Weekly Vulnerabilities Reports > January 18 to 24, 2021

Overview

359 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 65 high severity vulnerabilities. This weekly summary report vulnerabilities in 1368 products from 89 vendors including Oracle, Cisco, Netapp, Qualcomm, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Read", "Out-of-bounds Write", and "Path Traversal".

  • 291 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 84 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 227 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 139 reported vulnerabilities.
  • Qualcomm has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-01-21 CVE-2020-3691 Qualcomm Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products

Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

10.0
2021-01-21 CVE-2020-3686 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

10.0
2021-01-21 CVE-2020-11225 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

10.0
2021-01-21 CVE-2020-11167 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

10.0
2021-01-21 CVE-2020-11143 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

10.0
2021-01-21 CVE-2020-11140 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Out of bound memory access during music playback with ALAC modified content due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

10.0
2021-01-21 CVE-2020-11138 Qualcomm Access of Uninitialized Pointer vulnerability in Qualcomm products

Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

10.0
2021-01-21 CVE-2020-11137 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

10.0
2021-01-21 CVE-2020-11136 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

10.0
2021-01-18 CVE-2021-25294 Opencats Deserialization of Untrusted Data vulnerability in Opencats

OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution.

10.0
2021-01-20 CVE-2021-1142 Cisco OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system.

9.8
2021-01-20 CVE-2021-1140 Cisco OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system.

9.8
2021-01-20 CVE-2021-1138 Cisco OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system.

9.8
2021-01-20 CVE-2021-1301 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device.

9.8
2021-01-20 CVE-2021-1300 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device.

9.8
2021-01-20 CVE-2021-3110 Prestashop SQL Injection vulnerability in Prestashop 1.7.7.0

The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.

9.8
2021-01-19 CVE-2021-22850 Hgiga Missing Authentication for Critical Function vulnerability in Hgiga Oaklouds Portal

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.

9.8
2021-01-19 CVE-2021-3177 Python
Fedoraproject
Netapp
Debian
Oracle
Classic Buffer Overflow vulnerability in multiple products

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param.

9.8
2021-01-21 CVE-2020-8570 Kubernetes Path Traversal vulnerability in Kubernetes Java

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive.

9.1
2021-01-22 CVE-2020-12513 Pepperl Fuchs OS Command Injection vulnerability in Pepperl-Fuchs products

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.

9.0

65 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-01-20 CVE-2021-1247 Cisco SQL Injection vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device.

8.8
2021-01-20 CVE-2021-1141 Cisco OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system.

8.8
2021-01-20 CVE-2021-1139 Cisco OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system.

8.8
2021-01-20 CVE-2021-1302 Cisco Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.

8.8
2021-01-20 CVE-2021-1299 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

8.8
2021-01-20 CVE-2021-1298 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

8.8
2021-01-20 CVE-2021-1272 Cisco Server-Side Request Forgery (SSRF) vulnerability in Cisco Data Center Network Manager

A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system.

8.8
2021-01-20 CVE-2021-1264 Cisco OS Command Injection vulnerability in Cisco DNA Center

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack.

8.8
2021-01-19 CVE-2020-27733 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

8.8
2021-01-20 CVE-2021-1353 Cisco Memory Leak vulnerability in Cisco Staros

A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

8.6
2021-01-20 CVE-2021-1279 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

8.6
2021-01-20 CVE-2021-1274 Cisco NULL Pointer Dereference vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

8.6
2021-01-20 CVE-2021-1273 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

8.6
2021-01-20 CVE-2021-2104 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box).

8.2
2021-01-20 CVE-2021-2103 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box).

8.2
2021-01-20 CVE-2021-2102 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box).

8.2
2021-01-20 CVE-2020-25682 Thekelleys
Fedoraproject
Debian
Heap-based Buffer Overflow vulnerability in multiple products

A flaw was found in dnsmasq before 2.83.

8.1
2021-01-20 CVE-2020-25681 Thekelleys
Fedoraproject
Debian
Heap-based Buffer Overflow vulnerability in multiple products

A flaw was found in dnsmasq before version 2.83.

8.1
2021-01-19 CVE-2021-20190 Fasterxml
Netapp
Apache
Debian
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

A flaw was found in jackson-databind before 2.9.10.7.

8.1
2021-01-19 CVE-2021-22498 Microfocus XXE vulnerability in Microfocus Application Lifecycle Management

XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product.

8.1
2021-01-19 CVE-2021-3182 Dlink Out-of-bounds Write vulnerability in Dlink Dcs-5220 Firmware

D-Link DCS-5220 devices have a buffer overflow.

8.0
2021-01-20 CVE-2020-26278 Weave Execution with Unnecessary Privileges vulnerability in Weave

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery.

7.9
2021-01-21 CVE-2020-3685 Qualcomm Double Free vulnerability in Qualcomm products

Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

7.8
2021-01-20 CVE-2021-1263 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

7.8
2021-01-20 CVE-2021-1262 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

7.8
2021-01-20 CVE-2021-1261 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

7.8
2021-01-20 CVE-2021-1260 Cisco Command Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

7.8
2021-01-19 CVE-2020-14409 Libsdl
Fedoraproject
Debian
Starwindsoftware
Integer Overflow or Wraparound vulnerability in multiple products

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.

