 CVE-2021-21469 SAP Information Exposure vulnerability in SAP Netweaver Master Data Management 7.10/7.10.750/710

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration.

5.0
2021-01-12 CVE-2021-21446 SAP Resource Exhaustion vulnerability in SAP Netweaver AS Abap

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.

5.0
2021-01-12 CVE-2020-14274 Hcltechsw Information Exposure vulnerability in Hcltechsw HCL Commerce

Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors.

5.0
2021-01-12 CVE-2020-16146 Espressif Classic Buffer Overflow vulnerability in Espressif Esp-Idf

Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c.

5.0
2021-01-11 CVE-2020-24025 Sass Lang Improper Certificate Validation vulnerability in Sass-Lang Node-Sass

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

5.0
2021-01-11 CVE-2020-13559 Freyrscada Incorrect Comparison vulnerability in Freyrscada Iec-60879-5-104 Server Simulator 21.04.028

A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028.

5.0
2021-01-11 CVE-2021-23253 Opera Unspecified vulnerability in Opera Mini

Opera Mini for Android below 53.1 displays URL left-aligned in the address field.

5.0
2021-01-11 CVE-2019-3405 360 Improper Input Validation vulnerability in 360 360F5 Firmware

In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router wireless by DoS.

5.0
2021-01-11 CVE-2018-11246 K7Computing Memory Leak vulnerability in K7Computing products

K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.

5.0
2021-01-11 CVE-2020-17508 Apache Information Exposure vulnerability in Apache Traffic Server

The ATS ESI plugin has a memory disclosure vulnerability.

5.0
2021-01-11 CVE-2021-3116 Proxy PY Project Unspecified vulnerability in Proxy.Py Project Proxy.Py

before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).

5.0
2021-01-11 CVE-2021-0309 Google Unspecified vulnerability in Google Android

In onCreate of grantCredentialsPermissionActivity, there is a confused deputy.

4.9
2021-01-11 CVE-2021-0304 Google Improper Privilege Management vulnerability in Google Android

In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent.

4.9
2021-01-15 CVE-2021-3162 Docker Improper Privilege Management vulnerability in Docker

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.

4.6
2021-01-15 CVE-2021-21237 GIT Large File Storage Project Untrusted Search Path vulnerability in GIT Large File Storage Project GIT Large File Storage

Git LFS is a command line extension for managing large files with Git.

4.6
2021-01-14 CVE-2020-16119 Linux
Canonical
USE After Free vulnerability in multiple products

Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released.

4.6
2021-01-13 CVE-2020-9209 Huawei Improper Privilege Management vulnerability in Huawei Smc2.0 Firmware

There is a privilege escalation vulnerability in SMC2.0 product.

4.6
2021-01-12 CVE-2021-3134 Mubu Improper Privilege Management vulnerability in Mubu 2.2.1

Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878.

4.6
2021-01-12 CVE-2021-1690 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1686, CVE-2021-1687.

4.6
2021-01-12 CVE-2021-1689 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Multipoint Management Elevation of Privilege Vulnerability

4.6
2021-01-12 CVE-2021-1688 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1693.

4.6
2021-01-12 CVE-2021-1687 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1686, CVE-2021-1690.

4.6
2021-01-12 CVE-2021-1686 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1681, CVE-2021-1687, CVE-2021-1690.

4.6
2021-01-12 CVE-2021-1685 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1642.

4.6
2021-01-12 CVE-2021-1682 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

4.6
2021-01-12 CVE-2021-1681 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10

Windows WalletService Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1686, CVE-2021-1687, CVE-2021-1690.

4.6
2021-01-12 CVE-2021-1680 Microsoft Improper Privilege Management vulnerability in Microsoft products

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1651.

4.6
2021-01-12 CVE-2021-1662 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Event Tracing Elevation of Privilege Vulnerability

4.6
2021-01-12 CVE-2021-1661 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Installer Elevation of Privilege Vulnerability

4.6
2021-01-12 CVE-2021-1659 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1688, CVE-2021-1693.

