Weekly Vulnerabilities Reports > April 19 to 25, 2021
Overview
445 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 85 high severity vulnerabilities. This weekly summary report vulnerabilities in 319 products from 119 vendors including Oracle, Juniper, Netapp, Fedoraproject, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Path Traversal", and "NULL Pointer Dereference".
- 347 reported vulnerabilities are remotely exploitables.
- 81 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 273 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 181 reported vulnerabilities.
- Juniper has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-04-23 | CVE-2021-22893 | Ivanti | Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. | 10.0 |
2021-04-22 | CVE-2021-0265 | Juniper | OS Command Injection vulnerability in Juniper Appformix An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. | 10.0 |
2021-04-22 | CVE-2021-0249 | Juniper | Classic Buffer Overflow vulnerability in Juniper Junos 15.1X49/17.4 On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device. | 10.0 |
2021-04-22 | CVE-2021-29465 | Discord | OS Command Injection vulnerability in Discord Discord-Recon 0.0.1/0.0.2/0.0.3 Discord-Recon is a bot for the Discord chat service. | 9.8 |
2021-04-20 | CVE-2021-28827 | Tibco | Cross-site Scripting vulnerability in Tibco Administrator and Runtime Agent The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. | 9.6 |
2021-04-22 | CVE-2021-0275 | Juniper | Cross-site Scripting vulnerability in Juniper Junos A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. | 9.3 |
2021-04-19 | CVE-2021-27031 | Autodesk | Use After Free vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0 A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. | 9.3 |
2021-04-19 | CVE-2021-27030 | Autodesk | Path Traversal vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0 A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system. | 9.3 |
2021-04-19 | CVE-2021-21070 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Robohelp Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. | 9.3 |
2021-04-23 | CVE-2021-26291 | Apache Quarkus Oracle | Origin Validation Error vulnerability in multiple products Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. | 9.1 |
2021-04-20 | CVE-2020-26197 | Dell | Cleartext Transmission of Sensitive Information vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. | 9.1 |
2021-04-23 | CVE-2020-7034 | Avaya | Command Injection vulnerability in Avaya Session Border Controller for Enterprise A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. | 9.0 |
2021-04-19 | CVE-2021-20991 | Fibaro | Command Injection vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability. | 9.0 |
85 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-04-23 | CVE-2021-20089 | Purl Project | Unspecified vulnerability in Purl Project Purl 2.3.2 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype. | 8.8 |
2021-04-23 | CVE-2021-20086 | Jquery BBQ Project | Unspecified vulnerability in Jquery-Bbq Project Jquery-Bbq 1.2.1 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype. | 8.8 |
2021-04-23 | CVE-2021-20085 | Backbone Query Parameters Project | Unspecified vulnerability in Backbone-Query-Parameters Project Backbone-Query-Parameters 0.4.0 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype. | 8.8 |
2021-04-23 | CVE-2021-20083 | Jquery Plugin Query Object Project | Unspecified vulnerability in Jquery-Plugin-Query-Object Project Jquery-Plugin-Query-Object 2.2.3 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype. | 8.8 |
2021-04-23 | CVE-2021-20088 | Mootools | Unspecified vulnerability in Mootools Mootools-More 1.6.0 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype. | 8.8 |
2021-04-23 | CVE-2021-20087 | Acemetrix | Unspecified vulnerability in Acemetrix Jquery-Deparam 0.5.1 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype. | 8.8 |
2021-04-23 | CVE-2021-20084 | Jquery Sparkle Project | Unspecified vulnerability in Jquery-Sparkle Project Jquery-Sparkle 1.5.2 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype. | 8.8 |
2021-04-21 | CVE-2021-21646 | Jenkins | Unspecified vulnerability in Jenkins Templating Engine Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. | 8.8 |
2021-04-20 | CVE-2021-29461 | Demon1A | Argument Injection or Modification vulnerability in Demon1A Discord-Recon 0.0.2 Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. | 8.8 |
2021-04-20 | CVE-2021-28828 | Tibco | SQL Injection vulnerability in Tibco Administrator The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. | 8.8 |
2021-04-22 | CVE-2020-25244 | Siemens | Uncontrolled Search Path Element vulnerability in Siemens Logo! Soft Comfort A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). | 8.4 |
2021-04-22 | CVE-2020-27009 | Siemens | Out-of-bounds Write vulnerability in Siemens Nucleus NET and Nucleus Source Code A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). | 8.1 |
2021-04-22 | CVE-2020-15795 | Siemens | Out-of-bounds Write vulnerability in Siemens Nucleus NET and Nucleus Source Code A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). | 8.1 |
2021-04-21 | CVE-2021-21642 | Jenkins | XXE vulnerability in Jenkins Config File Provider Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
2021-04-20 | CVE-2021-28829 | Tibco | Injection vulnerability in Tibco Administrator The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system. | 8.0 |
2021-04-23 | CVE-2021-22204 | Exiftool Project Debian Fedoraproject | Code Injection vulnerability in multiple products Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | 7.8 |
