Weekly Vulnerabilities Reports > February 8 to 14, 2021
Overview
444 new vulnerabilities reported during this period, including 85 critical vulnerabilities and 205 high severity vulnerabilities. This weekly summary report vulnerabilities in 344 products from 144 vendors including Google, Fiberhome, Fedoraproject, Foxitsoftware, and Microsoft. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Use of Hard-coded Credentials", "Cross-site Scripting", "Out-of-bounds Read", and "Use After Free".
- 297 reported vulnerabilities are remotely exploitables.
- 18 reported vulnerabilities have public exploit available.
- 101 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 304 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 53 reported vulnerabilities.
- Fiberhome has the most reported critical vulnerabilities, with 32 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
85 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-02-12 | CVE-2021-26753 | Nedi | Incorrect Authorization vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. | 9.9 |
2021-02-09 | CVE-2021-21477 | SAP | Code Injection vulnerability in SAP Commerce SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application. | 9.9 |
2021-02-14 | CVE-2021-27213 | Pystemon Project | Deserialization of Untrusted Data vulnerability in Pystemon Project Pystemon config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. | 9.8 |
2021-02-14 | CVE-2019-25019 | Limesurvey | SQL Injection vulnerability in Limesurvey LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. | 9.8 |
2021-02-12 | CVE-2021-22504 | Microfocus | Unspecified vulnerability in Microfocus Operations Bridge Manager Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. | 9.8 |
2021-02-12 | CVE-2020-27868 | Qognify | Unspecified vulnerability in Qognify Ocularis 5.9.0.395 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. | 9.8 |
2021-02-11 | CVE-2021-21307 | Lucee | Unspecified vulnerability in Lucee Server Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. | 9.8 |
2021-02-11 | CVE-2021-25689 | Teradici | Out-of-bounds Write vulnerability in Teradici Pcoip Soft Client 20.07.2/20.07.3/20.10.0 An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code. | 9.8 |
2021-02-11 | CVE-2021-22658 | Advantech | SQL Injection vulnerability in Advantech Iview 5.6/5.7/5.7.02 Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. | 9.8 |
2021-02-11 | CVE-2021-22652 | Advantech | Unspecified vulnerability in Advantech Iview 5.6/5.7/5.7.02 Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. | 9.8 |
2021-02-10 | CVE-2021-27185 | Samba Client Project | Command Injection vulnerability in Samba-Client Project Samba-Client The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec. | 9.8 |
2021-02-10 | CVE-2020-13576 | Genivia Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. | 9.8 |
2021-02-10 | CVE-2021-27177 | Fiberhome | Incorrect Authorization vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27172 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27171 | Fiberhome | Out-of-bounds Write vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27170 | Fiberhome | Insecure Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27169 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome An5506-04-Fa Firmware Rp2631 An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. | 9.8 |
2021-02-10 | CVE-2021-27168 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27167 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27166 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27165 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27164 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27163 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27162 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27161 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27160 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27159 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27158 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27157 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27156 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27155 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27154 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27153 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27152 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27151 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27150 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27149 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27148 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27147 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27146 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27145 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27144 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27143 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-27141 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 9.8 |
2021-02-10 | CVE-2021-3033 | Paloaltonetworks | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Prisma Cloud An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. | 9.8 |
2021-02-10 | CVE-2021-27135 | Invisible Island Debian Fedoraproject | xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | 9.8 |
2021-02-10 | CVE-2020-36244 | Genivi Debian | Out-of-bounds Write vulnerability in multiple products The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). | 9.8 |
2021-02-10 | CVE-2020-28871 | Monitorr | Unrestricted Upload of File with Dangerous Type vulnerability in Monitorr 1.7.6M Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | 9.8 |
2021-02-10 | CVE-2020-28870 | Inoideas | Improper Input Validation vulnerability in Inoideas Inoerp 0.7.2 In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php. | 9.8 |
2021-02-09 | CVE-2021-26957 | XCB Project | Out-of-bounds Read vulnerability in XCB Project XCB 20201210/20210204 An issue was discovered in the xcb crate through 2021-02-04 for Rust. | 9.8 |
2021-02-09 | CVE-2021-26956 | XCB Project | Unspecified vulnerability in XCB Project XCB 20201210/20210204 An issue was discovered in the xcb crate through 2021-02-04 for Rust. | 9.8 |
2021-02-09 | CVE-2021-26955 | XCB Project | Unchecked Return Value vulnerability in XCB Project XCB 20201210/20210204 An issue was discovered in the xcb crate through 2021-02-04 for Rust. | 9.8 |
2021-02-09 | CVE-2021-26951 | Calamine Project | Use of Uninitialized Resource vulnerability in Calamine Project Calamine An issue was discovered in the calamine crate before 0.17.0 for Rust. | 9.8 |
2021-02-09 | CVE-2021-21502 | Dell | Improper Authentication vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. | 9.8 |
2021-02-09 | CVE-2020-14343 | Pyyaml Oracle | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. | 9.8 |
2021-02-09 | CVE-2021-26937 | GNU Debian Fedoraproject | Argument Injection or Modification vulnerability in multiple products encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | 9.8 |
2021-02-09 | CVE-2020-13117 | Wavlink | Command Injection vulnerability in Wavlink Wn575A4 Firmware and Wn579X3 Firmware Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request. | 9.8 |
2021-02-09 | CVE-2019-17582 | Libzip | Use After Free vulnerability in Libzip 1.2.0 A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. | 9.8 |
2021-02-09 | CVE-2021-25140 | HP | Path Traversal vulnerability in HP Moonshot Provisioning Manager 1.20 A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. | 9.8 |
2021-02-09 | CVE-2021-25139 | HP | Out-of-bounds Write vulnerability in HP Moonshot Provisioning Manager 1.20 A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. | 9.8 |
2021-02-09 | CVE-2020-15798 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. | 9.8 |