4.6
2021-01-12 CVE-2021-1642 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685.

4.6
2021-01-11 CVE-2021-0301 Google Out-Of-Bounds Write vulnerability in Google Android

In ged, there is a possible out of bounds write due to a missing bounds check.

4.6
2021-01-11 CVE-2021-0342 Google USE After Free vulnerability in Google Android

In tun_get_user of tun.c, there is possible memory corruption due to a use after free.

4.6
2021-01-11 CVE-2018-9333 K7Computing Classic Buffer Overflow vulnerability in K7Computing products

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow.

4.6
2021-01-11 CVE-2018-9332 K7Computing Improper Privilege Management vulnerability in K7Computing products

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control.

4.6
2021-01-11 CVE-2018-8726 K7Computing Classic Buffer Overflow vulnerability in K7Computing products

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow.

4.6
2021-01-11 CVE-2018-8725 K7Computing Classic Buffer Overflow vulnerability in K7Computing products

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow.

4.6
2021-01-11 CVE-2018-8724 K7Computing Incorrect Authorization vulnerability in K7Computing products

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control.

4.6
2021-01-11 CVE-2018-8044 K7Computing Incorrect Authorization vulnerability in K7Computing products

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control.

4.6
2021-01-13 CVE-2021-20616 Skygroup Untrusted Search Path vulnerability in Skygroup Skysea Client View 12.200.12N/15.210.05F

Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

4.4
2021-01-13 CVE-2020-35686 Soundresearch Untrusted Search Path vulnerability in Soundresearch Dchu Model Software Component Modules

The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL.

4.4
2021-01-12 CVE-2021-23240 Sudo Project
Netapp
Fedoraproject
Link Following vulnerability in multiple products

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target.

4.4
2021-01-11 CVE-2021-0319 Google Incorrect Authorization vulnerability in Google Android

In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass.

4.4
2021-01-11 CVE-2021-0317 Google Improper Privilege Management vulnerability in Google Android

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error.

4.4
2021-01-11 CVE-2021-0315 Google Improper Restriction of Rendered UI Layers OR Frames vulnerability in Google Android

In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack.

4.4
2021-01-11 CVE-2020-27059 Google Improper Privilege Management vulnerability in Google Android

In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window.

4.4
2021-01-11 CVE-2020-17534 Apache Race Condition vulnerability in Apache Html/Java API 1.7

There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7.

4.4
2021-01-11 CVE-2020-35483 Anydesk Uncontrolled Search Path Element vulnerability in Anydesk 5.4.2/6.0.8

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file.

4.4
2021-01-17 CVE-2020-15864 Quali Cross-Site Scripting vulnerability in Quali Cloudshell 9.3

An issue was discovered in Quali CloudShell 9.3.

4.3
2021-01-15 CVE-2021-0205 Juniper Unspecified vulnerability in Juniper Junos 17.3/17.4/18.1

When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic.

4.3
2021-01-15 CVE-2021-0203 Juniper Unspecified vulnerability in Juniper Junos 15.1/16.1

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition.

4.3
2021-01-15 CVE-2020-16255 Owncloud Cross-Site Scripting vulnerability in Owncloud

ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'

4.3
2021-01-15 CVE-2021-22171 Gitlab Improper Authentication vulnerability in Gitlab

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link

4.3
2021-01-14 CVE-2020-27219 Eclipse Cross-Site Scripting vulnerability in Eclipse Hawkbit

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute.

4.3
2021-01-14 CVE-2020-16046 Google Cross-Site Scripting vulnerability in Google Chrome

Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

4.3
2021-01-14 CVE-2021-24122 Apache
Debian
Information Exposure vulnerability in multiple products

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations.

4.3
2021-01-14 CVE-2020-28470 Scully Injection vulnerability in Scully

This affects the package @scullyio/scully before 1.0.9.

