Weekly Vulnerabilities Reports > February 8 to 14, 2021

Overview

444 new vulnerabilities reported during this period, including 85 critical vulnerabilities and 205 high severity vulnerabilities. This weekly summary report vulnerabilities in 344 products from 144 vendors including Google, Fiberhome, Fedoraproject, Foxitsoftware, and Microsoft. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Use of Hard-coded Credentials", "Cross-site Scripting", "Out-of-bounds Read", and "Use After Free".

  • 297 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities have public exploit available.
  • 101 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 304 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 53 reported vulnerabilities.
  • Fiberhome has the most reported critical vulnerabilities, with 32 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

85 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-02-12 CVE-2021-26753 Nedi Incorrect Authorization vulnerability in Nedi 1.9C

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter.

9.9
2021-02-09 CVE-2021-21477 SAP Code Injection vulnerability in SAP Commerce

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.

9.9
2021-02-14 CVE-2021-27213 Pystemon Project Deserialization of Untrusted Data vulnerability in Pystemon Project Pystemon

config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.

9.8
2021-02-14 CVE-2019-25019 Limesurvey SQL Injection vulnerability in Limesurvey

LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.

9.8
2021-02-12 CVE-2021-22504 Microfocus Unspecified vulnerability in Microfocus Operations Bridge Manager

Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10.

9.8
2021-02-12 CVE-2020-27868 Qognify Unspecified vulnerability in Qognify Ocularis 5.9.0.395

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395.

9.8
2021-02-11 CVE-2021-21307 Lucee Unspecified vulnerability in Lucee Server

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development.

9.8
2021-02-11 CVE-2021-25689 Teradici Out-of-bounds Write vulnerability in Teradici Pcoip Soft Client 20.07.2/20.07.3/20.10.0

An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.

9.8
2021-02-11 CVE-2021-22658 Advantech SQL Injection vulnerability in Advantech Iview 5.6/5.7/5.7.02

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.

9.8
2021-02-11 CVE-2021-22652 Advantech Unspecified vulnerability in Advantech Iview 5.6/5.7/5.7.02

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

9.8
2021-02-10 CVE-2021-27185 Samba Client Project Command Injection vulnerability in Samba-Client Project Samba-Client

The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.

9.8
2021-02-10 CVE-2020-13576 Genivia
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107.

9.8
2021-02-10 CVE-2021-27177 Fiberhome Incorrect Authorization vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27172 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27171 Fiberhome Out-of-bounds Write vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27170 Fiberhome Insecure Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27169 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome An5506-04-Fa Firmware Rp2631

An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631.

9.8
2021-02-10 CVE-2021-27168 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27167 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27166 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27165 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27164 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27163 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27162 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27161 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27160 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27159 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27158 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27157 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27156 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27155 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27154 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27153 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27152 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27151 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27150 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27149 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27148 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27147 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27146 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27145 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27144 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27143 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-27141 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

9.8
2021-02-10 CVE-2021-3033 Paloaltonetworks Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Prisma Cloud

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console.

9.8
2021-02-10 CVE-2021-27135 Invisible Island
Debian
Fedoraproject
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
9.8
2021-02-10 CVE-2020-36244 Genivi
Debian
Out-of-bounds Write vulnerability in multiple products

The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).

9.8
2021-02-10 CVE-2020-28871 Monitorr Unrestricted Upload of File with Dangerous Type vulnerability in Monitorr 1.7.6M

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.

9.8
2021-02-10 CVE-2020-28870 Inoideas Improper Input Validation vulnerability in Inoideas Inoerp 0.7.2

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.

9.8
2021-02-09 CVE-2021-26957 XCB Project Out-of-bounds Read vulnerability in XCB Project XCB 20201210/20210204

An issue was discovered in the xcb crate through 2021-02-04 for Rust.

9.8
2021-02-09 CVE-2021-26956 XCB Project Unspecified vulnerability in XCB Project XCB 20201210/20210204

An issue was discovered in the xcb crate through 2021-02-04 for Rust.

9.8
2021-02-09 CVE-2021-26955 XCB Project Unchecked Return Value vulnerability in XCB Project XCB 20201210/20210204

An issue was discovered in the xcb crate through 2021-02-04 for Rust.

9.8
2021-02-09 CVE-2021-26951 Calamine Project Use of Uninitialized Resource vulnerability in Calamine Project Calamine

An issue was discovered in the calamine crate before 0.17.0 for Rust.

9.8
2021-02-09 CVE-2021-21502 Dell Improper Authentication vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability.

9.8
2021-02-09 CVE-2020-14343 Pyyaml
Oracle
Improper Input Validation vulnerability in multiple products

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.

9.8
2021-02-09 CVE-2021-26937 GNU
Debian
Fedoraproject
Argument Injection or Modification vulnerability in multiple products

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

9.8
2021-02-09 CVE-2020-13117 Wavlink Command Injection vulnerability in Wavlink Wn575A4 Firmware and Wn579X3 Firmware

Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.

9.8
2021-02-09 CVE-2019-17582 Libzip Use After Free vulnerability in Libzip 1.2.0

A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive.

9.8
2021-02-09 CVE-2021-25140 HP Path Traversal vulnerability in HP Moonshot Provisioning Manager 1.20

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20.

9.8
2021-02-09 CVE-2021-25139 HP Out-of-bounds Write vulnerability in HP Moonshot Provisioning Manager 1.20

A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20.

9.8
2021-02-09 CVE-2020-15798 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl.

9.8
2021-02-09 CVE-2021-26918 Probot Unrestricted Upload of File with Dangerous Type vulnerability in Probot BOT 20210208

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as .html.jpg) with the text/html content type.

9.8
2021-02-08 CVE-2021-25913 SET OR GET Project Unspecified vulnerability in Set-Or-Get Project Set-Or-Get

Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.

9.8
2021-02-08 CVE-2021-22502 Microfocus OS Command Injection vulnerability in Microfocus Operation Bridge Reporter 10.40

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40.

9.8
2021-02-08 CVE-2021-21304 Dynamoosejs Unspecified vulnerability in Dynamoosejs Dynamoose

Dynamoose is an open-source modeling tool for Amazon's DynamoDB.

9.8
2021-02-08 CVE-2021-26541 Gitlog Project OS Command Injection vulnerability in Gitlog Project Gitlog

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.