2021-02-09 | CVE-2021-26918 | Probot | Unrestricted Upload of File with Dangerous Type vulnerability in Probot BOT 20210208 The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified other impact) because the uploader web service allows double extensions (such as .html.jpg) with the text/html content type. | 9.8 |
2021-02-08 | CVE-2021-25913 | SET OR GET Project | Unspecified vulnerability in Set-Or-Get Project Set-Or-Get Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. | 9.8 |
2021-02-08 | CVE-2021-22502 | Microfocus | OS Command Injection vulnerability in Microfocus Operation Bridge Reporter 10.40 Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. | 9.8 |
2021-02-08 | CVE-2021-21304 | Dynamoosejs | Unspecified vulnerability in Dynamoosejs Dynamoose Dynamoose is an open-source modeling tool for Amazon's DynamoDB. | 9.8 |
2021-02-08 | CVE-2021-26541 | Gitlog Project | OS Command Injection vulnerability in Gitlog Project Gitlog The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability. | 9.8 |
2021-02-08 | CVE-2020-6649 | Fortinet | Insufficient Session Expiration vulnerability in Fortinet Fortiisolator An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 9.8 |
2021-02-08 | CVE-2020-16629 | Phpok | SQL Injection vulnerability in PHPok 5.4.137 PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | 9.8 |
2021-02-08 | CVE-2020-26051 | College Management System Project | SQL Injection vulnerability in College Management System Project College Management System 1.0 College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query. | 9.8 |
2021-02-08 | CVE-2020-11920 | Svakom | OS Command Injection vulnerability in Svakom Siime EYE Firmware 14.1.00000001.3.330.0.0.3.14 An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. | 9.8 |
2021-02-08 | CVE-2021-26754 | Wpdatatables | SQL Injection vulnerability in Wpdatatables wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. | 9.8 |
2021-02-10 | CVE-2020-26299 | FTP SRV Project | Unspecified vulnerability in Ftp-Srv Project Ftp-Srv ftp-srv is an open-source FTP server designed to be simple yet configurable. | 9.6 |
2021-02-09 | CVE-2020-35125 | Acquia | Cross-site Scripting vulnerability in Acquia Mautic A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept). | 9.6 |
2021-02-09 | CVE-2021-21146 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-02-09 | CVE-2021-21142 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-02-09 | CVE-2021-21132 | Google Microsoft | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
2021-02-09 | CVE-2021-21124 | Google Microsoft | Use After Free vulnerability in multiple products Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-02-09 | CVE-2021-21121 | Google Microsoft | Use After Free vulnerability in multiple products Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-02-12 | CVE-2021-20651 | Elecom | Path Traversal vulnerability in Elecom File Manager Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors. | 9.1 |
2021-02-11 | CVE-2021-21019 | Magento | Unspecified vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. | 9.1 |
2021-02-09 | CVE-2021-21479 | SAP | Injection vulnerability in SAP Scimono In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. | 9.1 |
2021-02-09 | CVE-2020-28645 | Owncloud | Improper Input Validation vulnerability in Owncloud Deleting users with certain names caused system files to be deleted. | 9.1 |
2021-02-08 | CVE-2021-26530 | Cesanta | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0 The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 9.1 |
2021-02-08 | CVE-2021-26529 | Cesanta | Out-of-bounds Write vulnerability in Cesanta Mongoose The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 9.1 |
2021-02-08 | CVE-2021-26528 | Cesanta | Out-of-bounds Write vulnerability in Cesanta Mongoose 7.0 The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | 9.1 |
205 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-02-12 | CVE-2021-26752 | Nedi | OS Command Injection vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. | 8.8 |
2021-02-12 | CVE-2021-26751 | Nedi | SQL Injection vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. | 8.8 |
2021-02-12 | CVE-2020-27869 | Solarwinds | Unspecified vulnerability in Solarwinds Network Performance Monitor 2020/2020.2 This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. | 8.8 |
2021-02-12 | CVE-2020-27866 | Netgear | Unspecified vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. | 8.8 |
2021-02-12 | CVE-2020-27865 | Dlink | Unspecified vulnerability in Dlink Dap-1860 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. | 8.8 |
2021-02-12 | CVE-2020-27864 | Dlink | Unspecified vulnerability in Dlink Dap-1860 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. | 8.8 |
2021-02-12 | CVE-2020-27862 | Dlink | Unspecified vulnerability in Dlink Dsl-2888A Firmware and Dva-2800 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. | 8.8 |
2021-02-12 | CVE-2020-27861 | Netgear | Unspecified vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. | 8.8 |
2021-02-11 | CVE-2021-21035 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. | 8.8 |
2021-02-11 | CVE-2021-21033 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. | 8.8 |
2021-02-11 | CVE-2021-21028 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. | 8.8 |
2021-02-11 | CVE-2021-21021 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. | 8.8 |
2021-02-11 | CVE-2021-20403 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2021-02-10 | CVE-2020-27874 | Tencent | Unspecified vulnerability in Tencent Wechat 7.0.18 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. | 8.8 |
2021-02-10 | CVE-2020-13585 | Accusoft | Incorrect Calculation of Buffer Size vulnerability in Accusoft Imagegear 19.8 An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. | 8.8 |
2021-02-10 | CVE-2020-13572 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 19.8 A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. | 8.8 |
2021-02-10 | CVE-2020-13571 | Accusoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Accusoft Imagegear 19.8 An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. | 8.8 |
2021-02-10 | CVE-2020-13561 | Accusoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Accusoft Imagegear 19.8 An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. | 8.8 |
2021-02-10 | CVE-2020-13548 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Foxit Reader 10.1.0.37527 In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. | 8.8 |
2021-02-10 | CVE-2021-0340 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Google Android 10.0 In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. | 8.8 | |
2021-02-10 | CVE-2021-0325 | Out-of-bounds Write vulnerability in Google Android In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. | 8.8 | |
2021-02-09 | CVE-2021-26958 | XCB Project | Unchecked Return Value vulnerability in XCB Project XCB 20201210/20210204 An issue was discovered in the xcb crate through 2021-02-04 for Rust. | 8.8 |
2021-02-09 | CVE-2021-21472 | SAP | Missing Authentication for Critical Function vulnerability in SAP Software Provisioning Manager 1.0 SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade. | 8.8 |
2021-02-09 | CVE-2021-26551 | Smartfoxserver | Code Injection vulnerability in Smartfoxserver 2.17.0 An issue was discovered in SmartFoxServer 2.17.0. | 8.8 |
2021-02-09 | CVE-2021-3191 | HPE | Unspecified vulnerability in HPE web Viewpoint Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H). | 8.8 |
2021-02-09 | CVE-2020-18215 | Phpshe | SQL Injection vulnerability in PHPshe 1.7 Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. | 8.8 |
2021-02-09 | CVE-2020-35942 | Imagely | Cross-site Scripting vulnerability in Imagely Nextgen Gallery A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. | 8.8 |