7.8
2021-01-21 CVE-2020-4958 IBM Missing Authentication for Critical Function vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

7.5
2021-01-21 CVE-2020-11216 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Buffer over read can happen in video driver when playing clip with atomsize having value UINT32_MAX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.5
2021-01-21 CVE-2020-11213 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

7.5
2021-01-21 CVE-2020-11212 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

7.5
2021-01-21 CVE-2020-11197 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Possible integer overflow can occur when stream info update is called when total number of streams detected are zero while parsing TS clip with invalid data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.5
2021-01-21 CVE-2020-27221 Eclipse Out-of-bounds Write vulnerability in Eclipse Openj9

In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.

7.5
2021-01-20 CVE-2021-1241 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

7.5
2021-01-20 CVE-2021-1312 Cisco Resource Exhaustion vulnerability in Cisco Elastic Services Controller

A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device.

7.5
2021-01-20 CVE-2021-1278 Cisco Link Following vulnerability in Cisco products

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

7.5
2021-01-20 CVE-2021-2108 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components).

7.5
2021-01-20 CVE-2021-2075 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).

7.5
2021-01-20 CVE-2021-2069 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4/8.5.5

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2021-01-20 CVE-2021-2068 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4/8.5.5

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2021-01-20 CVE-2021-2067 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4/8.5.5

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2021-01-20 CVE-2021-2066 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4/8.5.5

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2021-01-20 CVE-2021-2064 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components).

7.5
2021-01-20 CVE-2021-2047 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components).

7.5
2021-01-20 CVE-2021-2029 Oracle Unspecified vulnerability in Oracle Scripting

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous).

7.5
2021-01-20 CVE-2021-1994 Oracle Unspecified vulnerability in Oracle Enterprise Repository and Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

7.5
2021-01-20 CVE-2020-14756 Oracle Unspecified vulnerability in Oracle Coherence and Utilities Framework

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components).

7.5
2021-01-20 CVE-2021-23326 THE Guild Command Injection vulnerability in The-Guild Graphql-Tools

This affects the package @graphql-tools/git-loader before 6.2.6.

7.5
2021-01-19 CVE-2020-28480 Jointjs Unspecified vulnerability in Jointjs

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath).

7.5
2021-01-19 CVE-2020-28472 Amazon Unspecified vulnerability in Amazon products

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0.

7.5
2021-01-19 CVE-2021-22851 Hgiga SQL Injection vulnerability in Hgiga Oaklouds Openid 2.0/3.0

HGiga EIP product contains SQL Injection vulnerability.

7.5
2021-01-18 CVE-2020-36193 PHP
Fedoraproject
Debian
Drupal
Link Following vulnerability in multiple products

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

7.5
2021-01-20 CVE-2021-1280 Cisco Uncontrolled Search Path Element vulnerability in Cisco Advanced Malware Protection for Endpoints and Immunet

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack.

7.3
2021-01-20 CVE-2021-1133 Cisco Incomplete Blacklist vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

7.3
2021-01-21 CVE-2020-11185 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

7.2
2021-01-21 CVE-2020-11183 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-01-21 CVE-2020-11181 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

7.2
2021-01-21 CVE-2020-11180 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

7.2
2021-01-21 CVE-2020-11150 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2021-01-21 CVE-2020-11149 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Out of bound access due to usage of an out-of-range pointer offset in the camera driver.

7.2
2021-01-21 CVE-2020-11148 Qualcomm Use After Free vulnerability in Qualcomm products

Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.2
2021-01-20 CVE-2021-1248 Cisco SQL Injection vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device.

7.2
2021-01-20 CVE-2020-4688 IBM Command Injection vulnerability in IBM Security Guardium 10.6/11.2

IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability.

7.2
2021-01-20 CVE-2021-2048 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
7.0

227 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-01-21 CVE-2020-11179 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition.

6.9
2021-01-21 CVE-2020-11152 Qualcomm Race Condition vulnerability in Qualcomm products

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

6.9
2021-01-21 CVE-2020-11151 Qualcomm Use After Free vulnerability in Qualcomm products

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

6.9
2021-01-22 CVE-2020-12525 Emerson
Pepperl Fuchs
Wago
Weidmueller
Deserialization of Untrusted Data vulnerability in multiple products

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

6.8
2021-01-22 CVE-2020-12511 Pepperl Fuchs Cross-Site Request Forgery (CSRF) vulnerability in Pepperl-Fuchs products

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.

6.8
2021-01-20 CVE-2021-1259 Cisco Path Traversal vulnerability in Cisco Sd-Wan Vmanage

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system.

6.8
2021-01-20 CVE-2021-1257 Cisco
Mcafee
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent.