2021-04-23 | CVE-2021-22682 | Hornerautomation | Unspecified vulnerability in Hornerautomation Cscape Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. | 7.8 |
2021-04-23 | CVE-2021-22678 | Hornerautomation | Out-of-bounds Write vulnerability in Hornerautomation Cscape Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. | 7.8 |
2021-04-23 | CVE-2021-31607 | Saltstack Fedoraproject | OS Command Injection vulnerability in multiple products In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. | 7.8 |
2021-04-22 | CVE-2021-3496 | Jhead Project | Out-of-bounds Write vulnerability in Jhead Project Jhead 3.06 A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. | 7.8 |
2021-04-21 | CVE-2021-1076 | Nvidia Debian | NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. | 7.8 |
2021-04-21 | CVE-2020-35980 | Gpac | Use After Free vulnerability in Gpac 0.8.0/1.0.1 An issue was discovered in GPAC version 0.8.0 and 1.0.1. | 7.8 |
2021-04-19 | CVE-2021-3498 | Gstreamer Project Redhat Debian | Out-of-bounds Write vulnerability in multiple products GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. | 7.8 |
2021-04-19 | CVE-2021-3497 | Gstreamer Project Redhat Debian | Use After Free vulnerability in multiple products GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | 7.8 |
2021-04-19 | CVE-2021-29457 | Exiv2 Fedoraproject Debian | Heap-based Buffer Overflow vulnerability in multiple products Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 7.8 |
2021-04-25 | CVE-2021-31726 | Akuvox | Command Injection vulnerability in Akuvox C315 Firmware 115.116.2613 Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. | 7.5 |
2021-04-25 | CVE-2021-30502 | Simple Glasgow Haskell Compiler Project | Unspecified vulnerability in Simple Glasgow Haskell Compiler Project Simple Glasgow Haskell Compiler The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand. | 7.5 |
2021-04-23 | CVE-2021-22205 | Gitlab | Code Injection vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. | 7.5 |
2021-04-23 | CVE-2021-31597 | Xmlhttprequest SSL Project | Improper Certificate Validation vulnerability in Xmlhttprequest-Ssl Project Xmlhttprequest-Ssl The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. | 7.5 |
2021-04-22 | CVE-2021-2317 | Oracle | Unspecified vulnerability in Oracle Cloud Infrastructure Storage Gateway Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). | 7.5 |
2021-04-22 | CVE-2021-2310 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.5 |
2021-04-22 | CVE-2021-2302 | Oracle | Unspecified vulnerability in Oracle Platform Security for Java 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware (component: OPSS). | 7.5 |
2021-04-22 | CVE-2021-2256 | Oracle | Unspecified vulnerability in Oracle Storage Cloud Software Appliance Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). | 7.5 |
2021-04-22 | CVE-2021-2248 | Oracle | Unspecified vulnerability in Oracle Secure Global Desktop 5.6 Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). | 7.5 |
2021-04-22 | CVE-2021-2244 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). | 7.5 |
2021-04-22 | CVE-2021-2240 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.5 |
2021-04-22 | CVE-2021-2218 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise PT Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). | 7.5 |
2021-04-22 | CVE-2021-2177 | Oracle | Unspecified vulnerability in Oracle Secure Global Desktop 5.6 Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). | 7.5 |
2021-04-22 | CVE-2021-2136 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2021-04-22 | CVE-2021-2135 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). | 7.5 |
2021-04-22 | CVE-2021-2008 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager 11.1.1.9/12.2.1.3 Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). | 7.5 |
2021-04-22 | CVE-2021-24240 | Aivahthemes | Unrestricted Upload of File with Dangerous Type vulnerability in Aivahthemes Business Hours PRO 5.5.0 The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability. | 7.5 |
2021-04-22 | CVE-2021-27389 | Siemens | Use of Hard-coded Cryptographic Key vulnerability in Siemens Opcenter Quality and QMS Automotive A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). | 7.5 |
2021-04-22 | CVE-2021-25669 | Siemens | Stack-based Buffer Overflow vulnerability in Siemens products A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. | 7.5 |
2021-04-22 | CVE-2021-25668 | Siemens | Heap-based Buffer Overflow vulnerability in Siemens products A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. | 7.5 |
2021-04-22 | CVE-2021-25664 | Siemens | Infinite Loop vulnerability in Siemens products A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). | 7.5 |
2021-04-22 | CVE-2021-25663 | Siemens | Infinite Loop vulnerability in Siemens products A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). | 7.5 |
2021-04-22 | CVE-2021-0266 | Juniper | Use of Hard-coded Credentials vulnerability in Juniper Junos 20.2/20.3/20.4 The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. | 7.5 |
2021-04-22 | CVE-2021-0260 | Juniper | Unspecified vulnerability in Juniper Junos An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. | 7.5 |
2021-04-22 | CVE-2021-0254 | Juniper | Out-of-bounds Write vulnerability in Juniper Junos A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). | 7.5 |
2021-04-22 | CVE-2021-0248 | Juniper | Use of Hard-coded Credentials vulnerability in Juniper Junos This issue is not applicable to NFX NextGen Software. | 7.5 |