2021-02-09 | CVE-2021-26675 | Intel Debian Opensuse | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | 8.8 |
2021-02-09 | CVE-2021-21148 | Google Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-02-09 | CVE-2021-3394 | Millewin | Incorrect Default Permissions vulnerability in Millewin 13.39.028/13.39.146.1/13.39.28.3342 Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation. | 8.8 |
2021-02-09 | CVE-2021-21145 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-02-09 | CVE-2021-21144 | Google Fedoraproject | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 |
2021-02-09 | CVE-2021-21143 | Google Fedoraproject | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 |
2021-02-09 | CVE-2020-27261 | Omron | Out-of-bounds Write vulnerability in Omron products The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 8.8 |
2021-02-09 | CVE-2020-27259 | Omron | Unspecified vulnerability in Omron products The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. | 8.8 |
2021-02-09 | CVE-2021-21128 | Google Microsoft | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-02-09 | CVE-2021-21127 | Google Microsoft | Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension. | 8.8 |
2021-02-09 | CVE-2021-21122 | Google Microsoft | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-02-09 | CVE-2021-21120 | Google Microsoft | Use After Free vulnerability in multiple products Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-02-09 | CVE-2021-21119 | Google Microsoft | Use After Free vulnerability in multiple products Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-02-09 | CVE-2021-21118 | Google Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 |
2021-02-09 | CVE-2020-16044 | Use After Free vulnerability in Google Chrome Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. | 8.8 | |
2021-02-09 | CVE-2020-13460 | Tufin | Cross-Site Request Forgery (CSRF) vulnerability in Tufin Securetrack 18.1 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA. | 8.8 |
2021-02-08 | CVE-2020-36152 | Symonics Fedoraproject | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. | 8.8 |
2021-02-08 | CVE-2021-21305 | Carrierwave Project | Code Injection vulnerability in Carrierwave Project Carrierwave CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. | 8.8 |
2021-02-08 | CVE-2020-35700 | Librenms | SQL Injection vulnerability in Librenms A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. | 8.8 |
2021-02-09 | CVE-2021-21138 | Use After Free vulnerability in Google Chrome Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file. | 8.6 | |
2021-02-09 | CVE-2020-24685 | ABB | Allocation of Resources Without Limits or Throttling vulnerability in ABB Ac500 CPU Firmware An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. | 8.6 |
2021-02-12 | CVE-2021-22978 | F5 | Cross-site Scripting vulnerability in F5 products On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. | 8.3 |
2021-02-10 | CVE-2021-20353 | IBM | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2021-02-09 | CVE-2020-4795 | IBM | Unspecified vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. | 8.2 |
2021-02-12 | CVE-2021-20411 | IBM | Incorrect Resource Transfer Between Spheres vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier. | 8.1 |
2021-02-12 | CVE-2021-27197 | Pelco | Origin Validation Error vulnerability in Pelco Digital Sentry Server DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. | 8.1 |
2021-02-11 | CVE-2021-21299 | Hyper | Unspecified vulnerability in Hyper hyper is an open-source HTTP library for Rust (crates.io). | 8.1 |
2021-02-09 | CVE-2020-25237 | Siemens | Unspecified vulnerability in Siemens Sinec Network Management System and Sinema Server A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). | 8.1 |
2021-02-09 | CVE-2021-21125 | Google Microsoft | Link Following vulnerability in multiple products Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 8.1 |
2021-02-08 | CVE-2021-26915 | Netmotionsoftware | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. | 8.1 |
2021-02-08 | CVE-2021-26914 | Netmotionsoftware | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. | 8.1 |
2021-02-08 | CVE-2021-26913 | Netmotionsoftware | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. | 8.1 |
2021-02-08 | CVE-2021-26912 | Netmotionsoftware | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. | 8.1 |
2021-02-08 | CVE-2021-26222 | Ezxml Project | Out-of-bounds Write vulnerability in Ezxml Project Ezxml The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | 8.1 |
2021-02-08 | CVE-2021-26221 | Ezxml Project | Out-of-bounds Write vulnerability in Ezxml Project Ezxml The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | 8.1 |
2021-02-08 | CVE-2021-26220 | Ezxml Project | Out-of-bounds Write vulnerability in Ezxml Project Ezxml The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | 8.1 |
2021-02-12 | CVE-2021-22980 | F5 | Untrusted Search Path vulnerability in F5 Big-Ip Access Policy Manager In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. | 7.8 |
2021-02-12 | CVE-2020-27860 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. | 7.8 |
2021-02-11 | CVE-2021-21053 | Adobe | Unspecified vulnerability in Adobe Illustrator Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. | 7.8 |
2021-02-11 | CVE-2019-19005 | Autotrace Project Fedoraproject | Double Free vulnerability in multiple products A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. | 7.8 |
2021-02-11 | CVE-2021-21041 | Adobe | Use After Free vulnerability in Adobe products Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. | 7.8 |
2021-02-10 | CVE-2020-28596 | Prusa3D | Out-of-bounds Write vulnerability in Prusa3D Prusaslicer 2.2.0 A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). | 7.8 |
2021-02-10 | CVE-2020-28595 | Prusa3D | Out-of-bounds Write vulnerability in Prusa3D Prusaslicer 2.2.0 An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). | 7.8 |
2021-02-10 | CVE-2020-27250 | Softmaker | Out-of-bounds Write vulnerability in Softmaker Planmaker 2021 1014 In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. | 7.8 |
2021-02-10 | CVE-2020-13581 | Softmaker | Out-of-bounds Write vulnerability in Softmaker Planmaker 2021 1014 In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. | 7.8 |
2021-02-10 | CVE-2021-26936 | Replaysorcery Project | Improper Privilege Management vulnerability in Replaysorcery Project Replaysorcery The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations. | 7.8 |
2021-02-10 | CVE-2021-0339 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android 10.0/8.1/9.0 In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. | 7.8 | |
2021-02-10 | CVE-2021-0337 | Cleartext Storage of Sensitive Information vulnerability in Google Android In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. | 7.8 | |
2021-02-10 | CVE-2021-0336 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. | 7.8 | |
2021-02-10 | CVE-2021-0334 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. | 7.8 | |
2021-02-10 | CVE-2021-0332 | Use After Free vulnerability in Google Android 10.0/11.0 In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. | 7.8 | |
2021-02-10 | CVE-2021-0330 | Use After Free vulnerability in Google Android 10.0/11.0/9.0 In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. | 7.8 | |
2021-02-10 | CVE-2021-0329 | Out-of-bounds Write vulnerability in Google Android In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2021-02-10 | CVE-2021-0328 | Missing Authorization vulnerability in Google Android In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. | 7.8 | |
2021-02-10 | CVE-2021-0327 | Improper Privilege Management vulnerability in Google Android In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. | 7.8 | |
2021-02-10 | CVE-2021-0305 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. | 7.8 | |