9.8
2021-02-08 CVE-2020-6649 Fortinet Insufficient Session Expiration vulnerability in Fortinet Fortiisolator

An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)

9.8
2021-02-08 CVE-2020-16629 Phpok SQL Injection vulnerability in PHPok 5.4.137

PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.

9.8
2021-02-08 CVE-2020-26051 College Management System Project SQL Injection vulnerability in College Management System Project College Management System 1.0

College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.

9.8
2021-02-08 CVE-2020-11920 Svakom OS Command Injection vulnerability in Svakom Siime EYE Firmware 14.1.00000001.3.330.0.0.3.14

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14.

9.8
2021-02-08 CVE-2021-26754 Wpdatatables SQL Injection vulnerability in Wpdatatables

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.

9.8
2021-02-10 CVE-2020-26299 FTP SRV Project Unspecified vulnerability in Ftp-Srv Project Ftp-Srv

ftp-srv is an open-source FTP server designed to be simple yet configurable.

9.6
2021-02-09 CVE-2020-35125 Acquia Cross-site Scripting vulnerability in Acquia Mautic

A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).

9.6
2021-02-09 CVE-2021-21146 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6
2021-02-09 CVE-2021-21142 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6
2021-02-09 CVE-2021-21132 Google
Microsoft
Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

9.6
2021-02-09 CVE-2021-21124 Google
Microsoft
Use After Free vulnerability in multiple products

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6
2021-02-09 CVE-2021-21121 Google
Microsoft
Use After Free vulnerability in multiple products

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6
2021-02-12 CVE-2021-20651 Elecom Path Traversal vulnerability in Elecom File Manager

Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.

9.1
2021-02-11 CVE-2021-21019 Magento Unspecified vulnerability in Magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module.

9.1
2021-02-09 CVE-2021-21479 SAP Injection vulnerability in SAP Scimono

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.

9.1
2021-02-09 CVE-2020-28645 Owncloud Improper Input Validation vulnerability in Owncloud

Deleting users with certain names caused system files to be deleted.

9.1
2021-02-08 CVE-2021-26530 Cesanta Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

9.1
2021-02-08 CVE-2021-26529 Cesanta Out-of-bounds Write vulnerability in Cesanta Mongoose

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

9.1
2021-02-08 CVE-2021-26528 Cesanta Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

9.1

205 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-02-12 CVE-2021-26752 Nedi OS Command Injection vulnerability in Nedi 1.9C

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter.

8.8
2021-02-12 CVE-2021-26751 Nedi SQL Injection vulnerability in Nedi 1.9C

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter.

8.8
2021-02-12 CVE-2020-27869 Solarwinds Unspecified vulnerability in Solarwinds Network Performance Monitor 2020/2020.2

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2.

8.8
2021-02-12 CVE-2020-27866 Netgear Unspecified vulnerability in Netgear products

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers.

8.8
2021-02-12 CVE-2020-27865 Dlink Unspecified vulnerability in Dlink Dap-1860 Firmware

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders.

8.8
2021-02-12 CVE-2020-27864 Dlink Unspecified vulnerability in Dlink Dap-1860 Firmware

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders.

8.8
2021-02-12 CVE-2020-27862 Dlink Unspecified vulnerability in Dlink Dsl-2888A Firmware and Dva-2800 Firmware

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers.

8.8
2021-02-12 CVE-2020-27861 Netgear Unspecified vulnerability in Netgear products

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers.

8.8
2021-02-11 CVE-2021-21035 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

8.8
2021-02-11 CVE-2021-21033 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

8.8
2021-02-11 CVE-2021-21028 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

8.8
2021-02-11 CVE-2021-21021 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

8.8
2021-02-11 CVE-2021-20403 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8
2021-02-10 CVE-2020-27874 Tencent Unspecified vulnerability in Tencent Wechat 7.0.18

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18.

8.8
2021-02-10 CVE-2020-13585 Accusoft Incorrect Calculation of Buffer Size vulnerability in Accusoft Imagegear 19.8

An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8.

8.8
2021-02-10 CVE-2020-13572 Accusoft Out-of-bounds Write vulnerability in Accusoft Imagegear 19.8

A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8.

8.8
2021-02-10 CVE-2020-13571 Accusoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Accusoft Imagegear 19.8

An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8.

8.8
2021-02-10 CVE-2020-13561 Accusoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Accusoft Imagegear 19.8

An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8.

8.8
2021-02-10 CVE-2020-13548 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader 10.1.0.37527

In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution.

8.8
2021-02-10 CVE-2021-0340 Google Improper Cross-boundary Removal of Sensitive Data vulnerability in Google Android 10.0

In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation.

8.8
2021-02-10 CVE-2021-0325 Google Out-of-bounds Write vulnerability in Google Android

In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow.

8.8
2021-02-09 CVE-2021-26958 XCB Project Unchecked Return Value vulnerability in XCB Project XCB 20201210/20210204

An issue was discovered in the xcb crate through 2021-02-04 for Rust.

8.8
2021-02-09 CVE-2021-21472 SAP Missing Authentication for Critical Function vulnerability in SAP Software Provisioning Manager 1.0

SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.

8.8
2021-02-09 CVE-2021-26551 Smartfoxserver Code Injection vulnerability in Smartfoxserver 2.17.0

An issue was discovered in SmartFoxServer 2.17.0.

8.8
2021-02-09 CVE-2021-3191 HPE Unspecified vulnerability in HPE web Viewpoint

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H).

8.8
2021-02-09 CVE-2020-18215 Phpshe SQL Injection vulnerability in PHPshe 1.7

Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.

8.8
2021-02-09 CVE-2020-35942 Imagely Cross-site Scripting vulnerability in Imagely Nextgen Gallery

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS.

8.8
2021-02-09 CVE-2021-26675 Intel
Debian
Opensuse
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

8.8
2021-02-09 CVE-2021-21148 Google
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2021-02-09 CVE-2021-3394 Millewin Incorrect Default Permissions vulnerability in Millewin 13.39.028/13.39.146.1/13.39.28.3342

Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.

8.8
2021-02-09 CVE-2021-21145 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2021-02-09 CVE-2021-21144 Google
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8
2021-02-09 CVE-2021-21143 Google
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8
2021-02-09 CVE-2020-27261 Omron Out-of-bounds Write vulnerability in Omron products

The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

8.8
2021-02-09 CVE-2020-27259 Omron Unspecified vulnerability in Omron products

The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.