2021-04-22 | CVE-2021-20590 | Mitsubishielectric | Improper Authentication vulnerability in Mitsubishielectric products Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used. | 7.5 |
2021-04-22 | CVE-2020-7861 | Anysupport | Path Traversal vulnerability in Anysupport AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. | 7.5 |
2021-04-22 | CVE-2021-31572 | Amazon | Integer Overflow or Wraparound vulnerability in Amazon Freertos The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. | 7.5 |
2021-04-22 | CVE-2021-31571 | Amazon | Integer Overflow or Wraparound vulnerability in Amazon Freertos The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation. | 7.5 |
2021-04-22 | CVE-2021-30476 | Hashicorp | Unspecified vulnerability in Hashicorp Terraform Provider HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. | 7.5 |
2021-04-22 | CVE-2021-3287 | Zohocorp | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | 7.5 |
2021-04-21 | CVE-2021-21426 | Openmage | Deserialization of Untrusted Data vulnerability in Openmage Magento Magento-lts is a long-term support alternative to Magento Community Edition (CE). | 7.5 |
2021-04-21 | CVE-2020-23907 | Avast | Out-of-bounds Write vulnerability in Avast Retdec 3.3 An issue was discovered in retdec v3.3. | 7.5 |
2021-04-21 | CVE-2021-28965 | Ruby Lang Fedoraproject | The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. | 7.5 |
2021-04-20 | CVE-2021-29462 | Pupnp Project | Insufficient Verification of Data Authenticity vulnerability in Pupnp Project Pupnp The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. | 7.5 |
2021-04-20 | CVE-2020-7857 | Tobesoft | Improper Input Validation vulnerability in Tobesoft Xplatform A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. | 7.5 |
2021-04-20 | CVE-2020-35314 | Wondercms | OS Command Injection vulnerability in Wondercms 3.1.3 A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | 7.5 |
2021-04-20 | CVE-2020-35313 | Wondercms | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | 7.5 |
2021-04-20 | CVE-2021-28156 | Hashicorp | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. | 7.5 |
2021-04-20 | CVE-2021-28793 | Lextudio | Incorrect Authorization vulnerability in Lextudio Restructuredtext vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration. | 7.5 |
2021-04-20 | CVE-2020-7856 | Cnesty | Improper Authentication vulnerability in Cnesty Helpcom A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. | 7.5 |
2021-04-20 | CVE-2021-25681 | Adtran | Unspecified vulnerability in Adtran Personal Phone Manager 10.8.1 AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. | 7.5 |
2021-04-19 | CVE-2020-27241 | Openclinic GA Project | SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3 An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. | 7.5 |
2021-04-19 | CVE-2020-27240 | Openclinic GA Project | SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3 An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. | 7.5 |
2021-04-19 | CVE-2021-20990 | Fibaro | Missing Authentication for Critical Function vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode. | 7.5 |
2021-04-22 | CVE-2020-27738 | Siemens | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens products A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). | 7.4 |
2021-04-22 | CVE-2021-0232 | Juniper Fedoraproject | Authentication Bypass by Spoofing vulnerability in multiple products An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. | 7.4 |
2021-04-22 | CVE-2021-0255 | Juniper | Improper Privilege Management vulnerability in Juniper Junos 17.3/17.4/18.1 A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. | 7.2 |
2021-04-22 | CVE-2021-0245 | Juniper | Use of Hard-coded Credentials vulnerability in Juniper Junos 16.1/17.1/17.2 A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device. | 7.2 |
2021-04-22 | CVE-2021-27277 | Solarwinds | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. | 7.2 |
2021-04-21 | CVE-2021-31523 | Xscreensaver Project | Improper Privilege Management vulnerability in Xscreensaver Project Xscreensaver 5.42+Dfsg11 The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency. | 7.2 |
2021-04-20 | CVE-2021-21526 | Dell | OS Command Injection vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root. | 7.2 |
2021-04-22 | CVE-2021-0258 | Juniper | Race Condition vulnerability in Juniper Junos 17.2/17.3/17.4 A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). | 7.1 |
2021-04-21 | CVE-2020-23931 | Gpac | Out-of-bounds Read vulnerability in Gpac An issue was discovered in gpac before 1.0.1. | 7.1 |
2021-04-21 | CVE-2020-23928 | Gpac | Out-of-bounds Read vulnerability in Gpac An issue was discovered in gpac before 1.0.1. | 7.1 |
2021-04-21 | CVE-2020-23922 | Giflib Project Apache | Out-of-bounds Read vulnerability in multiple products An issue was discovered in giflib through 5.1.4. | 7.1 |
2021-04-21 | CVE-2020-23921 | Fast BER Project | Out-of-bounds Read vulnerability in Fast BER Project Fast BER An issue was discovered in fast_ber through v0.4. | 7.1 |
2021-04-19 | CVE-2021-3506 | Linux Debian Netapp | Out-of-bounds Read vulnerability in multiple products An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. | 7.1 |
2021-04-22 | CVE-2021-23133 | Linux Fedoraproject Debian Netapp Broadcom | Race Condition vulnerability in multiple products A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. | 7.0 |