2021-02-10 | CVE-2021-0302 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. | 7.8 | |
2021-02-10 | CVE-2020-13546 | Softmaker | Incorrect Calculation of Buffer Size vulnerability in Softmaker Office Textmaker 2021 1014 In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. | 7.8 |
2021-02-10 | CVE-2021-23876 | Mcafee | Unspecified vulnerability in Mcafee Total Protection Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware. | 7.8 |
2021-02-10 | CVE-2021-23874 | Mcafee | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Total Protection Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. | 7.8 |
2021-02-09 | CVE-2020-26194 | Dell | Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Powerscale Onefs 8.1.2/8.2.2 Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. | 7.8 |
2021-02-09 | CVE-2020-26193 | Dell | OS Command Injection vulnerability in Dell EMC Powerscale Onefs Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. | 7.8 |
2021-02-09 | CVE-2020-26192 | Dell | Missing Authentication for Critical Function vulnerability in Dell EMC Powerscale Onefs Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. | 7.8 |
2021-02-09 | CVE-2020-26191 | Dell | Unspecified vulnerability in Dell EMC Powerscale Onefs Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. | 7.8 |
2021-02-09 | CVE-2020-28392 | Siemens | Unspecified vulnerability in Siemens Simaris Configuration A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). | 7.8 |
2021-02-09 | CVE-2020-27857 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-27856 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-27855 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17436 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17435 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17434 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17433 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17432 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17431 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17430 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17429 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17427 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17426 | Foxitsoftware | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17425 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17424 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17423 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17421 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17419 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2020-17418 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. | 7.8 |
2021-02-09 | CVE-2021-22663 | Siemens Hornerautomation | Out-of-bounds Read vulnerability in multiple products Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. | 7.8 |
2021-02-09 | CVE-2020-27006 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). | 7.8 |
2021-02-09 | CVE-2020-27005 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). | 7.8 |
2021-02-09 | CVE-2020-27003 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). | 7.8 |
2021-02-09 | CVE-2020-27001 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). | 7.8 |
2021-02-09 | CVE-2020-27000 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). | 7.8 |
2021-02-09 | CVE-2020-26999 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). | 7.8 |
2021-02-09 | CVE-2020-25245 | Siemens | Unspecified vulnerability in Siemens Digsi 4 4.94 A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). | 7.8 |
2021-02-09 | CVE-2020-25238 | Siemens | Uncontrolled Search Path Element vulnerability in Siemens products A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). | 7.8 |
2021-02-09 | CVE-2020-27257 | Omron | Type Confusion vulnerability in Omron products This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices. | 7.8 |
2021-02-09 | CVE-2021-21117 | Link Following vulnerability in Google Chrome Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file. | 7.8 | |
2021-02-08 | CVE-2021-26576 | HPE | Command Injection vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function. | 7.8 |
2021-02-08 | CVE-2021-26577 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function. | 7.8 |
2021-02-08 | CVE-2021-26575 | HPE | Path Traversal vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function. | 7.8 |
2021-02-08 | CVE-2021-26574 | HPE | Path Traversal vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function. | 7.8 |
2021-02-08 | CVE-2021-26573 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function. | 7.8 |
2021-02-08 | CVE-2021-25172 | HPE | Command Injection vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function. | 7.8 |
2021-02-08 | CVE-2021-26572 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function. | 7.8 |
2021-02-08 | CVE-2021-26571 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function. | 7.8 |
2021-02-08 | CVE-2021-26570 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function. | 7.8 |
2021-02-08 | CVE-2021-25171 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function. | 7.8 |
2021-02-08 | CVE-2021-25170 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function. | 7.8 |
2021-02-08 | CVE-2021-25169 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function. | 7.8 |
2021-02-08 | CVE-2021-25168 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function. | 7.8 |
2021-02-08 | CVE-2021-25142 | HPE | Classic Buffer Overflow vulnerability in HPE Baseboard Management Controller The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function. | 7.8 |
2021-02-08 | CVE-2021-26826 | Godotengine | Out-of-bounds Write vulnerability in Godotengine Godot Engine A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. | 7.8 |
2021-02-08 | CVE-2021-26825 | Godotengine | Integer Overflow or Wraparound vulnerability in Godotengine Godot Engine An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. | 7.8 |
2021-02-14 | CVE-2021-27212 | Openldap Debian | Reachable Assertion vulnerability in multiple products In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. | 7.5 |
2021-02-12 | CVE-2021-22977 | F5 | Unspecified vulnerability in F5 products On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. | 7.5 |
2021-02-12 | CVE-2020-13949 | Apache Oracle | Resource Exhaustion vulnerability in multiple products In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | 7.5 |
2021-02-12 | CVE-2013-20001 | Openzfs | Unspecified vulnerability in Openzfs An issue was discovered in OpenZFS through 2.0.3. | 7.5 |
2021-02-12 | CVE-2021-22985 | F5 | Resource Exhaustion vulnerability in F5 Big-Ip Application Security Manager On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. | 7.5 |
2021-02-12 | CVE-2021-22976 | F5 | Unspecified vulnerability in F5 products On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. | 7.5 |
2021-02-12 | CVE-2021-22975 | F5 | Unspecified vulnerability in F5 products On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. | 7.5 |
2021-02-12 | CVE-2021-22974 | F5 | Race Condition vulnerability in F5 products On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. | 7.5 |
2021-02-12 | CVE-2021-22973 | F5 | Out-of-bounds Write vulnerability in F5 products On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. | 7.5 |
2021-02-12 | CVE-2021-20412 | IBM | Use of Hard-coded Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
2021-02-12 | CVE-2021-20409 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 7.5 |
2021-02-12 | CVE-2021-20407 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. | 7.5 |
2021-02-12 | CVE-2021-27188 | XN B1Agzlht | Improper Restriction of Excessive Authentication Attempts vulnerability in Xn--B1Agzlht FX Aggregator Terminal Client 1.0 The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account. | 7.5 |