8.8
2021-02-09 CVE-2021-21128 Google
Microsoft
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2021-02-09 CVE-2021-21127 Google
Microsoft
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.
8.8
2021-02-09 CVE-2021-21122 Google
Microsoft
Use After Free vulnerability in multiple products

Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2021-02-09 CVE-2021-21120 Google
Microsoft
Use After Free vulnerability in multiple products

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2021-02-09 CVE-2021-21119 Google
Microsoft
Use After Free vulnerability in multiple products

Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8
2021-02-09 CVE-2021-21118 Google
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8
2021-02-09 CVE-2020-16044 Google Use After Free vulnerability in Google Chrome

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

8.8
2021-02-09 CVE-2020-13460 Tufin Cross-Site Request Forgery (CSRF) vulnerability in Tufin Securetrack 18.1

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.

8.8
2021-02-08 CVE-2020-36152 Symonics
Fedoraproject
Classic Buffer Overflow vulnerability in multiple products

Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.

8.8
2021-02-08 CVE-2021-21305 Carrierwave Project Code Injection vulnerability in Carrierwave Project Carrierwave

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications.

8.8
2021-02-08 CVE-2020-35700 Librenms SQL Injection vulnerability in Librenms

A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.

8.8
2021-02-09 CVE-2021-21138 Google Use After Free vulnerability in Google Chrome

Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.

8.6
2021-02-09 CVE-2020-24685 ABB Allocation of Resources Without Limits or Throttling vulnerability in ABB Ac500 CPU Firmware

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability.

8.6
2021-02-12 CVE-2021-22978 F5 Cross-site Scripting vulnerability in F5 products

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role.

8.3
2021-02-10 CVE-2021-20353 IBM XXE vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.2
2021-02-09 CVE-2020-4795 IBM Unspecified vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request.

8.2
2021-02-12 CVE-2021-20411 IBM Incorrect Resource Transfer Between Spheres vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier.

8.1
2021-02-12 CVE-2021-27197 Pelco Origin Validation Error vulnerability in Pelco Digital Sentry Server

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability.

8.1
2021-02-11 CVE-2021-21299 Hyper Unspecified vulnerability in Hyper

hyper is an open-source HTTP library for Rust (crates.io).

8.1
2021-02-09 CVE-2020-25237 Siemens Unspecified vulnerability in Siemens Sinec Network Management System and Sinema Server

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2).

8.1
2021-02-09 CVE-2021-21125 Google
Microsoft
Link Following vulnerability in multiple products

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

8.1
2021-02-08 CVE-2021-26915 Netmotionsoftware Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.

8.1
2021-02-08 CVE-2021-26914 Netmotionsoftware Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.

8.1
2021-02-08 CVE-2021-26913 Netmotionsoftware Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.

8.1
2021-02-08 CVE-2021-26912 Netmotionsoftware Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.

8.1
2021-02-08 CVE-2021-26222 Ezxml Project Out-of-bounds Write vulnerability in Ezxml Project Ezxml

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

8.1
2021-02-08 CVE-2021-26221 Ezxml Project Out-of-bounds Write vulnerability in Ezxml Project Ezxml

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

8.1
2021-02-08 CVE-2021-26220 Ezxml Project Out-of-bounds Write vulnerability in Ezxml Project Ezxml

The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

8.1
2021-02-12 CVE-2021-22980 F5 Untrusted Search Path vulnerability in F5 Big-Ip Access Policy Manager

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory.

7.8
2021-02-12 CVE-2020-27860 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811.

7.8
2021-02-11 CVE-2021-21053 Adobe Unspecified vulnerability in Adobe Illustrator

Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file.

7.8
2021-02-11 CVE-2019-19005 Autotrace Project
Fedoraproject
Double Free vulnerability in multiple products

A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image.

7.8
2021-02-11 CVE-2021-21041 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability.

7.8
2021-02-10 CVE-2020-28596 Prusa3D Out-of-bounds Write vulnerability in Prusa3D Prusaslicer 2.2.0

A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856).

7.8
2021-02-10 CVE-2020-28595 Prusa3D Out-of-bounds Write vulnerability in Prusa3D Prusaslicer 2.2.0

An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856).

7.8
2021-02-10 CVE-2020-27250 Softmaker Out-of-bounds Write vulnerability in Softmaker Planmaker 2021 1014

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016.

7.8
2021-02-10 CVE-2020-13581 Softmaker Out-of-bounds Write vulnerability in Softmaker Planmaker 2021 1014

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow.

7.8
2021-02-10 CVE-2021-26936 Replaysorcery Project Improper Privilege Management vulnerability in Replaysorcery Project Replaysorcery

The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations.

7.8
2021-02-10 CVE-2021-0339 Google Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android 10.0/8.1/9.0

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground.

7.8
2021-02-10 CVE-2021-0337 Google Cleartext Storage of Sensitive Information vulnerability in Google Android

In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata.

7.8
2021-02-10 CVE-2021-0336 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent.

7.8
2021-02-10 CVE-2021-0334 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains.

7.8
2021-02-10 CVE-2021-0332 Google Use After Free vulnerability in Google Android 10.0/11.0

In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free.

7.8
2021-02-10 CVE-2021-0330 Google Use After Free vulnerability in Google Android 10.0/11.0/9.0

In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking.

7.8
2021-02-10 CVE-2021-0329 Google Out-of-bounds Write vulnerability in Google Android

In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check.

7.8
2021-02-10 CVE-2021-0328 Google Missing Authorization vulnerability in Google Android

In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check.

7.8
2021-02-10 CVE-2021-0327 Google Improper Privilege Management vulnerability in Google Android

In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities.

7.8
2021-02-10 CVE-2021-0305 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value.

7.8
2021-02-10 CVE-2021-0302 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value.

7.8
2021-02-10 CVE-2020-13546 Softmaker Incorrect Calculation of Buffer Size vulnerability in Softmaker Office Textmaker 2021 1014

In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow.

7.8
2021-02-10 CVE-2021-23876 Mcafee Unspecified vulnerability in Mcafee Total Protection

Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.