286 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-04-24 | CVE-2021-31795 | Pvrsrvkm KO Project | Out-of-bounds Write vulnerability in Pvrsrvkm.Ko Project Pvrsrvkm.Ko The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR. | 6.9 |
2021-04-21 | CVE-2021-1074 | Nvidia | Unspecified vulnerability in Nvidia GPU Display Driver 390/392.61 NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. | 6.9 |
2021-04-25 | CVE-2021-31762 | Webmin | Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | 6.8 |
2021-04-25 | CVE-2021-31761 | Webmin | Cross-site Scripting vulnerability in Webmin 1.973 Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. | 6.8 |
2021-04-25 | CVE-2021-31760 | Webmin | Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | 6.8 |
2021-04-25 | CVE-2021-31718 | Npupnp Project | Origin Validation Error vulnerability in Npupnp Project Npupnp The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution. | 6.8 |
2021-04-23 | CVE-2021-31584 | Sipwise | Cross-Site Request Forgery (CSRF) vulnerability in Sipwise Next Generation Communication Platform 3.6.4 Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges. | 6.8 |
2021-04-23 | CVE-2020-7385 | Rapid7 | Deserialization of Untrusted Data vulnerability in Rapid7 Metasploit By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. | 6.8 |
2021-04-22 | CVE-2021-2279 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.8 |
2021-04-22 | CVE-2021-2221 | Oracle | Unspecified vulnerability in Oracle Secure Global Desktop 5.6 Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). | 6.8 |
2021-04-22 | CVE-2020-26997 | Siemens | Untrusted Pointer Dereference vulnerability in Siemens Solid Edge Se2020 and Solid Edge Se2021 A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). | 6.8 |
2021-04-22 | CVE-2021-27382 | Siemens | Stack-based Buffer Overflow vulnerability in Siemens Solid Edge Se2020 and Solid Edge Se2021 A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). | 6.8 |
2021-04-22 | CVE-2021-25678 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge Se2020 and Solid Edge Se2021 A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). | 6.8 |
2021-04-22 | CVE-2021-25670 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Robotexpert A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). | 6.8 |
2021-04-22 | CVE-2021-0247 | Juniper | Race Condition vulnerability in Juniper Junos 14.1X53/15.1X53 A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. | 6.8 |
2021-04-22 | CVE-2021-0236 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). | 6.8 |
2021-04-22 | CVE-2021-0231 | Juniper | Path Traversal vulnerability in Juniper Junos A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. | 6.8 |
2021-04-21 | CVE-2020-35982 | Gpac | NULL Pointer Dereference vulnerability in Gpac 0.8.0/1.0.1 An issue was discovered in GPAC version 0.8.0 and 1.0.1. | 6.8 |
2021-04-21 | CVE-2020-35981 | Gpac | NULL Pointer Dereference vulnerability in Gpac 0.8.0/1.0.1 An issue was discovered in GPAC version 0.8.0 and 1.0.1. | 6.8 |
2021-04-21 | CVE-2020-35979 | Gpac | Out-of-bounds Write vulnerability in Gpac 0.8.0/1.0.1 An issue was discovered in GPAC version 0.8.0 and 1.0.1. | 6.8 |
2021-04-19 | CVE-2021-27028 | Autodesk | Out-of-bounds Write vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0 A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files. | 6.8 |
2021-04-19 | CVE-2021-27027 | Autodesk | Out-of-bounds Read vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0 An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure. | 6.8 |
2021-04-19 | CVE-2020-7851 | Innorix | Argument Injection or Modification vulnerability in Innorix File Transfer Solution Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. | 6.8 |
2021-04-23 | CVE-2021-29470 | Exiv2 Fedoraproject | Out-of-bounds Read vulnerability in multiple products Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 6.5 |
2021-04-23 | CVE-2021-22207 | Wireshark Fedoraproject Oracle Debian | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | 6.5 |
2021-04-22 | CVE-2021-2320 | Oracle | Unspecified vulnerability in Oracle Cloud Infrastructure Storage Gateway Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). | 6.5 |
2021-04-22 | CVE-2021-2319 | Oracle | Unspecified vulnerability in Oracle Cloud Infrastructure Storage Gateway Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). | 6.5 |
2021-04-22 | CVE-2021-2318 | Oracle | Unspecified vulnerability in Oracle Cloud Infrastructure Storage Gateway Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). | 6.5 |
2021-04-22 | CVE-2021-2219 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). | 6.5 |
2021-04-22 | CVE-2021-2178 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 6.5 |
2021-04-22 | CVE-2021-2172 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 6.5 |
2021-04-22 | CVE-2021-2151 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). | 6.5 |
2021-04-22 | CVE-2021-2144 | Oracle Netapp Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). | 6.5 |
2021-04-22 | CVE-2021-24238 | Purethemes | Forced Browsing vulnerability in Purethemes Findeo and Realteo The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter. | 6.5 |
2021-04-22 | CVE-2020-27737 | Siemens | Out-of-bounds Read vulnerability in Siemens products A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). | 6.5 |
2021-04-22 | CVE-2020-27736 | Siemens | Out-of-bounds Read vulnerability in Siemens products A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). | 6.5 |
2021-04-21 | CVE-2021-21427 | Openmage | SQL Injection vulnerability in Openmage Magento Magento-lts is a long-term support alternative to Magento Community Edition (CE). | 6.5 |