2021-02-12 | CVE-2021-27187 | XN B1Agzlht | Insufficiently Protected Credentials vulnerability in Xn--B1Agzlht FX Aggregator Terminal Client 1.0 The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked. | 7.5 |
2021-02-12 | CVE-2021-20643 | Elecom | Unspecified vulnerability in Elecom Ld-Ps/U1 Firmware Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request. | 7.5 |
2021-02-11 | CVE-2021-27191 | GET IP Range Project | Unspecified vulnerability in Get-Ip-Range Project Get-Ip-Range The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. | 7.5 |
2021-02-11 | CVE-2021-27184 | Pelco | XXE vulnerability in Pelco Digital Sentry Server 7.18.72.11464 Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. | 7.5 |
2021-02-11 | CVE-2021-25690 | Teradici | NULL Pointer Dereference vulnerability in Teradici Pcoip Soft Client 20.07.2 A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software. | 7.5 |
2021-02-11 | CVE-2021-22880 | Rubyonrails Fedoraproject | Resource Exhaustion vulnerability in multiple products The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. | 7.5 |
2021-02-11 | CVE-2021-22656 | Advantech | Path Traversal vulnerability in Advantech Iview 5.6/5.7/5.7.02 Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. | 7.5 |
2021-02-11 | CVE-2021-22654 | Advantech | SQL Injection vulnerability in Advantech Iview 5.6/5.7/5.7.02 Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. | 7.5 |
2021-02-11 | CVE-2020-35498 | Openvswitch Debian Fedoraproject | A vulnerability was found in openvswitch. | 7.5 |
2021-02-11 | CVE-2020-25493 | Oclean | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Oclean 2.1.2 Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. | 7.5 |
2021-02-11 | CVE-2021-20405 | IBM | Improper Encoding or Escaping of Output vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. | 7.5 |
2021-02-11 | CVE-2021-23335 | IS User Valid Project | Injection vulnerability in Is-User-Valid Project Is-User-Valid All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure. | 7.5 |
2021-02-10 | CVE-2021-27186 | Treasuredata | NULL Pointer Dereference vulnerability in Treasuredata Fluent BIT 1.6.10 Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. | 7.5 |
2021-02-10 | CVE-2020-13583 | Micrium | NULL Pointer Dereference vulnerability in Micrium Uc-Http 3.01.00 A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. | 7.5 |
2021-02-10 | CVE-2020-13578 | Genivia Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. | 7.5 |
2021-02-10 | CVE-2020-13577 | Genivia Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. | 7.5 |
2021-02-10 | CVE-2020-13574 | Genivia Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. | 7.5 |
2021-02-10 | CVE-2021-27179 | Fiberhome | Improper Input Validation vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 7.5 |
2021-02-10 | CVE-2021-27178 | Fiberhome | Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 7.5 |
2021-02-10 | CVE-2021-27176 | Fiberhome | Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 7.5 |
2021-02-10 | CVE-2021-27175 | Fiberhome | Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 7.5 |
2021-02-10 | CVE-2021-27174 | Fiberhome | Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 7.5 |
2021-02-10 | CVE-2021-27173 | Fiberhome | Unspecified vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 7.5 |
2021-02-10 | CVE-2021-27142 | Fiberhome | Use of Hard-coded Credentials vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 7.5 |
2021-02-10 | CVE-2021-27140 | Fiberhome | Cleartext Storage of Sensitive Information vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 7.5 |
2021-02-10 | CVE-2021-27139 | Fiberhome | Unspecified vulnerability in Fiberhome Hg6245D Firmware Rp2613 An issue was discovered on FiberHome HG6245D devices through RP2613. | 7.5 |
2021-02-10 | CVE-2021-26939 | Henriquedornas | Unspecified vulnerability in Henriquedornas 5.2.17 An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. | 7.5 |
2021-02-10 | CVE-2021-0341 | Improper Certificate Validation vulnerability in Google Android In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. | 7.5 | |
2021-02-10 | CVE-2021-0326 | Google Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. | 7.5 |
2021-02-10 | CVE-2020-5023 | IBM | Resource Exhaustion vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. | 7.5 |
2021-02-10 | CVE-2020-24838 | Issuer Project | Integer Overflow or Wraparound vulnerability in Issuer Project Issuer An integer overflow has been found in the the latest version of Issuer. | 7.5 |
2021-02-10 | CVE-2020-24837 | Zcfees Project | Integer Underflow (Wrap or Wraparound) vulnerability in Zcfees Project Zcfees An integer underflow has been found in the latest version of ZCFees. | 7.5 |
2021-02-09 | CVE-2021-26953 | Postscript Project | Use of Uninitialized Resource vulnerability in Postscript Project Postscript An issue was discovered in the postscript crate before 0.14.0 for Rust. | 7.5 |
2021-02-09 | CVE-2021-26952 | Ms3D Project | Use of Uninitialized Resource vulnerability in Ms3D Project Ms3D An issue was discovered in the ms3d crate before 0.1.3 for Rust. | 7.5 |
2021-02-09 | CVE-2021-21475 | SAP | Path Traversal vulnerability in SAP Netweaver Master Data Management Server 710/710.750 Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. | 7.5 |
2021-02-08 | CVE-2021-21306 | Marked Project | Resource Exhaustion vulnerability in Marked Project Marked Marked is an open-source markdown parser and compiler (npm package "marked"). | 7.5 |
2021-02-08 | CVE-2020-24944 | Privateoctopus | Infinite Loop vulnerability in Privateoctopus Picoquic picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3. | 7.5 |
2021-02-08 | CVE-2021-21240 | Httplib2 Project | Unspecified vulnerability in Httplib2 Project Httplib2 httplib2 is a comprehensive HTTP client library for Python. | 7.5 |
2021-02-08 | CVE-2021-25837 | Chainsafe | Unspecified vulnerability in Chainsafe Ethermint Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. | 7.5 |
2021-02-08 | CVE-2021-25836 | Chainsafe | Unspecified vulnerability in Chainsafe Ethermint Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. | 7.5 |
2021-02-08 | CVE-2021-25835 | Chainsafe | Authentication Bypass by Capture-replay vulnerability in Chainsafe Ethermint Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. | 7.5 |
2021-02-08 | CVE-2021-25834 | Chainsafe | Authentication Bypass by Capture-replay vulnerability in Chainsafe Ethermint Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. | 7.5 |
2021-02-10 | CVE-2021-0333 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. | 7.3 | |
2021-02-10 | CVE-2021-0331 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. | 7.3 | |
2021-02-10 | CVE-2021-0314 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/8.1/9.0 In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. | 7.3 | |
2021-02-12 | CVE-2021-22982 | F5 | Classic Buffer Overflow vulnerability in F5 products On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. | 7.2 |
2021-02-11 | CVE-2021-21976 | Vmware | OS Command Injection vulnerability in VMWare Vsphere Replication vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution. | 7.2 |
2021-02-11 | CVE-2021-21311 | Adminer Debian | Adminer is an open-source database management in a single PHP file. | 7.2 |
2021-02-10 | CVE-2020-27871 | Solarwinds | Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1 This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. | 7.2 |
2021-02-10 | CVE-2021-25251 | Trendmicro | Code Injection vulnerability in Trendmicro products The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. | 7.2 |
2021-02-13 | CVE-2021-27209 | TP Link | Cleartext Transmission of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221 In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP. | 7.1 |