6.8
2021-01-20 CVE-2020-28452 Softwaremill Cross-Site Request Forgery (CSRF) vulnerability in Softwaremill Akka-Http-Session

This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1.

6.8
2021-01-20 CVE-2021-2122 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).
6.8
2021-01-20 CVE-2021-2081 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
6.8
2021-01-20 CVE-2021-2076 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2021-01-20 CVE-2021-2072 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
6.8
2021-01-20 CVE-2021-2071 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search).

6.8
2021-01-20 CVE-2021-2070 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2021-01-20 CVE-2021-2065 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2021-01-20 CVE-2021-2060 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2021-01-20 CVE-2021-2058 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking).
6.8
2021-01-20 CVE-2021-2055 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2021-01-20 CVE-2021-2046 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
6.8
2021-01-20 CVE-2021-2041 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation).

6.8
2021-01-20 CVE-2021-2036 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2021-01-20 CVE-2021-2031 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2021-01-20 CVE-2021-2030 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2021-01-20 CVE-2021-2028 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
6.8
2021-01-20 CVE-2021-2024 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2021-01-20 CVE-2021-2014 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin).
6.8
2021-01-20 CVE-2020-35217 Eclipse Cross-Site Request Forgery (CSRF) vulnerability in Eclipse Vert.X-Web 4.0.0

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification.

6.8
2021-01-19 CVE-2020-28482 Fastify Cross-Site Request Forgery (CSRF) vulnerability in Fastify Fastify-Csrf

This affects the package fastify-csrf before 3.0.0.

6.8
2021-01-19 CVE-2020-23342 Anchorcms Cross-Site Request Forgery (CSRF) vulnerability in Anchorcms Anchor CMS 0.12.7

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.

6.8
2021-01-18 CVE-2021-25178 Opendesign
Siemens
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11.

6.8
2021-01-18 CVE-2021-25177 Opendesign
Siemens
Type Confusion vulnerability in multiple products

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11.

6.8
2021-01-18 CVE-2021-25176 Opendesign
Siemens
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11.

6.8
2021-01-18 CVE-2021-25175 Opendesign
Siemens
Incorrect Type Conversion or Cast vulnerability in multiple products

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11.

6.8
2021-01-18 CVE-2021-25174 Opendesign
Siemens
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12.

6.8
2021-01-18 CVE-2021-25173 Opendesign
Siemens
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12.

6.8
2021-01-22 CVE-2021-22847 Hyweb SQL Injection vulnerability in Hyweb Hycms-J1 7.4.3

Hyweb HyCMS-J1's API fail to filter POST request parameters.

6.5
2021-01-21 CVE-2020-26295 Openmage Path Traversal vulnerability in Openmage

OpenMage is a community-driven alternative to Magento CE.

6.5
2021-01-21 CVE-2020-26285 Openmage Unrestricted Upload of File with Dangerous Type vulnerability in Openmage

OpenMage is a community-driven alternative to Magento CE.

6.5
2021-01-20 CVE-2020-26252 Openmage Unrestricted Upload of File with Dangerous Type vulnerability in Openmage

OpenMage is a community-driven alternative to Magento CE.

6.5
2021-01-20 CVE-2021-1357 Cisco Path Traversal vulnerability in Cisco products

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.

6.5
2021-01-20 CVE-2021-1355 Cisco SQL Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.

6.5
2021-01-20 CVE-2021-1349 Cisco Unspecified vulnerability in Cisco Sd-Wan Vmanage

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system.

6.5
2021-01-20 CVE-2021-1304 Cisco Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.

6.5
2021-01-20 CVE-2021-1303 Cisco Incorrect Privilege Assignment vulnerability in Cisco DNA Center

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device.

6.5
2021-01-20 CVE-2021-1277 Cisco Improper Certificate Validation vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests.

6.5
2021-01-20 CVE-2021-1276 Cisco Improper Certificate Validation vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests.

6.5
2021-01-20 CVE-2021-1270 Cisco Incorrect Authorization vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

6.5
2021-01-20 CVE-2021-2109 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

6.5
2021-01-20 CVE-2021-2057 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 19.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations).

6.5
2021-01-20 CVE-2021-2054 Oracle Unspecified vulnerability in Oracle Rdbms Sharding 12.2.0.1/18C/19C

Vulnerability in the RDBMS Sharding component of Oracle Database Server.

6.5
2021-01-20 CVE-2021-2051 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO).

6.5
2021-01-20 CVE-2021-2050 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO).

6.5
2021-01-20 CVE-2021-2049 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Administration).

6.5
2021-01-20 CVE-2021-2035 Oracle Unspecified vulnerability in Oracle Rdbms Scheduler

Vulnerability in the RDBMS Scheduler component of Oracle Database Server.

6.5
2021-01-20 CVE-2021-2020 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.5
2021-01-20 CVE-2021-2013 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security).

6.5
2021-01-20 CVE-2020-4921 IBM SQL Injection vulnerability in IBM Security Guardium 10.6/11.2

IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection.