2021-04-21 | CVE-2021-28167 | Eclipse | Missing Initialization of Resource vulnerability in Eclipse Openj9 In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. | 6.5 |
2021-04-21 | CVE-2021-21643 | Jenkins | Unspecified vulnerability in Jenkins Config File Provider Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. | 6.5 |
2021-04-20 | CVE-2021-3035 | Paloaltonetworks | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 6.5 |
2021-04-19 | CVE-2021-20527 | IBM | Command Injection vulnerability in IBM Resilient 26.0/26.1/26.2 IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. | 6.5 |
2021-04-22 | CVE-2021-2294 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 6.4 |
2021-04-22 | CVE-2021-2253 | Oracle | Unspecified vulnerability in Oracle Advanced Supply Chain Planning 12.1/12.2 Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core). | 6.4 |
2021-04-22 | CVE-2021-2242 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.5 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 6.4 |
2021-04-22 | CVE-2021-2205 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 6.4 |
2021-04-22 | CVE-2021-2200 | Oracle | Unspecified vulnerability in Oracle Applications Framework 12.2.10 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Home page). | 6.4 |
2021-04-22 | CVE-2020-17564 | Feifeicms | Path Traversal vulnerability in Feifeicms 4.0 Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component. | 6.4 |
2021-04-22 | CVE-2020-17563 | Feifeicms | Path Traversal vulnerability in Feifeicms 4.0 Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=". | 6.4 |
2021-04-22 | CVE-2021-31553 | An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. | 6.4 | |
2021-04-21 | CVE-2021-20501 | IBM | Unspecified vulnerability in IBM I IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. | 6.4 |
2021-04-21 | CVE-2021-20454 | IBM | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
2021-04-20 | CVE-2021-20453 | IBM | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
2021-04-22 | CVE-2021-24239 | Genetechsolutions | Cross-site Scripting vulnerability in Genetechsolutions PIE Register The Pie Register – User Registration Forms. | 6.1 |
2021-04-22 | CVE-2021-24237 | Purethemes | Cross-site Scripting vulnerability in Purethemes Findeo and Realteo The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. | 6.1 |
2021-04-22 | CVE-2021-24235 | Boostifythemes | Cross-site Scripting vulnerability in Boostifythemes Goto The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue. | 6.1 |
2021-04-22 | CVE-2021-0272 | Juniper | Memory Leak vulnerability in Juniper Junos 16.1/16.2/17.1 A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. | 6.1 |
2021-04-22 | CVE-2021-0242 | Juniper | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. | 6.1 |
2021-04-22 | CVE-2021-0239 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved 20.4 In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. | 6.1 |
2021-04-20 | CVE-2020-25864 | Hashicorp | Cross-site Scripting vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. | 6.1 |
2021-04-20 | CVE-2021-25680 | Adtran | Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1 The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. | 6.1 |
2021-04-19 | CVE-2021-20208 | Samba Redhat Fedoraproject | Improper Privilege Management vulnerability in multiple products A flaw was found in cifs-utils in versions before 6.13. | 6.1 |
2021-04-22 | CVE-2021-2161 | Oracle Debian Fedoraproject Netapp Mcafee | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). | 5.9 |
2021-04-19 | CVE-2021-20989 | Fibaro | Improper Certificate Validation vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. | 5.9 |
2021-04-22 | CVE-2021-2315 | Oracle | Unspecified vulnerability in Oracle Http Server 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). | 5.8 |
2021-04-22 | CVE-2021-2216 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Multichannel Framework). | 5.8 |
2021-04-22 | CVE-2021-2210 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). | 5.8 |
2021-04-22 | CVE-2021-2206 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). | 5.8 |
2021-04-22 | CVE-2021-2199 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2198 | Oracle | Unspecified vulnerability in Oracle Knowledge Management Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). | 5.8 |
2021-04-22 | CVE-2021-2197 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2195 | Oracle | Unspecified vulnerability in Oracle Partner Management Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). | 5.8 |
2021-04-22 | CVE-2021-2188 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2187 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2186 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2185 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2184 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2183 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2182 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2150 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.8 |
2021-04-22 | CVE-2021-2142 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 5.8 |
2021-04-22 | CVE-2021-2140 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). | 5.8 |
2021-04-22 | CVE-2021-2053 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.4.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). | 5.8 |
2021-04-22 | CVE-2021-0268 | Juniper | Injection vulnerability in Juniper Junos An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. | 5.8 |