4.3
2021-01-13 CVE-2021-1310 Cisco Open Redirect vulnerability in Cisco Webex Meetings

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection.

4.3
2021-01-13 CVE-2021-1246 Cisco Cross-Site Scripting vulnerability in Cisco Finesse

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism.

4.3
2021-01-13 CVE-2021-1245 Cisco Cross-Site Scripting vulnerability in Cisco Finesse

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism.

4.3
2021-01-13 CVE-2021-1242 Cisco Unspecified vulnerability in Cisco Webex Teams

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface.

4.3
2021-01-13 CVE-2020-4597 IBM Missing Encryption of Sensitive Data vulnerability in IBM Security Guardium Insights 2.0.2

IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies.

4.3
2021-01-13 CVE-2020-35687 PHP Fusion Cross-Site Request Forgery (CSRF) vulnerability in PHP-Fusion PHPfusion 9.03.90

PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.

4.3
2021-01-13 CVE-2021-21613 Jenkins Cross-Site Scripting vulnerability in Jenkins Tics 2020.3.0.6

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.

4.3
2021-01-13 CVE-2021-21610 Jenkins Cross-Site Scripting vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.

4.3
2021-01-12 CVE-2021-23936 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows XSS via the subject of a task.

4.3
2021-01-12 CVE-2021-23935 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.

4.3
2021-01-12 CVE-2021-23934 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.

4.3
2021-01-12 CVE-2021-23933 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.

4.3
2021-01-12 CVE-2021-23932 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.

4.3
2021-01-12 CVE-2021-23931 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows XSS via an inline binary file.

4.3
2021-01-12 CVE-2021-23930 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.

4.3
2021-01-12 CVE-2021-23929 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.

4.3
2021-01-12 CVE-2021-23928 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.

4.3
2021-01-12 CVE-2021-23125 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! 3.1.0 through 3.9.23.

4.3
2021-01-12 CVE-2021-23124 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! 3.9.0 through 3.9.23.

4.3
2021-01-12 CVE-2020-28395 Siemens USE of Hard-Coded Cryptographic KEY vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X-300 switch family (incl.

4.3
2021-01-12 CVE-2020-28391 Siemens USE of Hard-Coded Credentials vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X-200 switch family (incl.

4.3
2021-01-12 CVE-2020-26981 Siemens XXE vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0).

4.3
2021-01-12 CVE-2021-1696 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Information Disclosure Vulnerability

4.3
2021-01-12 CVE-2021-1679 Microsoft Unspecified vulnerability in Microsoft products

Windows CryptoAPI Denial of Service Vulnerability

4.3
2021-01-12 CVE-2021-1645 Microsoft Unspecified vulnerability in Microsoft products

Windows Docker Information Disclosure Vulnerability

4.3
2021-01-12 CVE-2020-36190 Rails Admin Project Cross-Site Scripting vulnerability in Rails Admin Project Rails Admin

RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.

4.3
2021-01-12 CVE-2021-21464 SAP Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

4.3
2021-01-12 CVE-2020-26713 Evms Cross-Site Scripting vulnerability in Evms Redcap 10.0.20/10.3.4

REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort.

4.3
2021-01-12 CVE-2020-25657 M2Crypto Project
Redhat
Fedoraproject
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext.
4.3
2021-01-12 CVE-2020-24701 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).

4.3
2021-01-11 CVE-2021-21241 Flask Security TOO Project Cross-Site Request Forgery (CSRF) vulnerability in Flask-Security-Too Project Flask-Security-Too

The Python "Flask-Security-Too" package is used for adding security features to your Flask application.

4.3
2021-01-11 CVE-2020-23631 Wdja Cross-Site Scripting vulnerability in Wdja CMS 1.5

Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.

4.3
2021-01-11 CVE-2020-26298 Redcarpet Project Injection vulnerability in Redcarpet Project Redcarpet

Redcarpet is a Ruby library for Markdown processing.