6.5
2021-01-20 CVE-2020-19364 Open EMR Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr 5.0.1

OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.

6.5
2021-01-19 CVE-2021-3181 Mutt
Debian
Fedoraproject
Memory Leak vulnerability in multiple products

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).

6.5
2021-01-19 CVE-2021-22852 Hgiga SQL Injection vulnerability in Hgiga Oaklouds Openid 2.0/3.0

HGiga EIP product contains SQL Injection vulnerability.

6.5
2021-01-19 CVE-2021-3178 Linux
Fedoraproject
Debian
Path Traversal vulnerability in multiple products

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS.

6.5
2021-01-21 CVE-2020-11215 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

An out of bounds read can happen when processing VSA attribute due to improper minimum required length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

6.4
2021-01-21 CVE-2020-11144 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of size of compresses packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

6.4
2021-01-20 CVE-2021-1225 Cisco SQL Injection vulnerability in Cisco Sd-Wan Vmanage 18.2.0

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system.

6.4
2021-01-20 CVE-2021-2101 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

6.4
2021-01-20 CVE-2021-2100 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

6.4
2021-01-19 CVE-2021-25323 Misp Weak Password Recovery Mechanism for Forgotten Password vulnerability in Misp 2.4.136

The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.

6.4
2021-01-20 CVE-2021-1269 Cisco Incorrect Authorization vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

6.3
2021-01-20 CVE-2021-2061 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).
6.3
2021-01-20 CVE-2021-2056 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
6.3
2021-01-20 CVE-2021-2038 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
6.3
2021-01-20 CVE-2021-1286 Cisco Improper Input Validation vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface.

6.1
2021-01-20 CVE-2020-14360 X ORG Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X.Org X Server

A flaw was found in the X.Org Server before version 1.20.10.

6.1
2021-01-22 CVE-2020-28487 Visjs Cross-site Scripting vulnerability in Visjs Vis-Timeline

This affects the package vis-timeline before 7.4.4.

6.0
2021-01-19 CVE-2020-35129 Mautic Cross-site Scripting vulnerability in Mautic

Mautic before 3.2.4 is affected by stored XSS.

6.0
2021-01-19 CVE-2020-35128 Acquia Cross-site Scripting vulnerability in Acquia Mautic

Mautic before 3.2.4 is affected by stored XSS.

6.0
2021-01-19 CVE-2020-23522 Pixelimity Cross-Site Request Forgery (CSRF) vulnerability in Pixelimity 1.0

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.

6.0
2021-01-20 CVE-2020-25687 Thekelleys
Fedoraproject
Debian
Heap-based Buffer Overflow vulnerability in multiple products

A flaw was found in dnsmasq before version 2.83.

5.9
2021-01-20 CVE-2020-25683 Thekelleys
Fedoraproject
Debian
Heap-based Buffer Overflow vulnerability in multiple products

A flaw was found in dnsmasq before version 2.83.

5.9
2021-01-20 CVE-2021-2011 Oracle
Fedoraproject
Netapp
Mariadb
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
5.9
2021-01-20 CVE-2020-28483 GIN Gonic HTTP Request Smuggling vulnerability in Gin-Gonic GIN

This affects all versions of package github.com/gin-gonic/gin.

5.8
2021-01-20 CVE-2021-2118 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2021-01-20 CVE-2021-2114 Oracle Unspecified vulnerability in Oracle Common Applications Calendar

Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Applications Calendar).

5.8
2021-01-20 CVE-2021-2107 Oracle Unspecified vulnerability in Oracle Customer Interaction History

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result).

5.8
2021-01-20 CVE-2021-2106 Oracle Unspecified vulnerability in Oracle Customer Interaction History

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result).

5.8
2021-01-20 CVE-2021-2105 Oracle Unspecified vulnerability in Oracle Customer Interaction History

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result).

5.8
2021-01-20 CVE-2021-2099 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.8
2021-01-20 CVE-2021-2098 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

5.8
2021-01-20 CVE-2021-2097 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile).

5.8
2021-01-20 CVE-2021-2096 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-01-20 CVE-2021-2094 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

5.8
2021-01-20 CVE-2021-2093 Oracle Unspecified vulnerability in Oracle Common Applications

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework).

5.8
2021-01-20 CVE-2021-2092 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.8
2021-01-20 CVE-2021-2091 Oracle Unspecified vulnerability in Oracle Scripting

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous).

5.8
2021-01-20 CVE-2021-2090 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

5.8
2021-01-20 CVE-2021-2089 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Runtime Catalog).

5.8
2021-01-20 CVE-2021-2085 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.8
2021-01-20 CVE-2021-2084 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.8
2021-01-20 CVE-2021-2083 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Responsibilities).

5.8
2021-01-20 CVE-2021-2082 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-01-20 CVE-2021-2080 Oracle Unspecified vulnerability in Oracle Configurator 12.1/12.2

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet).

5.8
2021-01-20 CVE-2021-2079 Oracle Unspecified vulnerability in Oracle Configurator 12.1/12.2

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet).