2021-04-20 | CVE-2021-30496 | Telegram | Unspecified vulnerability in Telegram 7.6.2 The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. | 5.7 |
2021-04-21 | CVE-2021-1075 | Nvidia | NULL Pointer Dereference vulnerability in Nvidia GPU Display Driver NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges. | 5.6 |
2021-04-23 | CVE-2021-25382 | Unspecified vulnerability in Google Android An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. | 5.5 | |
2021-04-22 | CVE-2021-2316 | Oracle | Unspecified vulnerability in Oracle Human Resource Management Software for France Vulnerability in the Oracle HRMS (France) product of Oracle E-Business Suite (component: French HR). | 5.5 |
2021-04-22 | CVE-2021-2314 | Oracle | Unspecified vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Profiles). | 5.5 |
2021-04-22 | CVE-2021-2304 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 5.5 |
2021-04-22 | CVE-2021-2295 | Oracle | Unspecified vulnerability in Oracle Concurrent Processing 12.1.3 Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). | 5.5 |
2021-04-22 | CVE-2021-2292 | Oracle | Unspecified vulnerability in Oracle Document Management and Collaboration Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Document Management). | 5.5 |
2021-04-22 | CVE-2021-2290 | Oracle | Unspecified vulnerability in Oracle Engineering Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management). | 5.5 |
2021-04-22 | CVE-2021-2289 | Oracle | Unspecified vulnerability in Oracle Product HUB Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Template, GTIN search). | 5.5 |
2021-04-22 | CVE-2021-2288 | Oracle | Unspecified vulnerability in Oracle Bills of Material Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite (component: Bill Issues). | 5.5 |
2021-04-22 | CVE-2021-2276 | Oracle | Unspecified vulnerability in Oracle Isetup 12.1.3 Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). | 5.5 |
2021-04-22 | CVE-2021-2275 | Oracle | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). | 5.5 |
2021-04-22 | CVE-2021-2274 | Oracle | Unspecified vulnerability in Oracle E-Business TAX Vulnerability in the Oracle E-Business Tax product of Oracle E-Business Suite (component: User Interface). | 5.5 |
2021-04-22 | CVE-2021-2273 | Oracle | Unspecified vulnerability in Oracle Legal Entity Configurator Vulnerability in the Oracle Legal Entity Configurator product of Oracle E-Business Suite (component: Create Contracts). | 5.5 |
2021-04-22 | CVE-2021-2272 | Oracle | Unspecified vulnerability in Oracle Subledger Accounting Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Inquiries). | 5.5 |
2021-04-22 | CVE-2021-2271 | Oracle | Unspecified vulnerability in Oracle Work in Progress 12.1.3 Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Resource Exceptions). | 5.5 |
2021-04-22 | CVE-2021-2270 | Oracle | Unspecified vulnerability in Oracle Site HUB Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Sites). | 5.5 |
2021-04-22 | CVE-2021-2269 | Oracle | Unspecified vulnerability in Oracle Advanced Pricing 12.1.3 Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price Book). | 5.5 |
2021-04-22 | CVE-2021-2268 | Oracle | Unspecified vulnerability in Oracle Quoting 12.1.1/12.1.3 Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware). | 5.5 |
2021-04-22 | CVE-2021-2267 | Oracle | Unspecified vulnerability in Oracle Labor Distribution Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite (component: User Interface). | 5.5 |
2021-04-22 | CVE-2021-2263 | Oracle | Unspecified vulnerability in Oracle Sourcing Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Intelligence, RFx). | 5.5 |
2021-04-22 | CVE-2021-2262 | Oracle | Unspecified vulnerability in Oracle Purchasing 12.1.3 Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Endeca). | 5.5 |
2021-04-22 | CVE-2021-2261 | Oracle | Unspecified vulnerability in Oracle Lease and Finance Management Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Quotes). | 5.5 |
2021-04-22 | CVE-2021-2260 | Oracle | Unspecified vulnerability in Oracle Human Resources 12.1.3 Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: iRecruitment). | 5.5 |
2021-04-22 | CVE-2021-2259 | Oracle | Unspecified vulnerability in Oracle Payables Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: India Localization, Results). | 5.5 |
2021-04-22 | CVE-2021-2258 | Oracle | Unspecified vulnerability in Oracle Projects Vulnerability in the Oracle Projects product of Oracle E-Business Suite (component: User Interface). | 5.5 |
2021-04-22 | CVE-2021-2255 | Oracle | Unspecified vulnerability in Oracle Service Contracts 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). | 5.5 |
2021-04-22 | CVE-2021-2254 | Oracle | Unspecified vulnerability in Oracle Project Contracts 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Project Contracts product of Oracle E-Business Suite (component: Hold Management). | 5.5 |
2021-04-22 | CVE-2021-2252 | Oracle | Unspecified vulnerability in Oracle Loans Vulnerability in the Oracle Loans product of Oracle E-Business Suite (component: Loan Details, Loan Accounting Events). | 5.5 |
2021-04-22 | CVE-2021-2251 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Data Source). | 5.5 |
2021-04-22 | CVE-2021-2249 | Oracle | Unspecified vulnerability in Oracle Landed Cost Management Vulnerability in the Oracle Landed Cost Management product of Oracle E-Business Suite (component: Shipment Workbench). | 5.5 |
2021-04-22 | CVE-2021-2247 | Oracle | Unspecified vulnerability in Oracle Advanced Collections 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Advanced Collections product of Oracle E-Business Suite (component: Admin). | 5.5 |