7.8
2021-02-10 CVE-2021-23874 Mcafee Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Total Protection

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

7.8
2021-02-09 CVE-2020-26194 Dell Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Powerscale Onefs 8.1.2/8.2.2

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability.

7.8
2021-02-09 CVE-2020-26193 Dell OS Command Injection vulnerability in Dell EMC Powerscale Onefs

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability.

7.8
2021-02-09 CVE-2020-26192 Dell Missing Authentication for Critical Function vulnerability in Dell EMC Powerscale Onefs

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability.

7.8
2021-02-09 CVE-2020-26191 Dell Unspecified vulnerability in Dell EMC Powerscale Onefs

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability.

7.8
2021-02-09 CVE-2020-28392 Siemens Unspecified vulnerability in Siemens Simaris Configuration

A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1).

7.8
2021-02-09 CVE-2020-27857 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-27856 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-27855 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17436 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17435 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17434 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17433 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17432 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17431 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17430 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17429 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17427 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17426 Foxitsoftware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17425 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17424 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17423 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17421 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17419 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2020-17418 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

7.8
2021-02-09 CVE-2021-22663 Siemens
Hornerautomation
Out-of-bounds Read vulnerability in multiple products

Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files.

7.8
2021-02-09 CVE-2020-27006 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

7.8
2021-02-09 CVE-2020-27005 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

7.8
2021-02-09 CVE-2020-27003 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

7.8
2021-02-09 CVE-2020-27001 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2).

7.8
2021-02-09 CVE-2020-27000 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

7.8
2021-02-09 CVE-2020-26999 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2).

7.8
2021-02-09 CVE-2020-25245 Siemens Unspecified vulnerability in Siemens Digsi 4 4.94

A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1).

7.8
2021-02-09 CVE-2020-25238 Siemens Uncontrolled Search Path Element vulnerability in Siemens products

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16).

7.8
2021-02-09 CVE-2020-27257 Omron Type Confusion vulnerability in Omron products

This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.

7.8
2021-02-09 CVE-2021-21117 Google Link Following vulnerability in Google Chrome

Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.

7.8
2021-02-08 CVE-2021-26576 HPE Command Injection vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.

7.8
2021-02-08 CVE-2021-26577 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.

7.8
2021-02-08 CVE-2021-26575 HPE Path Traversal vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.

7.8
2021-02-08 CVE-2021-26574 HPE Path Traversal vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.

7.8
2021-02-08 CVE-2021-26573 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.

7.8
2021-02-08 CVE-2021-25172 HPE Command Injection vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.

7.8
2021-02-08 CVE-2021-26572 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.

7.8
2021-02-08 CVE-2021-26571 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.

7.8
2021-02-08 CVE-2021-26570 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.

7.8
2021-02-08 CVE-2021-25171 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.

7.8
2021-02-08 CVE-2021-25170 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.

7.8
2021-02-08 CVE-2021-25169 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.

7.8
2021-02-08 CVE-2021-25168 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.

7.8
2021-02-08 CVE-2021-25142 HPE Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.

7.8
2021-02-08 CVE-2021-26826 Godotengine Out-of-bounds Write vulnerability in Godotengine Godot Engine

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files.

7.8
2021-02-08 CVE-2021-26825 Godotengine Integer Overflow or Wraparound vulnerability in Godotengine Godot Engine

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files.

7.8
2021-02-14 CVE-2021-27212 Openldap
Debian
Reachable Assertion vulnerability in multiple products

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp.

7.5
2021-02-12 CVE-2021-22977 F5 Unspecified vulnerability in F5 products

On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file.

7.5
2021-02-12 CVE-2020-13949 Apache
Oracle
Resource Exhaustion vulnerability in multiple products

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

7.5
2021-02-12 CVE-2013-20001 Openzfs Unspecified vulnerability in Openzfs

An issue was discovered in OpenZFS through 2.0.3.

7.5
2021-02-12 CVE-2021-22985 F5 Resource Exhaustion vulnerability in F5 Big-Ip Application Security Manager

On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory.

7.5
2021-02-12 CVE-2021-22976 F5 Unspecified vulnerability in F5 products

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.

7.5
2021-02-12 CVE-2021-22975 F5 Unspecified vulnerability in F5 products

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic.

7.5
2021-02-12 CVE-2021-22974 F5 Race Condition vulnerability in F5 products

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level.

7.5
2021-02-12 CVE-2021-22973 F5 Out-of-bounds Write vulnerability in F5 products

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes.

7.5
2021-02-12 CVE-2021-20412 IBM Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

7.5
2021-02-12 CVE-2021-20409 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

7.5
2021-02-12 CVE-2021-20407 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system.

7.5
2021-02-12 CVE-2021-27188 XN B1Agzlht Improper Restriction of Excessive Authentication Attempts vulnerability in Xn--B1Agzlht FX Aggregator Terminal Client 1.0

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.

7.5
2021-02-12 CVE-2021-27187 XN B1Agzlht Insufficiently Protected Credentials vulnerability in Xn--B1Agzlht FX Aggregator Terminal Client 1.0

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.

7.5
2021-02-12 CVE-2021-20643 Elecom Unspecified vulnerability in Elecom Ld-Ps/U1 Firmware

Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.

7.5
2021-02-11 CVE-2021-27191 GET IP Range Project Unspecified vulnerability in Get-Ip-Range Project Get-Ip-Range

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input.

7.5
2021-02-11 CVE-2021-27184 Pelco XXE vulnerability in Pelco Digital Sentry Server 7.18.72.11464

Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack.

7.5
2021-02-11 CVE-2021-25690 Teradici NULL Pointer Dereference vulnerability in Teradici Pcoip Soft Client 20.07.2

A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.

7.5
2021-02-11 CVE-2021-22880 Rubyonrails
Fedoraproject
Resource Exhaustion vulnerability in multiple products

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability.

7.5
2021-02-11 CVE-2021-22656 Advantech Path Traversal vulnerability in Advantech Iview 5.6/5.7/5.7.02

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.

7.5
2021-02-11 CVE-2021-22654 Advantech SQL Injection vulnerability in Advantech Iview 5.6/5.7/5.7.02

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.

7.5
2021-02-11 CVE-2020-35498 Openvswitch
Debian
Fedoraproject
A vulnerability was found in openvswitch.
7.5
2021-02-11 CVE-2020-25493 Oclean Use of a Broken or Risky Cryptographic Algorithm vulnerability in Oclean 2.1.2

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic.