5.8
2021-01-20 CVE-2021-2078 Oracle Unspecified vulnerability in Oracle Configurator 12.1/12.2

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet).

5.8
2021-01-20 CVE-2021-2077 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-01-20 CVE-2021-2043 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

5.8
2021-01-20 CVE-2021-2040 Oracle Unspecified vulnerability in Oracle Argus Safety 8.2.2

Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Case Form, Local Affiliate Form).

5.8
2021-01-20 CVE-2021-2034 Oracle Unspecified vulnerability in Oracle Common Applications Calendar 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks).

5.8
2021-01-20 CVE-2021-2027 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2021-01-20 CVE-2021-2026 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2021-01-20 CVE-2021-2025 Oracle Unspecified vulnerability in Oracle Business Intelligence

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General).

5.8
2021-01-20 CVE-2021-2015 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist).

5.8
2021-01-18 CVE-2020-28473 Bottlepy
Debian
HTTP Request Smuggling vulnerability in multiple products

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking.

5.8
2021-01-20 CVE-2021-1222 Cisco SQL Injection vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

5.5
2021-01-20 CVE-2021-1283 Cisco Uncontrolled Memory Allocation vulnerability in Cisco Data Center Network Manager

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted.

5.5
2021-01-20 CVE-2021-1997 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Report).

5.5
2021-01-18 CVE-2020-7343 Mcafee Missing Authorization vulnerability in Mcafee Agent

Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files.

5.5
2021-01-20 CVE-2021-1250 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface.

5.4
2021-01-20 CVE-2021-1249 Cisco Improper Input Validation vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface.

5.4
2021-01-20 CVE-2021-1255 Cisco Incomplete Blacklist vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

5.4
2021-01-20 CVE-2021-1253 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface.

5.4
2021-01-19 CVE-2020-14410 Libsdl
Debian
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

5.4
2021-01-21 CVE-2021-21253 Onlinevotingsystem Project Use of Password Hash With Insufficient Computational Effort vulnerability in Onlinevotingsystem Project Onlinevotingsystem 1.1.1

OnlineVotingSystem is an open source project hosted on GitHub.

5.3
2021-01-20 CVE-2021-1350 Cisco Allocation of Resources Without Limits or Throttling vulnerability in Cisco Umbrella

A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service.

5.3
2021-01-20 CVE-2021-1129 Cisco Information Exposure Through Sent Data vulnerability in Cisco products

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device.

5.3
2021-01-20 CVE-2021-2006 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
5.3
2021-01-19 CVE-2021-21263 Laravel SQL Injection vulnerability in Laravel

Laravel is a web application framework.

5.3
2021-01-20 CVE-2021-2018 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Advanced Networking Option component of Oracle Database Server.

5.1
2021-01-22 CVE-2020-4766 IBM Resource Exhaustion vulnerability in IBM MQ Internet Pass-Thru 2.1/9.2

IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources.

5.0
2021-01-21 CVE-2020-8554 Kubernetes
Oracle
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address.
5.0
2021-01-21 CVE-2020-11214 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

5.0
2021-01-21 CVE-2020-11200 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side.

5.0
2021-01-21 CVE-2020-11145 Qualcomm Divide By Zero vulnerability in Qualcomm products

Divide by zero issue can happen while updating delta extension header due to improper validation of master SN and extension header SN in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

5.0
2021-01-21 CVE-2020-11139 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Out of bound memory access while processing frames due to lack of check of invalid frames received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

5.0
2021-01-21 CVE-2020-11119 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

5.0
2021-01-20 CVE-2020-27859 NEC Path Traversal vulnerability in NEC Esmpro Manager 6.42

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42.

5.0
2021-01-20 CVE-2020-27858 Arcserve XXE vulnerability in Arcserve D2D 16.5

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5.

5.0
2021-01-20 CVE-2021-2059 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface).

5.0
2021-01-20 CVE-2021-2052 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Orchestrator 9.2/9.2.5.0

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).

5.0
2021-01-20 CVE-2020-19360 Fhem Information Exposure vulnerability in Fhem 6.0

Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.

5.0
2021-01-19 CVE-2020-35929 Kaspersky Use of Hard-coded Credentials vulnerability in Kaspersky Tinycheck

In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool.

5.0
2021-01-19 CVE-2020-4881 IBM Origin Validation Error vulnerability in IBM Planning Analytics 2.0

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication.

5.0
2021-01-19 CVE-2020-4873 IBM Information Exposure vulnerability in IBM Planning Analytics 2.0

IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy.

5.0
2021-01-19 CVE-2021-3183 Files Insufficient Session Expiration vulnerability in Files FAT Client 3.3.6

Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.

5.0
2021-01-19 CVE-2020-28479 Jointjs Unspecified vulnerability in Jointjs

The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.

5.0
2021-01-19 CVE-2020-28478 Greensock Unspecified vulnerability in Greensock Animation Platform

This affects the package gsap before 3.6.0.

