Weekly Vulnerabilities Reports > January 18 to 24, 2021
Overview
359 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 65 high severity vulnerabilities. This weekly summary report vulnerabilities in 1368 products from 89 vendors including Oracle, Cisco, Netapp, Qualcomm, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Read", "Out-of-bounds Write", and "Path Traversal".
- 291 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 84 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 227 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 139 reported vulnerabilities.
- Qualcomm has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
20 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-01-21 | CVE-2020-3691 | Qualcomm | Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |
2021-01-21 | CVE-2020-3686 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |
2021-01-21 | CVE-2020-11225 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 10.0 |
2021-01-21 | CVE-2020-11167 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 10.0 |
2021-01-21 | CVE-2020-11143 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |
2021-01-21 | CVE-2020-11140 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Out of bound memory access during music playback with ALAC modified content due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |
2021-01-21 | CVE-2020-11138 | Qualcomm | Access of Uninitialized Pointer vulnerability in Qualcomm products Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |
2021-01-21 | CVE-2020-11137 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |
2021-01-21 | CVE-2020-11136 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |
2021-01-18 | CVE-2021-25294 | Opencats | Deserialization of Untrusted Data vulnerability in Opencats OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. | 10.0 |
2021-01-20 | CVE-2021-1142 | Cisco | OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 9.8 |
2021-01-20 | CVE-2021-1140 | Cisco | OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 9.8 |
2021-01-20 | CVE-2021-1138 | Cisco | OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 9.8 |
2021-01-20 | CVE-2021-1301 | Cisco | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. | 9.8 |
2021-01-20 | CVE-2021-1300 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. | 9.8 |
2021-01-20 | CVE-2021-3110 | Prestashop | SQL Injection vulnerability in Prestashop 1.7.7.0 The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. | 9.8 |
2021-01-19 | CVE-2021-22850 | Hgiga | Missing Authentication for Critical Function vulnerability in Hgiga Oaklouds Portal HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. | 9.8 |
2021-01-19 | CVE-2021-3177 | Python Fedoraproject Netapp Debian Oracle | Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. | 9.8 |
2021-01-21 | CVE-2020-8570 | Kubernetes | Path Traversal vulnerability in Kubernetes Java Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. | 9.1 |
2021-01-22 | CVE-2020-12513 | Pepperl Fuchs | OS Command Injection vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. | 9.0 |
65 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-01-20 | CVE-2021-1247 | Cisco | SQL Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. | 8.8 |
2021-01-20 | CVE-2021-1141 | Cisco | OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |
2021-01-20 | CVE-2021-1139 | Cisco | OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |
2021-01-20 | CVE-2021-1302 | Cisco | Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. | 8.8 |
2021-01-20 | CVE-2021-1299 | Cisco | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 8.8 |
2021-01-20 | CVE-2021-1298 | Cisco | Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 8.8 |
2021-01-20 | CVE-2021-1272 | Cisco | Server-Side Request Forgery (SSRF) vulnerability in Cisco Data Center Network Manager A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. | 8.8 |
2021-01-20 | CVE-2021-1264 | Cisco | OS Command Injection vulnerability in Cisco DNA Center A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. | 8.8 |
2021-01-19 | CVE-2020-27733 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | 8.8 |
2021-01-20 | CVE-2021-1353 | Cisco | Memory Leak vulnerability in Cisco Staros A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2021-01-20 | CVE-2021-1279 | Cisco | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. | 8.6 |
2021-01-20 | CVE-2021-1274 | Cisco | NULL Pointer Dereference vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. | 8.6 |
2021-01-20 | CVE-2021-1273 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. | 8.6 |
2021-01-20 | CVE-2021-2104 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). | 8.2 |
2021-01-20 | CVE-2021-2103 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). | 8.2 |
2021-01-20 | CVE-2021-2102 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). | 8.2 |
2021-01-20 | CVE-2020-25682 | Thekelleys Fedoraproject Debian | Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in dnsmasq before 2.83. | 8.1 |
2021-01-20 | CVE-2020-25681 | Thekelleys Fedoraproject Debian | Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 8.1 |
2021-01-19 | CVE-2021-20190 | Fasterxml Netapp Apache Debian Oracle | Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in jackson-databind before 2.9.10.7. | 8.1 |
2021-01-19 | CVE-2021-22498 | Microfocus | XXE vulnerability in Microfocus Application Lifecycle Management XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. | 8.1 |
2021-01-19 | CVE-2021-3182 | Dlink | Out-of-bounds Write vulnerability in Dlink Dcs-5220 Firmware D-Link DCS-5220 devices have a buffer overflow. | 8.0 |
2021-01-20 | CVE-2020-26278 | Weave | Execution with Unnecessary Privileges vulnerability in Weave Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. | 7.9 |
2021-01-21 | CVE-2020-3685 | Qualcomm | Double Free vulnerability in Qualcomm products Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.8 |