7.5
2021-02-11 CVE-2021-20405 IBM Improper Encoding or Escaping of Output vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output.

7.5
2021-02-11 CVE-2021-23335 IS User Valid Project Injection vulnerability in Is-User-Valid Project Is-User-Valid

All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.

7.5
2021-02-10 CVE-2021-27186 Treasuredata NULL Pointer Dereference vulnerability in Treasuredata Fluent BIT 1.6.10

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

7.5
2021-02-10 CVE-2020-13583 Micrium NULL Pointer Dereference vulnerability in Micrium Uc-Http 3.01.00

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00.

7.5
2021-02-10 CVE-2020-13578 Genivia
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107.

7.5
2021-02-10 CVE-2020-13577 Genivia
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107.

7.5
2021-02-10 CVE-2020-13574 Genivia
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107.

7.5
2021-02-10 CVE-2021-27179 Fiberhome Improper Input Validation vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

7.5
2021-02-10 CVE-2021-27178 Fiberhome Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

7.5
2021-02-10 CVE-2021-27176 Fiberhome Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

7.5
2021-02-10 CVE-2021-27175 Fiberhome Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

7.5
2021-02-10 CVE-2021-27174 Fiberhome Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

7.5
2021-02-10 CVE-2021-27173 Fiberhome Unspecified vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

7.5
2021-02-10 CVE-2021-27142 Fiberhome Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

7.5
2021-02-10 CVE-2021-27140 Fiberhome Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

7.5
2021-02-10 CVE-2021-27139 Fiberhome Unspecified vulnerability in Fiberhome Hg6245D Firmware Rp2613

An issue was discovered on FiberHome HG6245D devices through RP2613.

7.5
2021-02-10 CVE-2021-26939 Henriquedornas Unspecified vulnerability in Henriquedornas 5.2.17

An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content.

7.5
2021-02-10 CVE-2021-0341 Google Improper Certificate Validation vulnerability in Google Android

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto.

7.5
2021-02-10 CVE-2021-0326 Google
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.

7.5
2021-02-10 CVE-2020-5023 IBM Resource Exhaustion vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption.

7.5
2021-02-10 CVE-2020-24838 Issuer Project Integer Overflow or Wraparound vulnerability in Issuer Project Issuer

An integer overflow has been found in the the latest version of Issuer.

7.5
2021-02-10 CVE-2020-24837 Zcfees Project Integer Underflow (Wrap or Wraparound) vulnerability in Zcfees Project Zcfees

An integer underflow has been found in the latest version of ZCFees.

7.5
2021-02-09 CVE-2021-26953 Postscript Project Use of Uninitialized Resource vulnerability in Postscript Project Postscript

An issue was discovered in the postscript crate before 0.14.0 for Rust.

7.5
2021-02-09 CVE-2021-26952 Ms3D Project Use of Uninitialized Resource vulnerability in Ms3D Project Ms3D

An issue was discovered in the ms3d crate before 0.1.3 for Rust.

7.5
2021-02-09 CVE-2021-21475 SAP Path Traversal vulnerability in SAP Netweaver Master Data Management Server 710/710.750

Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.

7.5
2021-02-08 CVE-2021-21306 Marked Project Resource Exhaustion vulnerability in Marked Project Marked

Marked is an open-source markdown parser and compiler (npm package "marked").

7.5
2021-02-08 CVE-2020-24944 Privateoctopus Infinite Loop vulnerability in Privateoctopus Picoquic

picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3.

7.5
2021-02-08 CVE-2021-21240 Httplib2 Project Unspecified vulnerability in Httplib2 Project Httplib2

httplib2 is a comprehensive HTTP client library for Python.

7.5
2021-02-08 CVE-2021-25837 Chainsafe Unspecified vulnerability in Chainsafe Ethermint

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module.

7.5
2021-02-08 CVE-2021-25836 Chainsafe Unspecified vulnerability in Chainsafe Ethermint

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module.

7.5
2021-02-08 CVE-2021-25835 Chainsafe Authentication Bypass by Capture-replay vulnerability in Chainsafe Ethermint

Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module.

7.5
2021-02-08 CVE-2021-25834 Chainsafe Authentication Bypass by Capture-replay vulnerability in Chainsafe Ethermint

Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module.

7.5
2021-02-10 CVE-2021-0333 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android

In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting.

7.3
2021-02-10 CVE-2021-0331 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value.

7.3
2021-02-10 CVE-2021-0314 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack.

7.3
2021-02-12 CVE-2021-22982 F5 Classic Buffer Overflow vulnerability in F5 products

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow.

7.2
2021-02-11 CVE-2021-21976 Vmware OS Command Injection vulnerability in VMWare Vsphere Replication

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.

7.2
2021-02-11 CVE-2021-21311 Adminer
Debian
Adminer is an open-source database management in a single PHP file.
7.2
2021-02-10 CVE-2020-27871 Solarwinds Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1.

7.2
2021-02-10 CVE-2021-25251 Trendmicro Code Injection vulnerability in Trendmicro products

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection.

7.2
2021-02-13 CVE-2021-27209 TP Link Cleartext Transmission of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221

In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.

7.1
2021-02-09 CVE-2020-27002 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2).

7.1
2021-02-11 CVE-2021-20188 Podman Project
Redhat
A flaw was found in podman before 1.7.0.
7.0
2021-02-08 CVE-2021-26910 Firejail Project
Debian
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.

7.0

143 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-02-12 CVE-2021-20648 Elecom OS Command Injection vulnerability in Elecom Wrc-300Febk-S Firmware

ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

6.8
2021-02-12 CVE-2021-20640 Logitech Classic Buffer Overflow vulnerability in Logitech Lan-W300N/Pgrb Firmware

Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.

6.8
2021-02-12 CVE-2021-20639 Logitech OS Command Injection vulnerability in Logitech Lan-W300N/Pgrb Firmware

LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.

6.8
2021-02-12 CVE-2021-20638 Logitech OS Command Injection vulnerability in Logitech Lan-W300N/Pgrb Firmware

LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.

6.8
2021-02-12 CVE-2020-27867 Netgear Unspecified vulnerability in Netgear products

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers.

6.8
2021-02-09 CVE-2021-21140 Google
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.