2021-04-22 | CVE-2021-2246 | Oracle | Unspecified vulnerability in Oracle Universal Work Queue 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). | 5.5 |
2021-04-22 | CVE-2021-2241 | Oracle | Unspecified vulnerability in Oracle Istore 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 5.5 |
2021-04-22 | CVE-2021-2239 | Oracle | Unspecified vulnerability in Oracle Time and Labor Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). | 5.5 |
2021-04-22 | CVE-2021-2238 | Oracle | Unspecified vulnerability in Oracle Manufacturing Execution System for Process Manufacturing 12.1.3 Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Process Operations). | 5.5 |
2021-04-22 | CVE-2021-2237 | Oracle | Unspecified vulnerability in Oracle General Ledger 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). | 5.5 |
2021-04-22 | CVE-2021-2236 | Oracle | Unspecified vulnerability in Oracle Financials Common Modules Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Advanced Global Intercompany). | 5.5 |
2021-04-22 | CVE-2021-2235 | Oracle | Unspecified vulnerability in Oracle Transportation Execution Vulnerability in the Oracle Transportation Execution product of Oracle E-Business Suite (component: Install and Upgrade). | 5.5 |
2021-04-22 | CVE-2021-2233 | Oracle | Unspecified vulnerability in Oracle Enterprise Asset Management Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Setup). | 5.5 |
2021-04-22 | CVE-2021-2231 | Oracle | Unspecified vulnerability in Oracle Installed Base 12.1.3 Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). | 5.5 |
2021-04-22 | CVE-2021-2229 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: LOVs). | 5.5 |
2021-04-22 | CVE-2021-2228 | Oracle | Unspecified vulnerability in Oracle Incentive Compensation 12.1.3 Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: User Interface). | 5.5 |
2021-04-22 | CVE-2021-2227 | Oracle | Unspecified vulnerability in Oracle Cash Management Vulnerability in the Oracle Cash Management product of Oracle E-Business Suite (component: Bank Account Transfer). | 5.5 |
2021-04-22 | CVE-2021-2225 | Oracle | Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). | 5.5 |
2021-04-22 | CVE-2021-2224 | Oracle | Unspecified vulnerability in Oracle Compensation Workbench Vulnerability in the Oracle Compensation Workbench product of Oracle E-Business Suite (component: Compensation Workbench). | 5.5 |
2021-04-22 | CVE-2021-2223 | Oracle | Unspecified vulnerability in Oracle Receivables Vulnerability in the Oracle Receivables product of Oracle E-Business Suite (component: Receipts). | 5.5 |
2021-04-22 | CVE-2021-2222 | Oracle | Unspecified vulnerability in Oracle Bill Presentment Architecture Vulnerability in the Oracle Bill Presentment Architecture product of Oracle E-Business Suite (component: Template Search). | 5.5 |
2021-04-22 | CVE-2021-2220 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Eprocurement 9.2 Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft (component: Manage Requisition Status). | 5.5 |
2021-04-22 | CVE-2021-2209 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). | 5.5 |
2021-04-22 | CVE-2021-2181 | Oracle | Unspecified vulnerability in Oracle Document Management and Collaboration 12.1.3/12.2.3/12.2.9 Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments). | 5.5 |
2021-04-22 | CVE-2021-2156 | Oracle | Unspecified vulnerability in Oracle Customers Online 12.1.3 Vulnerability in the Oracle Customers Online product of Oracle E-Business Suite (component: Customer Tab). | 5.5 |
2021-04-22 | CVE-2021-28168 | Eclipse Oracle | Exposure of Resource to Wrong Sphere vulnerability in multiple products Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. | 5.5 |
2021-04-22 | CVE-2021-30356 | Checkpoint | Unspecified vulnerability in Checkpoint Identity Agent A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files. | 5.5 |
2021-04-22 | CVE-2021-31554 | Mediawiki | Incorrect Authorization vulnerability in Mediawiki An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. | 5.5 |
2021-04-22 | CVE-2021-31552 | Mediawiki | Incorrect Authorization vulnerability in Mediawiki An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. | 5.5 |
2021-04-21 | CVE-2021-1077 | Nvidia | Improper Resource Shutdown or Release vulnerability in Nvidia GPU Display Driver NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service. | 5.5 |
2021-04-21 | CVE-2020-23930 | Gpac | NULL Pointer Dereference vulnerability in Gpac An issue was discovered in gpac through 20200801. | 5.5 |
2021-04-21 | CVE-2020-23915 | CPP Peglib Project | Out-of-bounds Read vulnerability in Cpp-Peglib Project Cpp-Peglib An issue was discovered in cpp-peglib through v0.1.12. | 5.5 |
2021-04-20 | CVE-2021-29155 | Linux Fedoraproject Debian | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel through 5.11.x. | 5.5 |
2021-04-20 | CVE-2021-3038 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Globalprotect A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. | 5.5 |
2021-04-19 | CVE-2021-3505 | Libtpms Project Redhat Fedoraproject | Insufficient Entropy vulnerability in multiple products A flaw was found in libtpms in versions before 0.8.0. | 5.5 |
2021-04-19 | CVE-2021-29458 | Exiv2 Fedoraproject Debian | Out-of-bounds Read vulnerability in multiple products Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 5.5 |
2021-04-23 | CVE-2021-31583 | Sipwise | Cross-site Scripting vulnerability in Sipwise Next Generation Communication Platform 3.6.7 Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang). | 5.4 |