5.0
2021-01-19 CVE-2020-28477 Immer Project Unspecified vulnerability in Immer Project Immer

This affects all versions of package immer.

5.0
2021-01-18 CVE-2020-36192 Mantisbt Unspecified vulnerability in Mantisbt Source Integration

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT.

5.0
2021-01-18 CVE-2021-3166 Asus Unrestricted Upload of File with Dangerous Type vulnerability in Asus Dsl-N14U B1 Firmware 1.1.2.3805

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices.

5.0
2021-01-18 CVE-2020-29446 Atlassian Information Exposure vulnerability in Atlassian Crucible

Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory.

5.0
2021-01-21 CVE-2020-8568 Kubernetes Path Traversal vulnerability in Kubernetes Secrets Store CSI Driver 0.0.15/0.0.16

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets.

4.9
2021-01-20 CVE-2021-1235 Cisco Exposure of System Data to an Unauthorized Control Sphere vulnerability in Cisco Sd-Wan Vmanage 18.2.0

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system.

4.9
2021-01-20 CVE-2021-1218 Cisco Open Redirect vulnerability in Cisco Smart Software Manager On-Prem 5.0

A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page.

4.9
2021-01-20 CVE-2021-1364 Cisco SQL Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.

4.9
2021-01-20 CVE-2021-1282 Cisco SQL Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.

4.9
2021-01-20 CVE-2021-2130 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2021-01-20 CVE-2021-2127 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2021-01-20 CVE-2021-2124 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2021-01-20 CVE-2021-2121 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2021-01-20 CVE-2021-2117 Oracle Unspecified vulnerability in Oracle Application Express Survey Builder

Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server.

4.9
2021-01-20 CVE-2021-2116 Oracle Unspecified vulnerability in Oracle Application Express Opportunity Tracker

Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server.

4.9
2021-01-20 CVE-2021-2115 Oracle Unspecified vulnerability in Oracle Common Applications Calendar

Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks).

4.9
2021-01-20 CVE-2021-2088 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.9
2021-01-20 CVE-2021-2087 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.9
2021-01-20 CVE-2021-2086 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2021-01-20 CVE-2021-2073 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2021-01-20 CVE-2021-2062 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server).

4.9
2021-01-20 CVE-2021-2039 Oracle Unspecified vulnerability in Oracle Siebel Core - Server Framework 19.0/20.12

Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Search).

4.9
2021-01-20 CVE-2021-2021 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2021-01-20 CVE-2021-2016 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2021-01-20 CVE-2021-2012 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.9
2021-01-20 CVE-2021-2009 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles).
4.9
2021-01-20 CVE-2021-2003 Oracle Unspecified vulnerability in Oracle Business Intelligence

Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards).

4.9
2021-01-20 CVE-2021-2002 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.9
2021-01-20 CVE-2021-2001 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2021-01-20 CVE-2021-1271 Cisco Cross-site Scripting vulnerability in Cisco web Security Virtual Appliance

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.

4.8
2021-01-21 CVE-2020-11217 Qualcomm Double Free vulnerability in Qualcomm products

A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

4.6
2021-01-21 CVE-2020-11146 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.6
2021-01-20 CVE-2021-1068 Nvidia Out-of-bounds Read vulnerability in Nvidia Shield Experience

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.

4.6
2021-01-20 CVE-2021-1067 Nvidia Unspecified vulnerability in Nvidia Shield Experience

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.

4.6
2021-01-20 CVE-2021-1219 Cisco Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0

A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system.

4.6
2021-01-20 CVE-2020-6024 Checkpoint Improper Privilege Management vulnerability in Checkpoint Smartconsole

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.

4.6
2021-01-20 CVE-2021-2074 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2021-01-20 CVE-2021-2063 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

4.6
2021-01-20 CVE-2020-4983 IBM Command Injection vulnerability in IBM Spectrum LSF and Spectrum LSF Suite

IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands.

4.6
2021-01-19 CVE-2020-27256 Sooil Use of Hard-coded Credentials vulnerability in Sooil products

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.

4.6
2021-01-20 CVE-2021-1233 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device.

4.4
2021-01-20 CVE-2021-2022 Oracle
Netapp
Fedoraproject
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.4
2021-01-22 CVE-2021-21259 Hedgedoc Cross-site Scripting vulnerability in Hedgedoc

HedgeDoc is open source software which lets you create real-time collaborative markdown notes.

4.3
2021-01-21 CVE-2021-21239 Pysaml2 Project
Debian
Improper Verification of Cryptographic Signature vulnerability in multiple products

PySAML2 is a pure python implementation of SAML Version 2 Standard.

4.3
2021-01-21 CVE-2021-21238 Pysaml2 Project Improper Verification of Cryptographic Signature vulnerability in Pysaml2 Project Pysaml2

PySAML2 is a pure python implementation of SAML Version 2 Standard.

4.3
2021-01-21 CVE-2020-4969 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2021-01-21 CVE-2020-4966 IBM Link Following vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies.