2021-01-20 | CVE-2021-1263 | Cisco | Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 7.8 |
2021-01-20 | CVE-2021-1262 | Cisco | Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 7.8 |
2021-01-20 | CVE-2021-1261 | Cisco | Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 7.8 |
2021-01-20 | CVE-2021-1260 | Cisco | Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 7.8 |
2021-01-19 | CVE-2020-14409 | Libsdl Fedoraproject Debian Starwindsoftware | Integer Overflow or Wraparound vulnerability in multiple products SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. | 7.8 |
2021-01-21 | CVE-2020-4958 | IBM | Missing Authentication for Critical Function vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | 7.5 |
2021-01-21 | CVE-2020-11216 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Buffer over read can happen in video driver when playing clip with atomsize having value UINT32_MAX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 |
2021-01-21 | CVE-2020-11213 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.5 |
2021-01-21 | CVE-2020-11212 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 7.5 |
2021-01-21 | CVE-2020-11197 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Possible integer overflow can occur when stream info update is called when total number of streams detected are zero while parsing TS clip with invalid data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 |
2021-01-21 | CVE-2020-27221 | Eclipse | Out-of-bounds Write vulnerability in Eclipse Openj9 In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. | 7.5 |
2021-01-20 | CVE-2021-1241 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. | 7.5 |
2021-01-20 | CVE-2021-1312 | Cisco | Resource Exhaustion vulnerability in Cisco Elastic Services Controller A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. | 7.5 |
2021-01-20 | CVE-2021-1278 | Cisco | Link Following vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. | 7.5 |
2021-01-20 | CVE-2021-2108 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). | 7.5 |
2021-01-20 | CVE-2021-2075 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). | 7.5 |
2021-01-20 | CVE-2021-2069 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4/8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.5 |
2021-01-20 | CVE-2021-2068 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4/8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.5 |
2021-01-20 | CVE-2021-2067 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4/8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.5 |
2021-01-20 | CVE-2021-2066 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4/8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.5 |
2021-01-20 | CVE-2021-2064 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). | 7.5 |
2021-01-20 | CVE-2021-2047 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). | 7.5 |
2021-01-20 | CVE-2021-2029 | Oracle | Unspecified vulnerability in Oracle Scripting Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). | 7.5 |
2021-01-20 | CVE-2021-1994 | Oracle | Unspecified vulnerability in Oracle Enterprise Repository and Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 7.5 |
2021-01-20 | CVE-2020-14756 | Oracle | Unspecified vulnerability in Oracle Coherence and Utilities Framework Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). | 7.5 |
2021-01-20 | CVE-2021-23326 | THE Guild | Command Injection vulnerability in The-Guild Graphql-Tools This affects the package @graphql-tools/git-loader before 6.2.6. | 7.5 |
2021-01-19 | CVE-2020-28480 | Jointjs | Unspecified vulnerability in Jointjs The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). | 7.5 |
2021-01-19 | CVE-2020-28472 | Amazon | Unspecified vulnerability in Amazon products This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. | 7.5 |
2021-01-19 | CVE-2021-22851 | Hgiga | SQL Injection vulnerability in Hgiga Oaklouds Openid 2.0/3.0 HGiga EIP product contains SQL Injection vulnerability. | 7.5 |
2021-01-18 | CVE-2020-36193 | PHP Fedoraproject Debian Drupal | Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | 7.5 |
2021-01-20 | CVE-2021-1280 | Cisco | Uncontrolled Search Path Element vulnerability in Cisco Advanced Malware Protection for Endpoints and Immunet A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. | 7.3 |
2021-01-20 | CVE-2021-1133 | Cisco | Incomplete Blacklist vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 7.3 |
2021-01-21 | CVE-2020-11185 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.2 |
2021-01-21 | CVE-2020-11183 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2021-01-21 | CVE-2020-11181 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 7.2 |
2021-01-21 | CVE-2020-11180 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 7.2 |
2021-01-21 | CVE-2020-11150 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2021-01-21 | CVE-2020-11149 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Out of bound access due to usage of an out-of-range pointer offset in the camera driver. | 7.2 |
2021-01-21 | CVE-2020-11148 | Qualcomm | Use After Free vulnerability in Qualcomm products Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.2 |
2021-01-20 | CVE-2021-1248 | Cisco | SQL Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. | 7.2 |
2021-01-20 | CVE-2020-4688 | IBM | Command Injection vulnerability in IBM Security Guardium 10.6/11.2 IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. | 7.2 |
2021-01-20 | CVE-2021-2048 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 7.0 |
227 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-01-21 | CVE-2020-11179 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. | 6.9 |
2021-01-21 | CVE-2020-11152 | Qualcomm | Race Condition vulnerability in Qualcomm products Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 6.9 |
2021-01-21 | CVE-2020-11151 | Qualcomm | Use After Free vulnerability in Qualcomm products Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 6.9 |