2021-02-09 | CVE-2020-27002 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). | 7.1 |
2021-02-11 | CVE-2021-20188 | Podman Project Redhat | A flaw was found in podman before 1.7.0. | 7.0 |
2021-02-08 | CVE-2021-26910 | Firejail Project Debian | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | 7.0 |
143 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-02-12 | CVE-2021-20648 | Elecom | OS Command Injection vulnerability in Elecom Wrc-300Febk-S Firmware ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | 6.8 |
2021-02-12 | CVE-2021-20640 | Logitech | Classic Buffer Overflow vulnerability in Logitech Lan-W300N/Pgrb Firmware Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors. | 6.8 |
2021-02-12 | CVE-2021-20639 | Logitech | OS Command Injection vulnerability in Logitech Lan-W300N/Pgrb Firmware LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. | 6.8 |
2021-02-12 | CVE-2021-20638 | Logitech | OS Command Injection vulnerability in Logitech Lan-W300N/Pgrb Firmware LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. | 6.8 |
2021-02-12 | CVE-2020-27867 | Netgear | Unspecified vulnerability in Netgear products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. | 6.8 |
2021-02-09 | CVE-2021-21140 | Google Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. | 6.8 |
2021-02-08 | CVE-2020-11915 | Svakom | Insecure Default Initialization of Resource vulnerability in Svakom Siime EYE Firmware 14.1.00000001.3.330.0.0.3.14 An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. | 6.8 |
2021-02-11 | CVE-2020-8027 | Opensuse | Unspecified vulnerability in Opensuse Openldap2 A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. | 6.6 |
2021-02-13 | CVE-2021-27210 | TP Link | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221 TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | 6.5 |
2021-02-12 | CVE-2021-20650 | Elecom | Cross-Site Request Forgery (CSRF) vulnerability in Elecom Ncc-Ewf100Rmwh2 Firmware Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. | 6.5 |
2021-02-12 | CVE-2021-20647 | Elecom | Cross-Site Request Forgery (CSRF) vulnerability in Elecom Wrc-300Febk-S Firmware Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. | 6.5 |
2021-02-12 | CVE-2021-20646 | Elecom | Cross-Site Request Forgery (CSRF) vulnerability in Elecom Wrc-300Febk-A Firmware Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. | 6.5 |
2021-02-12 | CVE-2021-20642 | Logitech | Unspecified vulnerability in Logitech Lan-W300N/Rs Firmware Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. | 6.5 |
2021-02-12 | CVE-2021-20641 | Logitech | Cross-Site Request Forgery (CSRF) vulnerability in Logitech Lan-W300N/Rs Firmware Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. | 6.5 |
2021-02-12 | CVE-2021-20637 | Logitech | Unspecified vulnerability in Logitech Lan-W300N/Pr5B Firmware Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. | 6.5 |
2021-02-12 | CVE-2021-20636 | Logitech | Cross-Site Request Forgery (CSRF) vulnerability in Logitech Lan-W300N/Pr5B Firmware Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. | 6.5 |
2021-02-12 | CVE-2021-20635 | Logitech | Improper Restriction of Excessive Authentication Attempts vulnerability in Logitech Lan-Wh450N/Gr Firmware Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. | 6.5 |
2021-02-12 | CVE-2020-27863 | Dlink | Unspecified vulnerability in Dlink Dsl-2888A Firmware and Dva-2800 Firmware This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. | 6.5 |
2021-02-11 | CVE-2020-9307 | Belden | Infinite Loop vulnerability in Belden Hirschmann Hios 07.0.04/08.0.00 Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. | 6.5 |
2021-02-11 | CVE-2021-21042 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. | 6.5 |
2021-02-11 | CVE-2020-13186 | Teradici | Cross-Site Request Forgery (CSRF) vulnerability in Teradici Cloud Access Connector An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link. | 6.5 |
2021-02-11 | CVE-2020-13185 | Teradici | Improper Authentication vulnerability in Teradici Cloud Access Connector Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials. | 6.5 |
2021-02-10 | CVE-2020-27870 | Solarwinds | Unspecified vulnerability in Solarwinds Orion Platform 2020.2.1 This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. | 6.5 |
2021-02-10 | CVE-2021-0335 | Use After Free vulnerability in Google Android 11.0 In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. | 6.5 | |
2021-02-09 | CVE-2021-21474 | SAP | Inadequate Encryption Strength vulnerability in SAP Hana Database 1.00/2.00 SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database. | 6.5 |
2021-02-09 | CVE-2020-35943 | Imagely | Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. | 6.5 |
2021-02-09 | CVE-2021-26676 | Intel Debian Opensuse | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. | 6.5 |
2021-02-09 | CVE-2021-26921 | Argoproj | Insufficient Session Expiration vulnerability in Argoproj Argo CD In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. | 6.5 |
2021-02-09 | CVE-2020-4790 | IBM | Improper Input Validation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. | 6.5 |
2021-02-09 | CVE-2021-26719 | Gradle | Path Traversal vulnerability in Gradle products A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. | 6.5 |
2021-02-09 | CVE-2021-21141 | Google Microsoft | Injection vulnerability in multiple products Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21139 | Google Microsoft | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21137 | Google Microsoft | Injection vulnerability in multiple products Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21136 | Google Microsoft | Origin Validation Error vulnerability in multiple products Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21135 | Google Microsoft | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21134 | Google Microsoft | Authentication Bypass by Spoofing vulnerability in multiple products Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21133 | Google Microsoft | Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21131 | Google Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21130 | Google Microsoft | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21129 | Google Microsoft | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21126 | Google Microsoft | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | 6.5 |
2021-02-09 | CVE-2021-21123 | Google Microsoft | Improper Input Validation vulnerability in multiple products Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
2021-02-08 | CVE-2020-36151 | Symonics Fedoraproject | Out-of-bounds Write vulnerability in multiple products Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block. | 6.5 |
2021-02-08 | CVE-2020-36150 | Symonics Fedoraproject | Out-of-bounds Read vulnerability in multiple products Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block. | 6.5 |
2021-02-08 | CVE-2020-36149 | Symonics Fedoraproject | NULL Pointer Dereference vulnerability in multiple products Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. | 6.5 |
2021-02-08 | CVE-2020-36148 | Symonics Fedoraproject | NULL Pointer Dereference vulnerability in multiple products Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. | 6.5 |
2021-02-08 | CVE-2021-26905 | 1Password | Improper Authentication vulnerability in 1Password Scim Bridge 1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key. | 6.5 |
2021-02-08 | CVE-2021-20359 | IBM | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. | 6.5 |
2021-02-08 | CVE-2021-20358 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. | 6.5 |
2021-02-08 | CVE-2021-21435 | Otrs | Information Exposure vulnerability in Otrs Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. | 6.5 |
2021-02-14 | CVE-2021-26929 | Horde Debian | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). | 6.1 |