4.3
2021-01-11 CVE-2020-25659 Python Cryptography Project Covert Timing Channel vulnerability in Python-Cryptography Project Python-Cryptography 3.2

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

4.3
2021-01-11 CVE-2018-11008 K7Computing Improper Privilege Management vulnerability in K7Computing products

An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

4.3
2021-01-11 CVE-2018-11007 K7Computing Out-Of-Bounds Write vulnerability in K7Computing products

A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

4.3
2021-01-11 CVE-2018-11005 K7Computing Out-Of-Bounds Read vulnerability in K7Computing products

A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

4.3
2021-01-11 CVE-2020-23849 Jsoneditoronline Cross-Site Scripting vulnerability in Jsoneditoronline Jsoneditor

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.

4.3
2021-01-11 CVE-2020-23644 Jizhicms Cross-Site Scripting vulnerability in Jizhicms 1.7.1

XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.

4.3
2021-01-11 CVE-2020-23643 Jizhicms Cross-Site Scripting vulnerability in Jizhicms 1.7.1

XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.

4.3
2021-01-11 CVE-2020-26800 Ethereum Out-Of-Bounds Write vulnerability in Ethereum Aleth

A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service.

4.3
2021-01-11 CVE-2020-17509 Apache Http Request Smuggling vulnerability in Apache Traffic Server

ATS negative cache option is vulnerable to a cache poisoning attack.

4.3
2021-01-11 CVE-2020-35726 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter.

4.3
2021-01-11 CVE-2020-35725 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter.

4.3
2021-01-11 CVE-2020-35722 Quest Cross-Site Request Forgery (CSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file.

4.3
2021-01-11 CVE-2020-35719 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter.

4.3
2021-01-11 CVE-2020-35206 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter.

4.3
2021-01-11 CVE-2020-35204 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter.

4.3
2021-01-11 CVE-2020-35203 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter.

4.3
2021-01-15 CVE-2021-21250 Onedev Project File and Directory Information Exposure vulnerability in Onedev Project Onedev

OneDev is an all-in-one devops platform.

4.0
2021-01-15 CVE-2020-35749 Presstigers Path Traversal vulnerability in Presstigers Simple Board JOB

Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.

4.0
2021-01-15 CVE-2021-22168 Gitlab Resource Exhaustion vulnerability in Gitlab

A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.

4.0
2021-01-15 CVE-2020-26414 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.4.

4.0
2021-01-15 CVE-2021-23837 Flatcore SQL Injection vulnerability in Flatcore

An issue was discovered in flatCore before 2.0.0 build 139.

4.0
2021-01-15 CVE-2021-23835 Flatcore Improper Input Validation vulnerability in Flatcore

An issue was discovered in flatCore before 2.0.0 build 139.

4.0
2021-01-13 CVE-2021-1267 Cisco XML Entity Expansion vulnerability in Cisco Firepower Management Center

A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

4.0
2021-01-13 CVE-2021-1226 Cisco Information Exposure Through LOG Files vulnerability in Cisco products

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp; Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.

4.0
2021-01-13 CVE-2021-1145 Cisco Link Following vulnerability in Cisco Staros

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device.

4.0
2021-01-13 CVE-2021-1143 Cisco Incorrect Authorization vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2

A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system.

4.0
2021-01-13 CVE-2020-15219 Combodo Information Exposure Through AN Error Message vulnerability in Combodo Itop

Combodo iTop is a web based IT Service Management tool.

4.0
2021-01-13 CVE-2021-21607 Jenkins Allocation of Resources Without Limits OR Throttling vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.

4.0
2021-01-13 CVE-2021-21606 Jenkins Improper Input Validation vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.

4.0
2021-01-13 CVE-2021-21602 Jenkins Link Following vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.

4.0
2021-01-12 CVE-2021-1692 Microsoft Unspecified vulnerability in Microsoft products

Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1691.

4.0
2021-01-12 CVE-2021-1691 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1692.