2021-01-22 | CVE-2020-12525 | Emerson Pepperl Fuchs Wago Weidmueller | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 6.8 |
2021-01-22 | CVE-2020-12511 | Pepperl Fuchs | Cross-Site Request Forgery (CSRF) vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. | 6.8 |
2021-01-20 | CVE-2021-1259 | Cisco | Path Traversal vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. | 6.8 |
2021-01-20 | CVE-2021-1257 | Cisco Mcafee | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. | 6.8 |
2021-01-20 | CVE-2020-28452 | Softwaremill | Cross-Site Request Forgery (CSRF) vulnerability in Softwaremill Akka-Http-Session This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. | 6.8 |
2021-01-20 | CVE-2021-2122 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). | 6.8 |
2021-01-20 | CVE-2021-2081 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 6.8 |
2021-01-20 | CVE-2021-2076 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2021-01-20 | CVE-2021-2072 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 6.8 |
2021-01-20 | CVE-2021-2071 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). | 6.8 |
2021-01-20 | CVE-2021-2070 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2021-01-20 | CVE-2021-2065 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2021-01-20 | CVE-2021-2060 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2021-01-20 | CVE-2021-2058 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). | 6.8 |
2021-01-20 | CVE-2021-2055 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2021-01-20 | CVE-2021-2046 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 6.8 |
2021-01-20 | CVE-2021-2041 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). | 6.8 |
2021-01-20 | CVE-2021-2036 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2021-01-20 | CVE-2021-2031 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2021-01-20 | CVE-2021-2030 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2021-01-20 | CVE-2021-2028 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 6.8 |
2021-01-20 | CVE-2021-2024 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2021-01-20 | CVE-2021-2014 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). | 6.8 |
2021-01-20 | CVE-2020-35217 | Eclipse | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse Vert.X-Web 4.0.0 Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. | 6.8 |
2021-01-19 | CVE-2020-28482 | Fastify | Cross-Site Request Forgery (CSRF) vulnerability in Fastify Fastify-Csrf This affects the package fastify-csrf before 3.0.0. | 6.8 |
2021-01-19 | CVE-2020-23342 | Anchorcms | Cross-Site Request Forgery (CSRF) vulnerability in Anchorcms Anchor CMS 0.12.7 A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. | 6.8 |
2021-01-18 | CVE-2021-25178 | Opendesign Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. | 6.8 |
2021-01-18 | CVE-2021-25177 | Opendesign Siemens | Type Confusion vulnerability in multiple products An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. | 6.8 |
2021-01-18 | CVE-2021-25176 | Opendesign Siemens | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. | 6.8 |
2021-01-18 | CVE-2021-25175 | Opendesign Siemens | Incorrect Type Conversion or Cast vulnerability in multiple products An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. | 6.8 |
2021-01-18 | CVE-2021-25174 | Opendesign Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. | 6.8 |
2021-01-18 | CVE-2021-25173 | Opendesign Siemens | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. | 6.8 |
2021-01-22 | CVE-2021-22847 | Hyweb | SQL Injection vulnerability in Hyweb Hycms-J1 7.4.3 Hyweb HyCMS-J1's API fail to filter POST request parameters. | 6.5 |
2021-01-21 | CVE-2020-26295 | Openmage | Path Traversal vulnerability in Openmage OpenMage is a community-driven alternative to Magento CE. | 6.5 |
2021-01-21 | CVE-2020-26285 | Openmage | Unrestricted Upload of File with Dangerous Type vulnerability in Openmage OpenMage is a community-driven alternative to Magento CE. | 6.5 |
2021-01-20 | CVE-2020-26252 | Openmage | Unrestricted Upload of File with Dangerous Type vulnerability in Openmage OpenMage is a community-driven alternative to Magento CE. | 6.5 |
2021-01-20 | CVE-2021-1357 | Cisco | Path Traversal vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. | 6.5 |
2021-01-20 | CVE-2021-1355 | Cisco | SQL Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. | 6.5 |
2021-01-20 | CVE-2021-1349 | Cisco | Unspecified vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. | 6.5 |
2021-01-20 | CVE-2021-1304 | Cisco | Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. | 6.5 |
2021-01-20 | CVE-2021-1303 | Cisco | Incorrect Privilege Assignment vulnerability in Cisco DNA Center A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. | 6.5 |
2021-01-20 | CVE-2021-1277 | Cisco | Improper Certificate Validation vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. | 6.5 |
2021-01-20 | CVE-2021-1276 | Cisco | Improper Certificate Validation vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. | 6.5 |
2021-01-20 | CVE-2021-1270 | Cisco | Incorrect Authorization vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 6.5 |
2021-01-20 | CVE-2021-2109 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 6.5 |
2021-01-20 | CVE-2021-2057 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 19.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). | 6.5 |
2021-01-20 | CVE-2021-2054 | Oracle | Unspecified vulnerability in Oracle Rdbms Sharding 12.2.0.1/18C/19C Vulnerability in the RDBMS Sharding component of Oracle Database Server. | 6.5 |
2021-01-20 | CVE-2021-2051 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). | 6.5 |
2021-01-20 | CVE-2021-2050 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). | 6.5 |
2021-01-20 | CVE-2021-2049 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Administration). | 6.5 |
2021-01-20 | CVE-2021-2035 | Oracle | Unspecified vulnerability in Oracle Rdbms Scheduler Vulnerability in the RDBMS Scheduler component of Oracle Database Server. | 6.5 |