2021-02-12 | CVE-2021-22984 | F5 | Open Redirect vulnerability in F5 products On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. | 6.1 |
2021-02-12 | CVE-2021-22979 | F5 | Cross-site Scripting vulnerability in F5 products On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. | 6.1 |
2021-02-12 | CVE-2021-20644 | Elecom | Injection vulnerability in Elecom Wrc-1467Ghbk-A Firmware ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. | 6.1 |
2021-02-11 | CVE-2021-22881 | Rubyonrails Fedoraproject | Open Redirect vulnerability in multiple products The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. | 6.1 |
2021-02-10 | CVE-2020-24842 | Sdgc | Cross-site Scripting vulnerability in Sdgc Pnpscada 2.200816204020 PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser. | 6.1 |
2021-02-10 | CVE-2020-13565 | Open EMR Phpgacl Project | Open Redirect vulnerability in multiple products An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). | 6.1 |
2021-02-10 | CVE-2020-29171 | Tipsandtricks HQ | Cross-site Scripting vulnerability in Tipsandtricks-Hq WP Security & Firewall Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress. | 6.1 |
2021-02-10 | CVE-2021-23873 | Mcafee | Link Following vulnerability in Mcafee Total Protection Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time. | 6.1 |
2021-02-09 | CVE-2021-21478 | SAP | Open Redirect vulnerability in SAP web Dynpro Abap SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | 6.1 |
2021-02-09 | CVE-2021-21476 | SAP | Open Redirect vulnerability in SAP UI5 SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | 6.1 |
2021-02-09 | CVE-2021-21444 | SAP | Improper Restriction of Rendered UI Layers or Frames vulnerability in SAP Businessobjects Business Intelligence 410/420/430 SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. | 6.1 |
2021-02-09 | CVE-2020-22839 | B2Evolution | Cross-site Scripting vulnerability in B2Evolution CMS 6.11.6 Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | 6.1 |
2021-02-09 | CVE-2020-35572 | Adminer | Cross-site Scripting vulnerability in Adminer Adminer through 4.7.8 allows XSS via the history parameter to the default URI. | 6.1 |
2021-02-09 | CVE-2020-22840 | B2Evolution | Open Redirect vulnerability in B2Evolution Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | 6.1 |
2021-02-08 | CVE-2021-26916 | Nopcommerce | Cross-site Scripting vulnerability in Nopcommerce 4.30 In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter. | 6.1 |
2021-02-08 | CVE-2020-13947 | Apache Oracle | Cross-site Scripting vulnerability in multiple products An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | 6.1 |
2021-02-08 | CVE-2021-22122 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortiweb An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points. | 6.1 |
2021-02-11 | CVE-2021-21310 | Nextauth JS | Unspecified vulnerability in Nextauth.Js Next-Auth NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. | 5.9 |
2021-02-09 | CVE-2021-22267 | HPE | Authentication Bypass by Capture-replay vulnerability in HPE web Viewpoint Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H). | 5.9 |
2021-02-09 | CVE-2020-13409 | Tufin | Cross-site Scripting vulnerability in Tufin Securetrack 18.1 Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). | 5.9 |
2021-02-09 | CVE-2020-13408 | Tufin | Cross-site Scripting vulnerability in Tufin Securetrack 18.1 Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). | 5.9 |
2021-02-09 | CVE-2020-13407 | Tufin | Cross-site Scripting vulnerability in Tufin Securetrack 18.1 Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). | 5.9 |
2021-02-09 | CVE-2020-16144 | Owncloud | Incorrect Default Permissions vulnerability in Owncloud Files Antivirus When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. | 5.7 |
2021-02-09 | CVE-2020-13462 | Tufin | Authorization Bypass Through User-Controlled Key vulnerability in Tufin Securetrack 18.1 Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. | 5.7 |
2021-02-12 | CVE-2021-20408 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. | 5.5 |
2021-02-12 | CVE-2021-27205 | Telegram | Cleartext Storage of Sensitive Information vulnerability in Telegram Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure. | 5.5 |
2021-02-12 | CVE-2021-27204 | Telegram | Cleartext Storage of Sensitive Information vulnerability in Telegram Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure. | 5.5 |
2021-02-11 | CVE-2021-25688 | Teradici | Information Exposure Through Log Files vulnerability in Teradici Pcoip Graphics Agent and Pcoip Standard Agent Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs. | 5.5 |
2021-02-10 | CVE-2021-0338 | Allocation of Resources Without Limits or Throttling vulnerability in Google Android 10.0/11.0 In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. | 5.5 | |
2021-02-09 | CVE-2020-26196 | Dell | Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Powerscale Onefs Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. | 5.5 |
2021-02-09 | CVE-2021-26550 | Smartfoxserver | Cleartext Storage of Sensitive Information vulnerability in Smartfoxserver 2.17.0 An issue was discovered in SmartFoxServer 2.17.0. | 5.5 |
2021-02-09 | CVE-2020-28394 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). | 5.5 |
2021-02-09 | CVE-2020-27008 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). | 5.5 |
2021-02-09 | CVE-2020-27007 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). | 5.5 |
2021-02-09 | CVE-2020-27004 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). | 5.5 |
2021-02-09 | CVE-2020-26998 | Siemens | Unspecified vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). | 5.5 |
2021-02-09 | CVE-2020-10048 | Siemens | Improper Authentication vulnerability in Siemens Simatic PCS 7 and Simatic Wincc A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). | 5.5 |
2021-02-09 | CVE-2020-4996 | IBM | Unspecified vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. | 5.5 |
2021-02-08 | CVE-2021-26917 | Bitmessage | Unspecified vulnerability in Bitmessage Pybitmessage PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. | 5.5 |
2021-02-08 | CVE-2020-14391 | Gnome | Unspecified vulnerability in Gnome Control Center A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. | 5.5 |
2021-02-08 | CVE-2020-8587 | Netapp | Unspecified vulnerability in Netapp Oncommand System Manager 9.3/9.4 OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs. | 5.5 |
2021-02-08 | CVE-2021-21290 | Netty Debian Quarkus Oracle Netapp | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.5 |
2021-02-12 | CVE-2021-22983 | F5 | Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. | 5.4 |
2021-02-12 | CVE-2021-20645 | Elecom | Cross-site Scripting vulnerability in Elecom Wrc-300Febk-A Firmware Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | 5.4 |
2021-02-12 | CVE-2021-27190 | Peel | Cross-site Scripting vulnerability in Peel Shopping 9.3.0/9.4.0 A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. | 5.4 |
2021-02-11 | CVE-2020-4768 | IBM | Cross-site Scripting vulnerability in IBM Business Automation Workflow and Case Manager IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. | 5.4 |
2021-02-11 | CVE-2020-8031 | Opensuse | Unspecified vulnerability in Opensuse Open Build Service A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. | 5.4 |
2021-02-10 | CVE-2021-26938 | Henriquedornas | Cross-site Scripting vulnerability in Henriquedornas 5.2.17 A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. | 5.4 |
2021-02-10 | CVE-2021-20654 | Wekan Project | Cross-site Scripting vulnerability in Wekan Project Wekan Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. | 5.4 |
2021-02-09 | CVE-2021-26549 | Smartfoxserver | Cross-site Scripting vulnerability in Smartfoxserver 2.17.0 An XSS issue was discovered in SmartFoxServer 2.17.0. | 5.4 |