4.0
2021-01-12 CVE-2020-4079 Combodo Information Exposure vulnerability in Combodo Itop

Combodo iTop is a web based IT Service Management tool.

4.0
2021-01-12 CVE-2021-21471 SAP Unspecified vulnerability in SAP Cla-Assistant

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user.

4.0
2021-01-12 CVE-2021-21468 SAP Missing Authorization vulnerability in SAP Business Warehouse

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.

4.0
2021-01-12 CVE-2021-21467 SAP Missing Authorization vulnerability in SAP Banking Services 400/450/500

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

4.0
2021-01-12 CVE-2020-4674 IBM Insecure Storage of Sensitive Information vulnerability in IBM Workload Automation 9.5

IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system.

4.0
2021-01-12 CVE-2020-4673 IBM Insecure Storage of Sensitive Information vulnerability in IBM Workload Automation 9.5

IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system.

4.0
2021-01-12 CVE-2020-14341 Redhat Covert Timing Channel vulnerability in Redhat Single Sign-On

The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation.

4.0
2021-01-11 CVE-2020-4869 IBM Classic Buffer Overflow vulnerability in IBM MQ Appliance 9.2.0.0

IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow.

4.0
2021-01-11 CVE-2020-13922 Apache Incorrect Default Permissions vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1/1.3.1

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

4.0

78 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-01-12 CVE-2021-21470 SAP XXE vulnerability in SAP Enterprise Performance Management 1010/2.8

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configuration files.

3.6
2021-01-15 CVE-2021-0220 Juniper Insufficiently Protected Credentials vulnerability in Juniper Junos Space

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI.

3.5
2021-01-15 CVE-2020-35748 Foliovision Cross-Site Scripting vulnerability in Foliovision FV Flowplayer Video Player

Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.

3.5
2021-01-15 CVE-2019-16961 Solarwinds Cross-Site Scripting vulnerability in Solarwinds web Help Desk 12.7.0

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.

3.5
2021-01-15 CVE-2021-23838 Flatcore Cross-Site Scripting vulnerability in Flatcore

An issue was discovered in flatCore before 2.0.0 build 139.

3.5
2021-01-15 CVE-2021-23836 Flatcore Cross-Site Scripting vulnerability in Flatcore

An issue was discovered in flatCore before 2.0.0 build 139.

3.5
2021-01-15 CVE-2020-35582 Enviragallery Cross-Site Scripting vulnerability in Enviragallery Envira Gallery

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.

3.5
2021-01-15 CVE-2020-35581 Enviragallery Cross-Site Scripting vulnerability in Enviragallery Envira Gallery

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.

3.5
2021-01-14 CVE-2020-6777 Bosch Cross-Site Scripting vulnerability in Bosch Praesensa Firmware and Praesideo Firmware

A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user.

3.5
2021-01-14 CVE-2020-29587 Simplcommerce Cross-Site Scripting vulnerability in Simplcommerce 1.0.0

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals.

3.5
2021-01-14 CVE-2020-26733 Skyworth Cross-Site Scripting vulnerability in Skyworth Gn542Vf Firmware 2.0.0.16

Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.

3.5
2021-01-13 CVE-2021-1239 Cisco Cross-Site Scripting vulnerability in Cisco Firepower Management Center

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system.

3.5
2021-01-13 CVE-2021-1238 Cisco Cross-Site Scripting vulnerability in Cisco Firepower Management Center

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system.

3.5
2021-01-13 CVE-2021-1158 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

3.5
2021-01-13 CVE-2021-1157 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

3.5
2021-01-13 CVE-2021-1156 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

3.5
2021-01-13 CVE-2021-1155 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

3.5
2021-01-13 CVE-2021-1154 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

3.5
2021-01-13 CVE-2021-1153 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

3.5
2021-01-13 CVE-2021-1152 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

3.5
2021-01-13 CVE-2021-1151 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

3.5
2021-01-13 CVE-2021-1130 Cisco Cross-Site Scripting vulnerability in Cisco DNA Center

A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.