2021-01-20 | CVE-2021-2020 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2021-01-20 | CVE-2021-2013 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). | 6.5 |
2021-01-20 | CVE-2020-4921 | IBM | SQL Injection vulnerability in IBM Security Guardium 10.6/11.2 IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. | 6.5 |
2021-01-20 | CVE-2020-19364 | Open EMR | Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr 5.0.1 OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php. | 6.5 |
2021-01-19 | CVE-2021-3181 | Mutt Debian Fedoraproject | Memory Leak vulnerability in multiple products rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). | 6.5 |
2021-01-19 | CVE-2021-22852 | Hgiga | SQL Injection vulnerability in Hgiga Oaklouds Openid 2.0/3.0 HGiga EIP product contains SQL Injection vulnerability. | 6.5 |
2021-01-19 | CVE-2021-3178 | Linux Fedoraproject Debian | Path Traversal vulnerability in multiple products fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. | 6.5 |
2021-01-21 | CVE-2020-11215 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products An out of bounds read can happen when processing VSA attribute due to improper minimum required length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 6.4 |
2021-01-21 | CVE-2020-11144 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of size of compresses packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 6.4 |
2021-01-20 | CVE-2021-1225 | Cisco | SQL Injection vulnerability in Cisco Sd-Wan Vmanage 18.2.0 Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.4 |
2021-01-20 | CVE-2021-2101 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 6.4 |
2021-01-20 | CVE-2021-2100 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 6.4 |
2021-01-19 | CVE-2021-25323 | Misp | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Misp 2.4.136 The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. | 6.4 |
2021-01-20 | CVE-2021-1269 | Cisco | Incorrect Authorization vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 6.3 |
2021-01-20 | CVE-2021-2061 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). | 6.3 |
2021-01-20 | CVE-2021-2056 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 6.3 |
2021-01-20 | CVE-2021-2038 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). | 6.3 |
2021-01-20 | CVE-2021-1286 | Cisco | Improper Input Validation vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. | 6.1 |
2021-01-20 | CVE-2020-14360 | X ORG | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X.Org X Server A flaw was found in the X.Org Server before version 1.20.10. | 6.1 |
2021-01-22 | CVE-2020-28487 | Visjs | Cross-site Scripting vulnerability in Visjs Vis-Timeline This affects the package vis-timeline before 7.4.4. | 6.0 |
2021-01-19 | CVE-2020-35129 | Mautic | Cross-site Scripting vulnerability in Mautic Mautic before 3.2.4 is affected by stored XSS. | 6.0 |
2021-01-19 | CVE-2020-35128 | Acquia | Cross-site Scripting vulnerability in Acquia Mautic Mautic before 3.2.4 is affected by stored XSS. | 6.0 |
2021-01-19 | CVE-2020-23522 | Pixelimity | Cross-Site Request Forgery (CSRF) vulnerability in Pixelimity 1.0 Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | 6.0 |
2021-01-20 | CVE-2020-25687 | Thekelleys Fedoraproject Debian | Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 5.9 |
2021-01-20 | CVE-2020-25683 | Thekelleys Fedoraproject Debian | Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 5.9 |
2021-01-20 | CVE-2021-2011 | Oracle Fedoraproject Netapp Mariadb | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). | 5.9 |
2021-01-20 | CVE-2020-28483 | GIN Gonic | HTTP Request Smuggling vulnerability in Gin-Gonic GIN This affects all versions of package github.com/gin-gonic/gin. | 5.8 |
2021-01-20 | CVE-2021-2118 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 5.8 |
2021-01-20 | CVE-2021-2114 | Oracle | Unspecified vulnerability in Oracle Common Applications Calendar Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Applications Calendar). | 5.8 |
2021-01-20 | CVE-2021-2107 | Oracle | Unspecified vulnerability in Oracle Customer Interaction History Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). | 5.8 |
2021-01-20 | CVE-2021-2106 | Oracle | Unspecified vulnerability in Oracle Customer Interaction History Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). | 5.8 |
2021-01-20 | CVE-2021-2105 | Oracle | Unspecified vulnerability in Oracle Customer Interaction History Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). | 5.8 |
2021-01-20 | CVE-2021-2099 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 5.8 |
2021-01-20 | CVE-2021-2098 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). | 5.8 |
2021-01-20 | CVE-2021-2097 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). | 5.8 |
2021-01-20 | CVE-2021-2096 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-01-20 | CVE-2021-2094 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 5.8 |
2021-01-20 | CVE-2021-2093 | Oracle | Unspecified vulnerability in Oracle Common Applications Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). | 5.8 |
2021-01-20 | CVE-2021-2092 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 5.8 |
2021-01-20 | CVE-2021-2091 | Oracle | Unspecified vulnerability in Oracle Scripting Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). | 5.8 |
2021-01-20 | CVE-2021-2090 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). | 5.8 |
2021-01-20 | CVE-2021-2089 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Runtime Catalog). | 5.8 |
2021-01-20 | CVE-2021-2085 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 5.8 |
2021-01-20 | CVE-2021-2084 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 5.8 |
2021-01-20 | CVE-2021-2083 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Responsibilities). | 5.8 |