6.8
2021-02-08 CVE-2020-11915 Svakom Insecure Default Initialization of Resource vulnerability in Svakom Siime EYE Firmware 14.1.00000001.3.330.0.0.3.14

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14.

6.8
2021-02-11 CVE-2020-8027 Opensuse Unspecified vulnerability in Opensuse Openldap2

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1.

6.6
2021-02-13 CVE-2021-27210 TP Link Cleartext Storage of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221

TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.

6.5
2021-02-12 CVE-2021-20650 Elecom Cross-Site Request Forgery (CSRF) vulnerability in Elecom Ncc-Ewf100Rmwh2 Firmware

Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector.

6.5
2021-02-12 CVE-2021-20647 Elecom Cross-Site Request Forgery (CSRF) vulnerability in Elecom Wrc-300Febk-S Firmware

Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector.

6.5
2021-02-12 CVE-2021-20646 Elecom Cross-Site Request Forgery (CSRF) vulnerability in Elecom Wrc-300Febk-A Firmware

Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector.

6.5
2021-02-12 CVE-2021-20642 Logitech Unspecified vulnerability in Logitech Lan-W300N/Rs Firmware

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.

6.5
2021-02-12 CVE-2021-20641 Logitech Cross-Site Request Forgery (CSRF) vulnerability in Logitech Lan-W300N/Rs Firmware

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL.

6.5
2021-02-12 CVE-2021-20637 Logitech Unspecified vulnerability in Logitech Lan-W300N/Pr5B Firmware

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.

6.5
2021-02-12 CVE-2021-20636 Logitech Cross-Site Request Forgery (CSRF) vulnerability in Logitech Lan-W300N/Pr5B Firmware

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL.

6.5
2021-02-12 CVE-2021-20635 Logitech Improper Restriction of Excessive Authentication Attempts vulnerability in Logitech Lan-Wh450N/Gr Firmware

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.

6.5
2021-02-12 CVE-2020-27863 Dlink Unspecified vulnerability in Dlink Dsl-2888A Firmware and Dva-2800 Firmware

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers.

6.5
2021-02-11 CVE-2020-9307 Belden Infinite Loop vulnerability in Belden Hirschmann Hios 07.0.04/08.0.00

Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service.

6.5
2021-02-11 CVE-2021-21042 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack.

6.5
2021-02-11 CVE-2020-13186 Teradici Cross-Site Request Forgery (CSRF) vulnerability in Teradici Cloud Access Connector

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.

6.5
2021-02-11 CVE-2020-13185 Teradici Improper Authentication vulnerability in Teradici Cloud Access Connector

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.

6.5
2021-02-10 CVE-2020-27870 Solarwinds Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1.

6.5
2021-02-10 CVE-2021-0335 Google Use After Free vulnerability in Google Android 11.0

In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free.

6.5
2021-02-09 CVE-2021-21474 SAP Inadequate Encryption Strength vulnerability in SAP Hana Database 1.00/2.00

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.

6.5
2021-02-09 CVE-2020-35943 Imagely Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload.

6.5
2021-02-09 CVE-2021-26676 Intel
Debian
Opensuse
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
6.5
2021-02-09 CVE-2021-26921 Argoproj Insufficient Session Expiration vulnerability in Argoproj Argo CD

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.

6.5
2021-02-09 CVE-2020-4790 IBM Improper Input Validation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable.

6.5
2021-02-09 CVE-2021-26719 Gradle Path Traversal vulnerability in Gradle products

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2.

6.5
2021-02-09 CVE-2021-21141 Google
Microsoft
Injection vulnerability in multiple products

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.

6.5
2021-02-09 CVE-2021-21139 Google
Microsoft
Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5
2021-02-09 CVE-2021-21137 Google
Microsoft
Injection vulnerability in multiple products

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

6.5
2021-02-09 CVE-2021-21136 Google
Microsoft
Origin Validation Error vulnerability in multiple products

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2021-02-09 CVE-2021-21135 Google
Microsoft
Origin Validation Error vulnerability in multiple products

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2021-02-09 CVE-2021-21134 Google
Microsoft
Authentication Bypass by Spoofing vulnerability in multiple products

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.

6.5
2021-02-09 CVE-2021-21133 Google
Microsoft
Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.
6.5
2021-02-09 CVE-2021-21131 Google
Microsoft
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

6.5
2021-02-09 CVE-2021-21130 Google
Microsoft
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
6.5
2021-02-09 CVE-2021-21129 Google
Microsoft
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
6.5
2021-02-09 CVE-2021-21126 Google
Microsoft
Improper Input Validation vulnerability in multiple products

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.

6.5
2021-02-09 CVE-2021-21123 Google
Microsoft
Improper Input Validation vulnerability in multiple products

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

6.5
2021-02-08 CVE-2020-36151 Symonics
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.

6.5
2021-02-08 CVE-2020-36150 Symonics
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.

6.5
2021-02-08 CVE-2020-36149 Symonics
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g.

6.5
2021-02-08 CVE-2020-36148 Symonics
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g.

6.5
2021-02-08 CVE-2021-26905 1Password Improper Authentication vulnerability in 1Password Scim Bridge

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.

6.5
2021-02-08 CVE-2021-20359 IBM Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user.

6.5
2021-02-08 CVE-2021-20358 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files.

6.5
2021-02-08 CVE-2021-21435 Otrs Information Exposure vulnerability in Otrs

Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface.

6.5
2021-02-14 CVE-2021-26929 Horde
Debian
Cross-site Scripting vulnerability in multiple products

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used).

6.1
2021-02-12 CVE-2021-22984 F5 Open Redirect vulnerability in F5 products

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks.

6.1
2021-02-12 CVE-2021-22979 F5 Cross-site Scripting vulnerability in F5 products

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user.

6.1
2021-02-12 CVE-2021-20644 Elecom Injection vulnerability in Elecom Wrc-1467Ghbk-A Firmware

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.

6.1
2021-02-11 CVE-2021-22881 Rubyonrails
Fedoraproject
Open Redirect vulnerability in multiple products

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability.

6.1
2021-02-10 CVE-2020-24842 Sdgc Cross-site Scripting vulnerability in Sdgc Pnpscada 2.200816204020

PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser.

6.1
2021-02-10 CVE-2020-13565 Open EMR
Phpgacl Project
Open Redirect vulnerability in multiple products

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce).