3.5
2021-01-13 CVE-2021-1127 Cisco Cross-Site Scripting vulnerability in Cisco Enterprise NFV Infrastructure Software 3.9.1

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.

3.5
2021-01-13 CVE-2020-15221 Combodo Cross-Site Scripting vulnerability in Combodo Itop

Combodo iTop is a web based IT Service Management tool.

3.5
2021-01-13 CVE-2020-15218 Combodo Insufficient Session Expiration vulnerability in Combodo Itop

Combodo iTop is a web based IT Service Management tool.

3.5
2021-01-13 CVE-2021-21611 Jenkins Cross-Site Scripting vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.

3.5
2021-01-13 CVE-2021-21608 Jenkins Cross-Site Scripting vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.

3.5
2021-01-13 CVE-2021-21603 Jenkins Cross-Site Scripting vulnerability in Jenkins

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.

3.5
2021-01-13 CVE-2020-36191 Jupyter Cross-Site Request Forgery (CSRF) vulnerability in Jupyter Jupyterhub 1.1.0

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

3.5
2021-01-12 CVE-2021-1708 Microsoft Unspecified vulnerability in Microsoft products

Windows GDI+ Information Disclosure Vulnerability

3.5
2021-01-12 CVE-2020-13116 Carbonite Cross-Site Scripting vulnerability in Carbonite Server Backup Portal 8.81/8.85

OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation.

3.5
2021-01-12 CVE-2021-21447 SAP Cross-Site Scripting vulnerability in SAP Businessobjects Business Intelligence 410/420

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.

3.5
2021-01-12 CVE-2021-21445 SAP Http Request Smuggling vulnerability in SAP Commerce Cloud

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user.

3.5
2021-01-12 CVE-2020-4838 IBM Cross-Site Scripting vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting.

3.5
2021-01-11 CVE-2020-35727 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter.

3.5
2021-01-11 CVE-2020-35724 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter).

3.5
2021-01-11 CVE-2020-35723 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter.

3.5
2021-01-11 CVE-2020-35721 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter.

3.5
2021-01-11 CVE-2020-35720 Quest Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200

** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file.

3.5
2021-01-15 CVE-2021-0217 Juniper Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Juniper Junos

A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to exhaustion of DMA memory causing a Denial of Service (DoS).

3.3
2021-01-15 CVE-2021-0208 Juniper Improper Input Validation vulnerability in Juniper Junos

An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition.

3.3
2021-01-13 CVE-2020-1866 Huawei Out-Of-Bounds Read vulnerability in Huawei products

There is an out-of-bounds read vulnerability in several products.

3.3
2021-01-13 CVE-2020-1865 Huawei Out-Of-Bounds Read vulnerability in Huawei products

There is an out-of-bounds read vulnerability in Huawei CloudEngine products.

3.3
2021-01-13 CVE-2021-1131 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload.

3.3
2021-01-13 CVE-2021-3031 Paloaltonetworks Information Exposure vulnerability in Paloaltonetworks Pan-Os

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created.

3.3
2021-01-15 CVE-2021-0221 Juniper Infinite Loop vulnerability in Juniper Junos 17.3/17.4/18.1

In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic.

2.9
2021-01-15 CVE-2021-0215 Juniper Missing Release of Resource After Effective Lifetime vulnerability in Juniper Junos 14.1X53/15.1X49/15.1X53

On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart.

2.9
2021-01-14 CVE-2021-22132 Elastic Insufficiently Protected Credentials vulnerability in Elastic Elasticsearch 7.10.0/7.9.2

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API.

2.1
2021-01-14 CVE-2021-21722 ZTE Information Exposure vulnerability in ZTE Zxv10 B860A Firmware V2.1Tv0032.1.1.04Jiangsutelecom

A ZTE Smart STB is impacted by an information leak vulnerability.