2021-01-20 | CVE-2021-2082 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-01-20 | CVE-2021-2080 | Oracle | Unspecified vulnerability in Oracle Configurator 12.1/12.2 Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). | 5.8 |
2021-01-20 | CVE-2021-2079 | Oracle | Unspecified vulnerability in Oracle Configurator 12.1/12.2 Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). | 5.8 |
2021-01-20 | CVE-2021-2078 | Oracle | Unspecified vulnerability in Oracle Configurator 12.1/12.2 Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). | 5.8 |
2021-01-20 | CVE-2021-2077 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-01-20 | CVE-2021-2043 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 5.8 |
2021-01-20 | CVE-2021-2040 | Oracle | Unspecified vulnerability in Oracle Argus Safety 8.2.2 Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Case Form, Local Affiliate Form). | 5.8 |
2021-01-20 | CVE-2021-2034 | Oracle | Unspecified vulnerability in Oracle Common Applications Calendar 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). | 5.8 |
2021-01-20 | CVE-2021-2027 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 5.8 |
2021-01-20 | CVE-2021-2026 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 5.8 |
2021-01-20 | CVE-2021-2025 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 5.8 |
2021-01-20 | CVE-2021-2015 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). | 5.8 |
2021-01-18 | CVE-2020-28473 | Bottlepy Debian | HTTP Request Smuggling vulnerability in multiple products The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. | 5.8 |
2021-01-20 | CVE-2021-1222 | Cisco | SQL Injection vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0 A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 5.5 |
2021-01-20 | CVE-2021-1283 | Cisco | Uncontrolled Memory Allocation vulnerability in Cisco Data Center Network Manager A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. | 5.5 |
2021-01-20 | CVE-2021-1997 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Report). | 5.5 |
2021-01-18 | CVE-2020-7343 | Mcafee | Missing Authorization vulnerability in Mcafee Agent Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. | 5.5 |
2021-01-20 | CVE-2021-1250 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. | 5.4 |
2021-01-20 | CVE-2021-1249 | Cisco | Improper Input Validation vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. | 5.4 |
2021-01-20 | CVE-2021-1255 | Cisco | Incomplete Blacklist vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 5.4 |
2021-01-20 | CVE-2021-1253 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. | 5.4 |
2021-01-19 | CVE-2020-14410 | Libsdl Debian Fedoraproject | Out-of-bounds Read vulnerability in multiple products SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. | 5.4 |
2021-01-21 | CVE-2021-21253 | Onlinevotingsystem Project | Use of Password Hash With Insufficient Computational Effort vulnerability in Onlinevotingsystem Project Onlinevotingsystem 1.1.1 OnlineVotingSystem is an open source project hosted on GitHub. | 5.3 |
2021-01-20 | CVE-2021-1350 | Cisco | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Umbrella A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. | 5.3 |
2021-01-20 | CVE-2021-1129 | Cisco | Information Exposure Through Sent Data vulnerability in Cisco products A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. | 5.3 |
2021-01-20 | CVE-2021-2006 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). | 5.3 |
2021-01-19 | CVE-2021-21263 | Laravel | SQL Injection vulnerability in Laravel Laravel is a web application framework. | 5.3 |
2021-01-20 | CVE-2021-2018 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Advanced Networking Option component of Oracle Database Server. | 5.1 |
2021-01-22 | CVE-2020-4766 | IBM | Resource Exhaustion vulnerability in IBM MQ Internet Pass-Thru 2.1/9.2 IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. | 5.0 |
2021-01-21 | CVE-2020-8554 | Kubernetes Oracle | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. | 5.0 |
2021-01-21 | CVE-2020-11214 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-01-21 | CVE-2020-11200 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. | 5.0 |
2021-01-21 | CVE-2020-11145 | Qualcomm | Divide By Zero vulnerability in Qualcomm products Divide by zero issue can happen while updating delta extension header due to improper validation of master SN and extension header SN in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 5.0 |
2021-01-21 | CVE-2020-11139 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Out of bound memory access while processing frames due to lack of check of invalid frames received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-01-21 | CVE-2020-11119 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 5.0 |
2021-01-20 | CVE-2020-27859 | NEC | Path Traversal vulnerability in NEC Esmpro Manager 6.42 This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. | 5.0 |
2021-01-20 | CVE-2020-27858 | Arcserve | XXE vulnerability in Arcserve D2D 16.5 This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. | 5.0 |
2021-01-20 | CVE-2021-2059 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). | 5.0 |
2021-01-20 | CVE-2021-2052 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Orchestrator 9.2/9.2.5.0 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). | 5.0 |
2021-01-20 | CVE-2020-19360 | Fhem | Information Exposure vulnerability in Fhem 6.0 Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure. | 5.0 |
2021-01-19 | CVE-2020-35929 | Kaspersky | Use of Hard-coded Credentials vulnerability in Kaspersky Tinycheck In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. | 5.0 |
2021-01-19 | CVE-2020-4881 | IBM | Origin Validation Error vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. | 5.0 |
2021-01-19 | CVE-2020-4873 | IBM | Information Exposure vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. | 5.0 |
2021-01-19 | CVE-2021-3183 | Files | Insufficient Session Expiration vulnerability in Files FAT Client 3.3.6 Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile. | 5.0 |