2021-02-09 | CVE-2021-26925 | Roundcube Fedoraproject | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | 5.4 |
2021-02-09 | CVE-2021-3294 | Casap Automated Enrollment System Project | Cross-site Scripting vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. | 5.4 |
2021-02-08 | CVE-2020-26052 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Marriage Registration System 1.0 Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters. | 5.4 |
2021-02-12 | CVE-2021-20410 | IBM | Insufficiently Protected Credentials vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. | 5.3 |
2021-02-11 | CVE-2021-21022 | Magento | Unspecified vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. | 5.3 |
2021-02-11 | CVE-2021-20404 | IBM | Unspecified vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins. | 5.3 |
2021-02-09 | CVE-2021-26954 | Qwutils Project | Double Free vulnerability in Qwutils Project Qwutils An issue was discovered in the qwutils crate before 0.3.1 for Rust. | 5.3 |
2021-02-09 | CVE-2020-26195 | Dell | Improper Handling of Exceptional Conditions vulnerability in Dell EMC Powerscale Onefs Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. | 5.3 |
2021-02-09 | CVE-2020-28388 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). | 5.3 |
2021-02-09 | CVE-2020-4995 | IBM | Insufficient Session Expiration vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. | 5.3 |
2021-02-09 | CVE-2020-4791 | IBM | Improper Certificate Validation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. | 5.3 |
2021-02-08 | CVE-2021-26540 | Apostrophecms | Unspecified vulnerability in Apostrophecms Sanitize-Html Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com". | 5.3 |
2021-02-08 | CVE-2021-26539 | Apostrophecms | Unspecified vulnerability in Apostrophecms Sanitize-Html Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option. | 5.3 |
2021-02-08 | CVE-2021-3293 | Emlog | Unspecified vulnerability in Emlog 5.3.1 emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file. | 5.3 |
2021-02-10 | CVE-2021-23878 | Mcafee | Cleartext Storage of Sensitive Information vulnerability in Mcafee Endpoint Security Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. | 5.0 |
2021-02-12 | CVE-2021-20406 | IBM | Unspecified vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.9 |
2021-02-10 | CVE-2020-8355 | Lenovo | Cleartext Transmission of Sensitive Information vulnerability in Lenovo Xclarity Administrator An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. | 4.9 |
2021-02-10 | CVE-2020-7021 | Elastic | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. | 4.9 |
2021-02-08 | CVE-2020-1779 | Otrs | Information Exposure vulnerability in Otrs Ticket Forms When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. | 4.9 |
2021-02-12 | CVE-2021-22981 | F5 | Unspecified vulnerability in F5 products On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. | 4.8 |
2021-02-12 | CVE-2021-20649 | Elecom | Improper Certificate Validation vulnerability in Elecom Wrc-300Febk-S Firmware ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. | 4.8 |
2021-02-11 | CVE-2021-21029 | Magento | Unspecified vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. | 4.8 |
2021-02-10 | CVE-2021-23881 | Mcafee | Cross-site Scripting vulnerability in Mcafee Endpoint Security A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy. | 4.8 |
2021-02-09 | CVE-2020-22841 | B2Evolution | Cross-site Scripting vulnerability in B2Evolution Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. | 4.8 |
2021-02-08 | CVE-2020-29021 | Secomea | Cross-site Scripting vulnerability in Secomea products A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. | 4.8 |
2021-02-08 | CVE-2021-21434 | Otrs | Cross-site Scripting vulnerability in Otrs Survey Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. | 4.8 |
2021-02-11 | CVE-2021-20335 | Mongodb | Cleartext Transmission of Sensitive Information vulnerability in Mongodb OPS Manager For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. | 4.6 |
2021-02-11 | CVE-2020-8030 | Suse | Unspecified vulnerability in Suse Caas Platform 4.5 A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster. | 4.4 |
2021-02-10 | CVE-2020-16120 | Linux Canonical | Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. | 4.4 |
2021-02-10 | CVE-2021-23883 | Mcafee | NULL Pointer Dereference vulnerability in Mcafee Endpoint Security A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. | 4.4 |
2021-02-10 | CVE-2021-23882 | Mcafee | Unspecified vulnerability in Mcafee Endpoint Security Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. | 4.4 |
2021-02-10 | CVE-2021-23880 | Mcafee | Unspecified vulnerability in Mcafee Endpoint Security Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters. | 4.4 |
2021-02-09 | CVE-2021-25141 | Arubanetworks HPE | A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. | 4.4 |
2021-02-11 | CVE-2021-21034 | Adobe | Out-of-bounds Read vulnerability in Adobe products Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. | 4.3 |
2021-02-11 | CVE-2021-21301 | Wire | Unspecified vulnerability in Wire Wire is an open-source collaboration platform. | 4.3 |
2021-02-09 | CVE-2020-28644 | Owncloud | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. | 4.3 |
2021-02-09 | CVE-2021-25666 | Siemens | Unspecified vulnerability in Siemens Scalance W740 Firmware and Scalance W780 Firmware A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). | 4.3 |
2021-02-09 | CVE-2021-21147 | Google Fedoraproject | Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
2021-02-09 | CVE-2020-13461 | Tufin | Unspecified vulnerability in Tufin Securetrack Username enumeration in present in Tufin SecureTrack. | 4.3 |
2021-02-08 | CVE-2021-21288 | Carrierwave Project | Unspecified vulnerability in Carrierwave Project Carrierwave CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. | 4.3 |
2021-02-08 | CVE-2021-21436 | Otrs | Incorrect Default Permissions vulnerability in Otrs CIS in Customer Frontend 7.0.0/7.0.14 Agents are able to see and link Config Items without permissions, which are defined in General Catalog. | 4.3 |
2021-02-11 | CVE-2020-8029 | Suse | Unspecified vulnerability in Suse Caas Platform 4.5 A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. | 4.0 |
11 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-02-11 | CVE-2019-19004 | Autotrace Project Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. | 3.3 |
2021-02-11 | CVE-2020-10734 | Redhat | Unspecified vulnerability in Redhat products A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. | 3.3 |
2021-02-09 | CVE-2020-17428 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 3.3 |
2021-02-09 | CVE-2020-17422 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 3.3 |
2021-02-09 | CVE-2020-17420 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo 3.6.6.922 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. | 3.3 |
2021-02-08 | CVE-2020-8590 | Netapp | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | 3.3 |
2021-02-08 | CVE-2020-8578 | Netapp | Unspecified vulnerability in Netapp Clustered Data Ontap Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true. | 3.3 |
2021-02-11 | CVE-2020-1717 | Redhat | Information Exposure Through an Error Message vulnerability in Redhat products A flaw was found in Keycloak 7.0.1. | 2.7 |
2021-02-11 | CVE-2021-20402 | IBM | Information Exposure Through an Error Message vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 2.7 |
2021-02-10 | CVE-2021-21296 | Fleetdm | Unspecified vulnerability in Fleetdm Fleet Fleet is an open source osquery manager. | 2.7 |
2021-02-10 | CVE-2021-22133 | Elastic | Information Exposure Through Log Files vulnerability in Elastic APM Agent The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. | 2.4 |