6.1
2021-02-10 CVE-2020-29171 Tipsandtricks HQ Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Security & Firewall

Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.

6.1
2021-02-10 CVE-2021-23873 Mcafee Link Following vulnerability in Mcafee Total Protection

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.

6.1
2021-02-09 CVE-2021-21478 SAP Open Redirect vulnerability in SAP web Dynpro Abap

SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

6.1
2021-02-09 CVE-2021-21476 SAP Open Redirect vulnerability in SAP UI5

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

6.1
2021-02-09 CVE-2021-21444 SAP Improper Restriction of Rendered UI Layers or Frames vulnerability in SAP Businessobjects Business Intelligence 410/420/430

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents.

6.1
2021-02-09 CVE-2020-22839 B2Evolution Cross-site Scripting vulnerability in B2Evolution CMS 6.11.6

Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.

6.1
2021-02-09 CVE-2020-35572 Adminer Cross-site Scripting vulnerability in Adminer

Adminer through 4.7.8 allows XSS via the history parameter to the default URI.

6.1
2021-02-09 CVE-2020-22840 B2Evolution Open Redirect vulnerability in B2Evolution

Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.

6.1
2021-02-08 CVE-2021-26916 Nopcommerce Cross-site Scripting vulnerability in Nopcommerce 4.30

In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter.

6.1
2021-02-08 CVE-2020-13947 Apache
Oracle
Cross-site Scripting vulnerability in multiple products

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

6.1
2021-02-08 CVE-2021-22122 Fortinet Cross-site Scripting vulnerability in Fortinet Fortiweb

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.

6.1
2021-02-11 CVE-2021-21310 Nextauth JS Unspecified vulnerability in Nextauth.Js Next-Auth

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications.

5.9
2021-02-09 CVE-2021-22267 HPE Authentication Bypass by Capture-replay vulnerability in HPE web Viewpoint

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).

5.9
2021-02-09 CVE-2020-13409 Tufin Cross-site Scripting vulnerability in Tufin Securetrack 18.1

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users).

5.9
2021-02-09 CVE-2020-13408 Tufin Cross-site Scripting vulnerability in Tufin Securetrack 18.1

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users).

5.9
2021-02-09 CVE-2020-13407 Tufin Cross-site Scripting vulnerability in Tufin Securetrack 18.1

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users).

5.9
2021-02-09 CVE-2020-16144 Owncloud Incorrect Default Permissions vulnerability in Owncloud Files Antivirus

When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues.

5.7
2021-02-09 CVE-2020-13462 Tufin Authorization Bypass Through User-Controlled Key vulnerability in Tufin Securetrack 18.1

Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA.

5.7
2021-02-12 CVE-2021-20408 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key.

5.5
2021-02-12 CVE-2021-27205 Telegram Cleartext Storage of Sensitive Information vulnerability in Telegram

Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.

5.5
2021-02-12 CVE-2021-27204 Telegram Cleartext Storage of Sensitive Information vulnerability in Telegram

Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.

5.5
2021-02-11 CVE-2021-25688 Teradici Information Exposure Through Log Files vulnerability in Teradici Pcoip Graphics Agent and Pcoip Standard Agent

Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.

5.5
2021-02-10 CVE-2021-0338 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android 10.0/11.0

In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings.

5.5
2021-02-09 CVE-2020-26196 Dell Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Powerscale Onefs

Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue.

5.5
2021-02-09 CVE-2021-26550 Smartfoxserver Cleartext Storage of Sensitive Information vulnerability in Smartfoxserver 2.17.0

An issue was discovered in SmartFoxServer 2.17.0.

5.5
2021-02-09 CVE-2020-28394 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

5.5
2021-02-09 CVE-2020-27008 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

5.5
2021-02-09 CVE-2020-27007 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

5.5
2021-02-09 CVE-2020-27004 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

5.5
2021-02-09 CVE-2020-26998 Siemens Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2).

5.5
2021-02-09 CVE-2020-10048 Siemens Improper Authentication vulnerability in Siemens Simatic PCS 7 and Simatic Wincc

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2).

5.5
2021-02-09 CVE-2020-4996 IBM Unspecified vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials.

5.5
2021-02-08 CVE-2021-26917 Bitmessage Unspecified vulnerability in Bitmessage Pybitmessage

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value.

5.5
2021-02-08 CVE-2020-14391 Gnome Unspecified vulnerability in Gnome Control Center

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface.

5.5
2021-02-08 CVE-2020-8587 Netapp Unspecified vulnerability in Netapp Oncommand System Manager 9.3/9.4

OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.

5.5
2021-02-08 CVE-2021-21290 Netty
Debian
Quarkus
Oracle
Netapp
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
5.5
2021-02-12 CVE-2021-22983 F5 Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager

On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL.

5.4
2021-02-12 CVE-2021-20645 Elecom Cross-site Scripting vulnerability in Elecom Wrc-300Febk-A Firmware

Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.

5.4
2021-02-12 CVE-2021-27190 Peel Cross-site Scripting vulnerability in Peel Shopping 9.3.0/9.4.0

A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available.

5.4
2021-02-11 CVE-2020-4768 IBM Cross-site Scripting vulnerability in IBM Business Automation Workflow and Case Manager

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting.

5.4
2021-02-11 CVE-2020-8031 Opensuse Unspecified vulnerability in Opensuse Open Build Service

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity.

5.4
2021-02-10 CVE-2021-26938 Henriquedornas Cross-site Scripting vulnerability in Henriquedornas 5.2.17

A stored XSS issue exists in henriquedornas 5.2.17 via online live chat.

5.4
2021-02-10 CVE-2021-20654 Wekan Project Cross-site Scripting vulnerability in Wekan Project Wekan

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting.

5.4
2021-02-09 CVE-2021-26549 Smartfoxserver Cross-site Scripting vulnerability in Smartfoxserver 2.17.0

An XSS issue was discovered in SmartFoxServer 2.17.0.

5.4
2021-02-09 CVE-2021-26925 Roundcube
Fedoraproject
Cross-site Scripting vulnerability in multiple products

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.

5.4
2021-02-09 CVE-2021-3294 Casap Automated Enrollment System Project Cross-site Scripting vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0

CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php.

5.4
2021-02-08 CVE-2020-26052 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Marriage Registration System 1.0

Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.