2021-01-19 | CVE-2020-28479 | Jointjs | Unspecified vulnerability in Jointjs The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. | 5.0 |
2021-01-19 | CVE-2020-28478 | Greensock | Unspecified vulnerability in Greensock Animation Platform This affects the package gsap before 3.6.0. | 5.0 |
2021-01-19 | CVE-2020-28477 | Immer Project | Unspecified vulnerability in Immer Project Immer This affects all versions of package immer. | 5.0 |
2021-01-18 | CVE-2020-36192 | Mantisbt | Unspecified vulnerability in Mantisbt Source Integration An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. | 5.0 |
2021-01-18 | CVE-2021-3166 | Asus | Unrestricted Upload of File with Dangerous Type vulnerability in Asus Dsl-N14U B1 Firmware 1.1.2.3805 An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. | 5.0 |
2021-01-18 | CVE-2020-29446 | Atlassian | Information Exposure vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. | 5.0 |
2021-01-21 | CVE-2020-8568 | Kubernetes | Path Traversal vulnerability in Kubernetes Secrets Store CSI Driver 0.0.15/0.0.16 Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. | 4.9 |
2021-01-20 | CVE-2021-1235 | Cisco | Exposure of System Data to an Unauthorized Control Sphere vulnerability in Cisco Sd-Wan Vmanage 18.2.0 A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. | 4.9 |
2021-01-20 | CVE-2021-1218 | Cisco | Open Redirect vulnerability in Cisco Smart Software Manager On-Prem 5.0 A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. | 4.9 |
2021-01-20 | CVE-2021-1364 | Cisco | SQL Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. | 4.9 |
2021-01-20 | CVE-2021-1282 | Cisco | SQL Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. | 4.9 |
2021-01-20 | CVE-2021-2130 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2021-01-20 | CVE-2021-2127 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2021-01-20 | CVE-2021-2124 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2021-01-20 | CVE-2021-2121 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2021-01-20 | CVE-2021-2117 | Oracle | Unspecified vulnerability in Oracle Application Express Survey Builder Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. | 4.9 |
2021-01-20 | CVE-2021-2116 | Oracle | Unspecified vulnerability in Oracle Application Express Opportunity Tracker Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. | 4.9 |
2021-01-20 | CVE-2021-2115 | Oracle | Unspecified vulnerability in Oracle Common Applications Calendar Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). | 4.9 |
2021-01-20 | CVE-2021-2088 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2021-01-20 | CVE-2021-2087 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2021-01-20 | CVE-2021-2086 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2021-01-20 | CVE-2021-2073 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2021-01-20 | CVE-2021-2062 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). | 4.9 |
2021-01-20 | CVE-2021-2039 | Oracle | Unspecified vulnerability in Oracle Siebel Core - Server Framework 19.0/20.12 Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Search). | 4.9 |
2021-01-20 | CVE-2021-2021 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2021-01-20 | CVE-2021-2016 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2021-01-20 | CVE-2021-2012 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.9 |
2021-01-20 | CVE-2021-2009 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). | 4.9 |
2021-01-20 | CVE-2021-2003 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). | 4.9 |
2021-01-20 | CVE-2021-2002 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.9 |
2021-01-20 | CVE-2021-2001 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2021-01-20 | CVE-2021-1271 | Cisco | Cross-site Scripting vulnerability in Cisco web Security Virtual Appliance A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. | 4.8 |
2021-01-21 | CVE-2020-11217 | Qualcomm | Double Free vulnerability in Qualcomm products A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 4.6 |
2021-01-21 | CVE-2020-11146 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 4.6 |
2021-01-20 | CVE-2021-1068 | Nvidia | Out-of-bounds Read vulnerability in Nvidia Shield Experience NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges. | 4.6 |
2021-01-20 | CVE-2021-1067 | Nvidia | Unspecified vulnerability in Nvidia Shield Experience NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges. | 4.6 |
2021-01-20 | CVE-2021-1219 | Cisco | Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0 A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. | 4.6 |
2021-01-20 | CVE-2020-6024 | Checkpoint | Improper Privilege Management vulnerability in Checkpoint Smartconsole Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users. | 4.6 |
2021-01-20 | CVE-2021-2074 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.6 |
2021-01-20 | CVE-2021-2063 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 4.6 |
2021-01-20 | CVE-2020-4983 | IBM | Command Injection vulnerability in IBM Spectrum LSF and Spectrum LSF Suite IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. | 4.6 |
2021-01-19 | CVE-2020-27256 | Sooil | Use of Hard-coded Credentials vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings. | 4.6 |
2021-01-20 | CVE-2021-1233 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. | 4.4 |
2021-01-20 | CVE-2021-2022 | Oracle Netapp Fedoraproject Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.4 |
2021-01-22 | CVE-2021-21259 | Hedgedoc | Cross-site Scripting vulnerability in Hedgedoc HedgeDoc is open source software which lets you create real-time collaborative markdown notes. | 4.3 |
2021-01-21 | CVE-2021-21239 | Pysaml2 Project Debian | Improper Verification of Cryptographic Signature vulnerability in multiple products PySAML2 is a pure python implementation of SAML Version 2 Standard. | 4.3 |