4.3
2021-01-20 CVE-2021-1135 Cisco Incomplete Blacklist vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

4.3
2021-01-20 CVE-2021-1305 Cisco Incorrect Authorization vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.

4.3
2021-01-20 CVE-2021-3130 Opmantek Unspecified vulnerability in Opmantek Open-Audit

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation.

4.3
2021-01-20 CVE-2020-20949 ST
Ietf
Inadequate Encryption Strength vulnerability in multiple products

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924).

4.3
2021-01-20 CVE-2021-2023 Oracle Unspecified vulnerability in Oracle Installed Base

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs).

4.3
2021-01-20 CVE-2021-2005 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security).

4.3
2021-01-20 CVE-2020-13133 Tufin Cross-site Scripting vulnerability in Tufin Securechange

Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS.

4.3
2021-01-20 CVE-2020-25385 Nagios Cross-site Scripting vulnerability in Nagios LOG Server

Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.

4.3
2021-01-20 CVE-2020-19363 Vtiger Information Exposure vulnerability in Vtiger CRM 7.2.0

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.

4.3
2021-01-20 CVE-2020-19362 Vtiger Cross-site Scripting vulnerability in Vtiger CRM 7.2.0

Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

4.3
2021-01-20 CVE-2020-19361 Medintux Cross-site Scripting vulnerability in Medintux 2.16.000

Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

4.3
2021-01-19 CVE-2020-28707 Stockdio Cross-site Scripting vulnerability in Stockdio Historical Chart

The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated.

4.3
2021-01-19 CVE-2021-3184 Misp Cross-site Scripting vulnerability in Misp 2.4.136

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.

4.3
2021-01-19 CVE-2021-25325 Misp Cross-site Scripting vulnerability in Misp 2.4.136

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp.

4.3
2021-01-19 CVE-2021-25324 Misp Cross-site Scripting vulnerability in Misp 2.4.136

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.

4.3
2021-01-19 CVE-2020-20950 Ietf
Microchip
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26.

4.3
2021-01-19 CVE-2021-20619 Weseek Cross-site Scripting vulnerability in Weseek Growi 4.2.0/4.2.1/4.2.2

Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.

4.3
2021-01-18 CVE-2021-25295 Opencats Cross-site Scripting vulnerability in Opencats

OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.

4.3
2021-01-20 CVE-2021-2010 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
4.2
2021-01-22 CVE-2020-12514 Pepperl Fuchs NULL Pointer Dereference vulnerability in Pepperl-Fuchs products

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd

4.0
2021-01-21 CVE-2020-8569 Kubernetes NULL Pointer Dereference vulnerability in Kubernetes Container Storage Interface Snapshotter

Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass.

4.0
2021-01-21 CVE-2020-8567 Google
Hashicorp
Microsoft
Path Traversal vulnerability in multiple products

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.

4.0
2021-01-20 CVE-2021-1265 Cisco Cleartext Storage of Sensitive Information vulnerability in Cisco DNA Center

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices.

4.0
2021-01-20 CVE-2021-21269 Keymaker Project Path Traversal vulnerability in Keymaker Project Keymaker

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server.

4.0
2021-01-20 CVE-2021-2113 Oracle Unspecified vulnerability in Oracle Financial Services Revenue Management and Billing 2.9.0.0/2.9.0.1

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: On Demand Billing).

4.0
2021-01-20 CVE-2021-2110 Oracle Unspecified vulnerability in Oracle Argus Safety 8.2.2

Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Letters).

4.0
2021-01-20 CVE-2021-2044 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise FIN Payables 9.2

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Financial Sanctions).

4.0
2021-01-20 CVE-2021-2033 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components).

4.0
2021-01-20 CVE-2021-2032 Oracle
Netapp
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema).
4.0
2021-01-20 CVE-2021-2017 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation).

4.0
2021-01-20 CVE-2021-2004 Oracle Unspecified vulnerability in Oracle Server Bizlogic Script 20.12

Vulnerability in the Siebel Core - Server BizLogic Script product of Oracle Siebel CRM (component: Integration - Scripting).

4.0
2021-01-20 CVE-2021-1995 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

4.0
2021-01-19 CVE-2020-11997 Apache Incorrect Default Permissions vulnerability in Apache Guacamole

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility.

4.0
2021-01-19 CVE-2020-28481 Socket Origin Validation Error vulnerability in Socket Socket.Io

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration.

4.0
2021-01-19 CVE-2020-29450 Atlassian Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Confluence Server

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature.

4.0

47 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-01-20 CVE-2021-1998 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
3.8
2021-01-20 CVE-2020-25686 Thekelleys
Fedoraproject
Debian
Arista
Improperly Implemented Security Check for Standard vulnerability in multiple products

A flaw was found in dnsmasq before version 2.83.

3.7
2021-01-20 CVE-2020-25685 Thekelleys
Fedoraproject
Debian
Arista
Inadequate Encryption Strength vulnerability in multiple products

A flaw was found in dnsmasq before version 2.83.