5.4
2021-02-12 CVE-2021-20410 IBM Insufficiently Protected Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques.

5.3
2021-02-11 CVE-2021-21022 Magento Unspecified vulnerability in Magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module.

5.3
2021-02-11 CVE-2021-20404 IBM Unspecified vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins.

5.3
2021-02-09 CVE-2021-26954 Qwutils Project Double Free vulnerability in Qwutils Project Qwutils

An issue was discovered in the qwutils crate before 0.3.1 for Rust.

5.3
2021-02-09 CVE-2020-26195 Dell Improper Handling of Exceptional Conditions vulnerability in Dell EMC Powerscale Onefs

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user.

5.3
2021-02-09 CVE-2020-28388 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5).

5.3
2021-02-09 CVE-2020-4995 IBM Insufficient Session Expiration vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session.

5.3
2021-02-09 CVE-2020-4791 IBM Improper Certificate Validation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation.

5.3
2021-02-08 CVE-2021-26540 Apostrophecms Unspecified vulnerability in Apostrophecms Sanitize-Html

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".

5.3
2021-02-08 CVE-2021-26539 Apostrophecms Unspecified vulnerability in Apostrophecms Sanitize-Html

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.

5.3
2021-02-08 CVE-2021-3293 Emlog Unspecified vulnerability in Emlog 5.3.1

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.

5.3
2021-02-10 CVE-2021-23878 Mcafee Cleartext Storage of Sensitive Information vulnerability in Mcafee Endpoint Security

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions.

5.0
2021-02-12 CVE-2021-20406 IBM Unspecified vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

4.9
2021-02-10 CVE-2020-8355 Lenovo Cleartext Transmission of Sensitive Information vulnerability in Lenovo Xclarity Administrator

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating.

4.9
2021-02-10 CVE-2020-7021 Elastic Information Exposure Through Log Files vulnerability in Elastic Elasticsearch

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled.

4.9
2021-02-08 CVE-2020-1779 Otrs Information Exposure vulnerability in Otrs Ticket Forms

When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information.

4.9
2021-02-12 CVE-2021-22981 F5 Unspecified vulnerability in F5 products

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627.

4.8
2021-02-12 CVE-2021-20649 Elecom Improper Certificate Validation vulnerability in Elecom Wrc-300Febk-S Firmware

ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability.

4.8
2021-02-11 CVE-2021-21029 Magento Unspecified vulnerability in Magento

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter.

4.8
2021-02-10 CVE-2021-23881 Mcafee Cross-site Scripting vulnerability in Mcafee Endpoint Security

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.

4.8
2021-02-09 CVE-2020-22841 B2Evolution Cross-site Scripting vulnerability in B2Evolution

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.

4.8
2021-02-08 CVE-2020-29021 Secomea Cross-site Scripting vulnerability in Secomea products

A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS.

4.8
2021-02-08 CVE-2021-21434 Otrs Cross-site Scripting vulnerability in Otrs Survey

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e.

4.8
2021-02-11 CVE-2021-20335 Mongodb Cleartext Transmission of Sensitive Information vulnerability in Mongodb OPS Manager

For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster.

4.6
2021-02-11 CVE-2020-8030 Suse Unspecified vulnerability in Suse Caas Platform 4.5

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.

4.4
2021-02-10 CVE-2020-16120 Linux
Canonical
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed.
4.4
2021-02-10 CVE-2021-23883 Mcafee NULL Pointer Dereference vulnerability in Mcafee Endpoint Security

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly.

4.4
2021-02-10 CVE-2021-23882 Mcafee Unspecified vulnerability in Mcafee Endpoint Security

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed.

4.4
2021-02-10 CVE-2021-23880 Mcafee Unspecified vulnerability in Mcafee Endpoint Security

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

4.4
2021-02-09 CVE-2021-25141 Arubanetworks
HPE
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware.
4.4
2021-02-11 CVE-2021-21034 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability.

4.3
2021-02-11 CVE-2021-21301 Wire Unspecified vulnerability in Wire

Wire is an open-source collaboration platform.

4.3
2021-02-09 CVE-2020-28644 Owncloud Cross-Site Request Forgery (CSRF) vulnerability in Owncloud

The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints.

4.3
2021-02-09 CVE-2021-25666 Siemens Unspecified vulnerability in Siemens Scalance W740 Firmware and Scalance W780 Firmware

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3).

4.3
2021-02-09 CVE-2021-21147 Google
Fedoraproject
Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
4.3
2021-02-09 CVE-2020-13461 Tufin Unspecified vulnerability in Tufin Securetrack

Username enumeration in present in Tufin SecureTrack.

4.3
2021-02-08 CVE-2021-21288 Carrierwave Project Unspecified vulnerability in Carrierwave Project Carrierwave

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications.

4.3
2021-02-08 CVE-2021-21436 Otrs Incorrect Default Permissions vulnerability in Otrs CIS in Customer Frontend 7.0.0/7.0.14

Agents are able to see and link Config Items without permissions, which are defined in General Catalog.

4.3
2021-02-11 CVE-2020-8029 Suse Unspecified vulnerability in Suse Caas Platform 4.5

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-02-11 CVE-2019-19004 Autotrace Project
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.

3.3
2021-02-11 CVE-2020-10734 Redhat Unspecified vulnerability in Redhat products

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection.

3.3
2021-02-09 CVE-2020-17428 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

3.3
2021-02-09 CVE-2020-17422 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

3.3
2021-02-09 CVE-2020-17420 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

3.3
2021-02-08 CVE-2020-8590 Netapp Unspecified vulnerability in Netapp Clustered Data Ontap

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

3.3
2021-02-08 CVE-2020-8578 Netapp Unspecified vulnerability in Netapp Clustered Data Ontap

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

3.3
2021-02-11 CVE-2020-1717 Redhat Information Exposure Through an Error Message vulnerability in Redhat products

A flaw was found in Keycloak 7.0.1.

2.7
2021-02-11 CVE-2021-20402 IBM Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

2.7
2021-02-10 CVE-2021-21296 Fleetdm Unspecified vulnerability in Fleetdm Fleet

Fleet is an open source osquery manager.

2.7
2021-02-10 CVE-2021-22133 Elastic Information Exposure Through Log Files vulnerability in Elastic APM Agent

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic.

2.4