2021-01-21 | CVE-2021-21238 | Pysaml2 Project | Improper Verification of Cryptographic Signature vulnerability in Pysaml2 Project Pysaml2 PySAML2 is a pure python implementation of SAML Version 2 Standard. | 4.3 |
2021-01-21 | CVE-2020-4969 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
2021-01-21 | CVE-2020-4966 | IBM | Link Following vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2021-01-20 | CVE-2021-1135 | Cisco | Incomplete Blacklist vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. | 4.3 |
2021-01-20 | CVE-2021-1305 | Cisco | Incorrect Authorization vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. | 4.3 |
2021-01-20 | CVE-2021-3130 | Opmantek | Unspecified vulnerability in Opmantek Open-Audit Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. | 4.3 |
2021-01-20 | CVE-2020-20949 | ST Ietf | Inadequate Encryption Strength vulnerability in multiple products Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). | 4.3 |
2021-01-20 | CVE-2021-2023 | Oracle | Unspecified vulnerability in Oracle Installed Base Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). | 4.3 |
2021-01-20 | CVE-2021-2005 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). | 4.3 |
2021-01-20 | CVE-2020-13133 | Tufin | Cross-site Scripting vulnerability in Tufin Securechange Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. | 4.3 |
2021-01-20 | CVE-2020-25385 | Nagios | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page. | 4.3 |
2021-01-20 | CVE-2020-19363 | Vtiger | Information Exposure vulnerability in Vtiger CRM 7.2.0 Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. | 4.3 |
2021-01-20 | CVE-2020-19362 | Vtiger | Cross-site Scripting vulnerability in Vtiger CRM 7.2.0 Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. | 4.3 |
2021-01-20 | CVE-2020-19361 | Medintux | Cross-site Scripting vulnerability in Medintux 2.16.000 Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. | 4.3 |
2021-01-19 | CVE-2020-28707 | Stockdio | Cross-site Scripting vulnerability in Stockdio Historical Chart The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. | 4.3 |
2021-01-19 | CVE-2021-3184 | Misp | Cross-site Scripting vulnerability in Misp 2.4.136 MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. | 4.3 |
2021-01-19 | CVE-2021-25325 | Misp | Cross-site Scripting vulnerability in Misp 2.4.136 MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. | 4.3 |
2021-01-19 | CVE-2021-25324 | Misp | Cross-site Scripting vulnerability in Misp 2.4.136 MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. | 4.3 |
2021-01-19 | CVE-2020-20950 | Ietf Microchip | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. | 4.3 |
2021-01-19 | CVE-2021-20619 | Weseek | Cross-site Scripting vulnerability in Weseek Growi 4.2.0/4.2.1/4.2.2 Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors. | 4.3 |
2021-01-18 | CVE-2021-25295 | Opencats | Cross-site Scripting vulnerability in Opencats OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues. | 4.3 |
2021-01-20 | CVE-2021-2010 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). | 4.2 |
2021-01-22 | CVE-2020-12514 | Pepperl Fuchs | NULL Pointer Dereference vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd | 4.0 |
2021-01-21 | CVE-2020-8569 | Kubernetes | NULL Pointer Dereference vulnerability in Kubernetes Container Storage Interface Snapshotter Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. | 4.0 |
2021-01-21 | CVE-2020-8567 | Google Hashicorp Microsoft | Path Traversal vulnerability in multiple products Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. | 4.0 |
2021-01-20 | CVE-2021-1265 | Cisco | Cleartext Storage of Sensitive Information vulnerability in Cisco DNA Center A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. | 4.0 |
2021-01-20 | CVE-2021-21269 | Keymaker Project | Path Traversal vulnerability in Keymaker Project Keymaker Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. | 4.0 |
2021-01-20 | CVE-2021-2113 | Oracle | Unspecified vulnerability in Oracle Financial Services Revenue Management and Billing 2.9.0.0/2.9.0.1 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: On Demand Billing). | 4.0 |
2021-01-20 | CVE-2021-2110 | Oracle | Unspecified vulnerability in Oracle Argus Safety 8.2.2 Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Letters). | 4.0 |
2021-01-20 | CVE-2021-2044 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise FIN Payables 9.2 Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Financial Sanctions). | 4.0 |
2021-01-20 | CVE-2021-2033 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). | 4.0 |
2021-01-20 | CVE-2021-2032 | Oracle Netapp Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). | 4.0 |
2021-01-20 | CVE-2021-2017 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). | 4.0 |
2021-01-20 | CVE-2021-2004 | Oracle | Unspecified vulnerability in Oracle Server Bizlogic Script 20.12 Vulnerability in the Siebel Core - Server BizLogic Script product of Oracle Siebel CRM (component: Integration - Scripting). | 4.0 |
2021-01-20 | CVE-2021-1995 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 4.0 |
2021-01-19 | CVE-2020-11997 | Apache | Incorrect Default Permissions vulnerability in Apache Guacamole Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. | 4.0 |
2021-01-19 | CVE-2020-28481 | Socket | Origin Validation Error vulnerability in Socket Socket.Io The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. | 4.0 |
2021-01-19 | CVE-2020-29450 | Atlassian | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Confluence Server Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. | 4.0 |
47 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-01-20 | CVE-2021-1998 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 3.8 |
2021-01-20 | CVE-2020-25686 | Thekelleys Fedoraproject Debian Arista | Improperly Implemented Security Check for Standard vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 3.7 |
2021-01-20 | CVE-2020-25685 | Thekelleys Fedoraproject Debian Arista | Inadequate Encryption Strength vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. | 3.7 |