3.7
2021-01-20 CVE-2020-25684 Thekelleys
Fedoraproject
Debian
Arista
A flaw was found in dnsmasq before version 2.83.
3.7
2021-01-20 CVE-2021-2007 Oracle
Fedoraproject
Netapp
Mariadb
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
3.7
2021-01-20 CVE-2021-1069 Nvidia NULL Pointer Dereference vulnerability in Nvidia Linux for Tegra and Shield Experience

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.

3.6
2021-01-20 CVE-2021-2129 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

3.6
2021-01-20 CVE-2021-2125 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

3.6
2021-01-22 CVE-2020-12512 Pepperl Fuchs Cross-site Scripting vulnerability in Pepperl-Fuchs products

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting

3.5
2021-01-22 CVE-2021-21260 Bigprof Cross-site Scripting vulnerability in Bigprof Online Invoicing System 4.0

Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini.

3.5
2021-01-22 CVE-2021-22849 Hyweb Cross-site Scripting vulnerability in Hyweb Hycms-J1 7.4.3

Hyweb HyCMS-J1 backend editing function does not filter special characters.

3.5
2021-01-20 CVE-2020-35272 Employee Performance Evaluation System Project Cross-site Scripting vulnerability in Employee Performance Evaluation System Project Employee Performance Evaluation System 1.0

Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.

3.5
2021-01-20 CVE-2020-35271 Employee Performance Evaluation System Project Cross-site Scripting vulnerability in Employee Performance Evaluation System Project Employee Performance Evaluation System 1.0

Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.

3.5
2021-01-20 CVE-2021-2045 Oracle Unspecified vulnerability in Oracle Text

Vulnerability in the Oracle Text component of Oracle Database Server.

3.5
2021-01-20 CVE-2021-2000 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Unified Audit component of Oracle Database Server.

3.5
2021-01-20 CVE-2021-1996 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

3.5
2021-01-20 CVE-2021-3137 Xwiki Cross-site Scripting vulnerability in Xwiki 12.10.2

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.

3.5
2021-01-20 CVE-2020-27852 Rocketgenius Cross-site Scripting vulnerability in Rocketgenius Gravityforms

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field.

3.5
2021-01-20 CVE-2020-27851 Rocketgenius Cross-site Scripting vulnerability in Rocketgenius Gravityforms

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers.

3.5
2021-01-20 CVE-2020-27850 Rocketgenius Cross-site Scripting vulnerability in Rocketgenius Gravityforms

A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form.

3.5
2021-01-20 CVE-2020-13134 Tufin Cross-site Scripting vulnerability in Tufin Securechange

Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS.

3.5
2021-01-19 CVE-2020-8581 Netapp Incorrect Authorization vulnerability in Netapp Clustered Data Ontap

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.

3.5
2021-01-21 CVE-2020-4968 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

3.3
2021-01-19 CVE-2020-27268 Sooil Incorrect Resource Transfer Between Spheres vulnerability in Sooil products

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.

3.3
2021-01-19 CVE-2020-27266 Sooil Improper Authentication vulnerability in Sooil products

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy.

3.3
2021-01-19 CVE-2020-27264 Sooil Use of Insufficiently Random Values vulnerability in Sooil products

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.

3.3
2021-01-19 CVE-2020-27258 Sooil Insufficiently Protected Credentials vulnerability in Sooil Anydana-A, Anydana-I and Dana Diabecare RS Firmware

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy.

3.3
2021-01-19 CVE-2020-27269 Sooil Authentication Bypass by Capture-replay vulnerability in Sooil products

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.

2.9
2021-01-19 CVE-2020-27276 Sooil Authentication Bypass by Spoofing vulnerability in Sooil products

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.

2.9
2021-01-19 CVE-2020-27272 Sooil Missing Authentication for Critical Function vulnerability in Sooil products

SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.

2.9
2021-01-19 CVE-2020-27270 Sooil Insufficiently Protected Credentials vulnerability in Sooil products

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).

2.9
2021-01-20 CVE-2021-2019 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
2.7
2021-01-22 CVE-2021-21270 Octopus Cleartext Transmission of Sensitive Information vulnerability in Octopus Octopusdsc

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent.

2.1
2021-01-21 CVE-2020-3687 Qualcomm Information Exposure vulnerability in Qualcomm

Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue.

2.1
2021-01-20 CVE-2021-2131 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-01-20 CVE-2021-2128 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-01-20 CVE-2021-2126 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-01-20 CVE-2021-2123 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-01-20 CVE-2021-2120 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-01-20 CVE-2021-2119 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-01-20 CVE-2021-2112 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-01-20 CVE-2021-2111 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-01-20 CVE-2021-2042 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
2.1
2021-01-20 CVE-2021-1993 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Java VM component of Oracle Database Server.

2.1
2021-01-20 CVE-2020-4887 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory.

2.1
2021-01-19 CVE-2020-4871 IBM Information Exposure vulnerability in IBM Planning Analytics 2.0

IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system.

2.1
2021-01-20 CVE-2021-1999 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems).

1.2