2.1
2021-01-14 CVE-2020-27368 Totolink Files OR Directories Accessible TO External Parties vulnerability in Totolink A702R Firmware 1.0.0B20161227.1023

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.

2.1
2021-01-13 CVE-2013-1053 Canonical USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Canonical Remote-Login-Service

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure.

2.1
2021-01-13 CVE-2021-1258 Cisco Improper Privilege Management vulnerability in Cisco Anyconnect Secure Mobility Client

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device.

2.1
2021-01-13 CVE-2021-1126 Cisco Insufficiently Protected Credentials vulnerability in Cisco Firepower Management Center

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server.

2.1
2021-01-13 CVE-2020-9203 Huawei Resource Exhaustion vulnerability in Huawei P30 Firmware

There is a resource management errors vulnerability in Huawei P30.

2.1
2021-01-13 CVE-2020-4604 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium Insights 2.0.2

IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user.

2.1
2021-01-13 CVE-2020-4602 IBM Insufficiently Protected Credentials vulnerability in IBM Security Guardium Insights 2.0.2

IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user.

2.1
2021-01-13 CVE-2021-3032 Paloaltonetworks Information Exposure Through LOG Files vulnerability in Paloaltonetworks Pan-Os

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log.

2.1
2021-01-13 CVE-2021-21614 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Bumblebee HP ALM

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

2.1
2021-01-13 CVE-2021-21612 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Tracetronic Ecu-Test

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

2.1
2021-01-12 CVE-2020-28390 Siemens Insufficiently Protected Credentials vulnerability in Siemens Opcenter Execution Core 8.2/8.3

A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3).

2.1
2021-01-12 CVE-2021-1725 Microsoft Information Exposure vulnerability in Microsoft BOT Framework Software Development KIT

Bot Framework SDK Information Disclosure Vulnerability

2.1
2021-01-12 CVE-2021-1699 Microsoft Unspecified vulnerability in Microsoft products

Windows (modem.sys) Information Disclosure Vulnerability

2.1
2021-01-12 CVE-2021-1684 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1683.

2.1
2021-01-12 CVE-2021-1683 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1684.

2.1
2021-01-12 CVE-2021-1677 Microsoft Authentication Bypass BY Spoofing vulnerability in Microsoft Azure Kubernetes Service

Azure Active Directory Pod Identity Spoofing Vulnerability

2.1
2021-01-12 CVE-2021-1676 Microsoft Unspecified vulnerability in Microsoft products

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

2.1
2021-01-12 CVE-2021-1672 Microsoft Unspecified vulnerability in Microsoft products

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1670.

2.1
2021-01-12 CVE-2021-1670 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1672.

2.1
2021-01-12 CVE-2021-1663 Microsoft Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1670, CVE-2021-1672.

2.1
2021-01-12 CVE-2021-1656 Microsoft Unspecified vulnerability in Microsoft products

TPM Device Driver Information Disclosure Vulnerability

2.1
2021-01-12 CVE-2021-1638 Microsoft Incorrect Authorization vulnerability in Microsoft products

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683, CVE-2021-1684.

2.1
2021-01-12 CVE-2021-1637 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Query Information Disclosure Vulnerability

2.1
2021-01-12 CVE-2021-21448 SAP Insufficiently Protected Credentials vulnerability in SAP Graphical User Interface 7.60

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory.

2.1
2021-01-11 CVE-2021-0321 Google Information Exposure vulnerability in Google Android 11.0

In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determine if a package is installed due to side channel information disclosure.

2.1
2021-01-11 CVE-2020-24003 Microsoft Unspecified vulnerability in Microsoft Skype 8.59.0.77

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.

2.1
2021-01-12 CVE-2021-23239 Sudo Project
Netapp
Fedoraproject
Link Following vulnerability in multiple products

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

1.9
2021-01-11 CVE-2021-0322 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/9.0

In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation.

1.9
2021-01-11 CVE-2021-0320 Google Race Condition vulnerability in Google Android 10.0/11.0

In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition.

1.9