2021-01-20 | CVE-2020-25684 | Thekelleys Fedoraproject Debian Arista | A flaw was found in dnsmasq before version 2.83. | 3.7 |
2021-01-20 | CVE-2021-2007 | Oracle Fedoraproject Netapp Mariadb | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). | 3.7 |
2021-01-20 | CVE-2021-1069 | Nvidia | NULL Pointer Dereference vulnerability in Nvidia Linux for Tegra and Shield Experience NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss. | 3.6 |
2021-01-20 | CVE-2021-2129 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 3.6 |
2021-01-20 | CVE-2021-2125 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 3.6 |
2021-01-22 | CVE-2020-12512 | Pepperl Fuchs | Cross-site Scripting vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting | 3.5 |
2021-01-22 | CVE-2021-21260 | Bigprof | Cross-site Scripting vulnerability in Bigprof Online Invoicing System 4.0 Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. | 3.5 |
2021-01-22 | CVE-2021-22849 | Hyweb | Cross-site Scripting vulnerability in Hyweb Hycms-J1 7.4.3 Hyweb HyCMS-J1 backend editing function does not filter special characters. | 3.5 |
2021-01-20 | CVE-2020-35272 | Employee Performance Evaluation System Project | Cross-site Scripting vulnerability in Employee Performance Evaluation System Project Employee Performance Evaluation System 1.0 Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields. | 3.5 |
2021-01-20 | CVE-2020-35271 | Employee Performance Evaluation System Project | Cross-site Scripting vulnerability in Employee Performance Evaluation System Project Employee Performance Evaluation System 1.0 Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields. | 3.5 |
2021-01-20 | CVE-2021-2045 | Oracle | Unspecified vulnerability in Oracle Text Vulnerability in the Oracle Text component of Oracle Database Server. | 3.5 |
2021-01-20 | CVE-2021-2000 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Unified Audit component of Oracle Database Server. | 3.5 |
2021-01-20 | CVE-2021-1996 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 3.5 |
2021-01-20 | CVE-2021-3137 | Xwiki | Cross-site Scripting vulnerability in Xwiki 12.10.2 XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section. | 3.5 |
2021-01-20 | CVE-2020-27852 | Rocketgenius | Cross-site Scripting vulnerability in Rocketgenius Gravityforms A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. | 3.5 |
2021-01-20 | CVE-2020-27851 | Rocketgenius | Cross-site Scripting vulnerability in Rocketgenius Gravityforms Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. | 3.5 |
2021-01-20 | CVE-2020-27850 | Rocketgenius | Cross-site Scripting vulnerability in Rocketgenius Gravityforms A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. | 3.5 |
2021-01-20 | CVE-2020-13134 | Tufin | Cross-site Scripting vulnerability in Tufin Securechange Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. | 3.5 |
2021-01-19 | CVE-2020-8581 | Netapp | Incorrect Authorization vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled. | 3.5 |
2021-01-21 | CVE-2020-4968 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 3.3 |
2021-01-19 | CVE-2020-27268 | Sooil | Incorrect Resource Transfer Between Spheres vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy. | 3.3 |
2021-01-19 | CVE-2020-27266 | Sooil | Improper Authentication vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. | 3.3 |
2021-01-19 | CVE-2020-27264 | Sooil | Use of Insufficiently Random Values vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy. | 3.3 |
2021-01-19 | CVE-2020-27258 | Sooil | Insufficiently Protected Credentials vulnerability in Sooil Anydana-A, Anydana-I and Dana Diabecare RS Firmware In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy. | 3.3 |
2021-01-19 | CVE-2020-27269 | Sooil | Authentication Bypass by Capture-replay vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy. | 2.9 |
2021-01-19 | CVE-2020-27276 | Sooil | Authentication Bypass by Spoofing vulnerability in Sooil products SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy. | 2.9 |
2021-01-19 | CVE-2020-27272 | Sooil | Missing Authentication for Critical Function vulnerability in Sooil products SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE. | 2.9 |
2021-01-19 | CVE-2020-27270 | Sooil | Insufficiently Protected Credentials vulnerability in Sooil products SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE). | 2.9 |
2021-01-20 | CVE-2021-2019 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 2.7 |
2021-01-22 | CVE-2021-21270 | Octopus | Cleartext Transmission of Sensitive Information vulnerability in Octopus Octopusdsc OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. | 2.1 |
2021-01-21 | CVE-2020-3687 | Qualcomm | Information Exposure vulnerability in Qualcomm Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue. | 2.1 |
2021-01-20 | CVE-2021-2131 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-01-20 | CVE-2021-2128 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-01-20 | CVE-2021-2126 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-01-20 | CVE-2021-2123 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-01-20 | CVE-2021-2120 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-01-20 | CVE-2021-2119 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-01-20 | CVE-2021-2112 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-01-20 | CVE-2021-2111 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-01-20 | CVE-2021-2042 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 2.1 |
2021-01-20 | CVE-2021-1993 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Java VM component of Oracle Database Server. | 2.1 |
2021-01-20 | CVE-2020-4887 | IBM | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. | 2.1 |
2021-01-19 | CVE-2020-4871 | IBM | Information Exposure vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |
2021-01-20 | CVE-2021-1999 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). | 1.2 |