2021-04-21 | CVE-2021-21644 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Config File Provider A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. | 5.4 |
2021-04-20 | CVE-2021-25679 | Adtran | Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1 The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. | 5.4 |
2021-04-22 | CVE-2021-2163 | Oracle Debian Fedoraproject Netapp | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). | 5.3 |
2021-04-22 | CVE-2021-25677 | Siemens | Use of Insufficiently Random Values vulnerability in Siemens products A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). | 5.3 |
2021-04-22 | CVE-2020-25243 | Siemens | Path Traversal vulnerability in Siemens Logo! Soft Comfort A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). | 5.1 |
2021-04-22 | CVE-2021-0269 | Juniper | Unspecified vulnerability in Juniper Junos 17.4/18.1/18.2 The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. | 5.1 |
2021-04-24 | CVE-2021-31598 | Ezxml Project Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in libezxml.a in ezXML 0.8.6. | 5.0 |
2021-04-23 | CVE-2021-31791 | In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command. | 5.0 | |
2021-04-23 | CVE-2021-25899 | Void | SQL Injection vulnerability in Void Aurall REC Monitor 9.0.0.1 An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. | 5.0 |
2021-04-23 | CVE-2021-25898 | Void | Cleartext Storage of Sensitive Information vulnerability in Void Aural REC Monitor 9.0.0.1 An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. | 5.0 |
2021-04-23 | CVE-2021-31780 | Misp | Improper Cross-boundary Removal of Sensitive Data vulnerability in Misp 2.4.141 In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. | 5.0 |
2021-04-23 | CVE-2021-29469 | Redis JS | Unspecified vulnerability in Redis.Js Redis Node-redis is a Node.js Redis client. | 5.0 |
2021-04-23 | CVE-2021-31410 | Vaadin | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Designer Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. | 5.0 |
2021-04-23 | CVE-2021-31407 | Vaadin | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request. | 5.0 |
2021-04-23 | CVE-2021-31405 | Vaadin | Resource Exhaustion vulnerability in Vaadin Flow Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | 5.0 |
2021-04-23 | CVE-2020-36321 | Vaadin | Path Traversal vulnerability in Vaadin Flow Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder. | 5.0 |
2021-04-23 | CVE-2020-36320 | Vaadin | Resource Exhaustion vulnerability in Vaadin Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | 5.0 |
2021-04-23 | CVE-2021-26909 | Automox | Use of Insufficiently Random Values vulnerability in Automox Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. | 5.0 |
2021-04-22 | CVE-2021-2277 | Oracle | Unspecified vulnerability in Oracle Coherence Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). | 5.0 |
2021-04-22 | CVE-2021-2204 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 5.0 |
2021-04-22 | CVE-2021-2190 | Oracle | Unspecified vulnerability in Oracle Sales Offline Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Template). | 5.0 |
2021-04-22 | CVE-2021-2189 | Oracle | Unspecified vulnerability in Oracle Sales Offline Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Template). | 5.0 |
2021-04-22 | CVE-2021-2157 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: TopLink Integration). | 5.0 |
2021-04-22 | CVE-2021-27393 | Siemens | Use of Insufficiently Random Values vulnerability in Siemens products A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). | 5.0 |
2021-04-22 | CVE-2021-0273 | Juniper | Infinite Loop vulnerability in Juniper Junos 15.1/15.2/16.1 An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop'). | 5.0 |
2021-04-22 | CVE-2021-0264 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). | 5.0 |
2021-04-22 | CVE-2021-0261 | Juniper | Unspecified vulnerability in Juniper Junos 12.3/12.3X48/15.1X49 A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests. | 5.0 |
2021-04-22 | CVE-2021-0251 | Juniper | NULL Pointer Dereference vulnerability in Juniper Junos 17.3/17.4/18.1 A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to login, while concurrently impacting other mspmand services and traffic through the device. | 5.0 |
2021-04-22 | CVE-2021-0250 | Juniper | Unspecified vulnerability in Juniper Junos In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. | 5.0 |
2021-04-22 | CVE-2021-0234 | Juniper | Improper Initialization vulnerability in Juniper Junos 17.3/17.4/18.1 Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI. | 5.0 |
2021-04-22 | CVE-2021-0233 | Juniper | Unspecified vulnerability in Juniper Junos 17.4 A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. | 5.0 |
2021-04-22 | CVE-2021-0230 | Juniper | Memory Leak vulnerability in Juniper Junos On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. | 5.0 |
2021-04-22 | CVE-2021-0229 | Juniper | Resource Exhaustion vulnerability in Juniper Junos 16.1/16.2/17.1 An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. | 5.0 |
2021-04-22 | CVE-2021-0227 | Juniper | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos 17.3/17.4/18.2 An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. | 5.0 |
2021-04-22 | CVE-2021-0226 | Juniper | Improper Initialization vulnerability in Juniper Junos OS Evolved 20.1/20.2/20.3 On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. | 5.0 |
2021-04-22 | CVE-2021-0225 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. | 5.0 |
2021-04-22 | CVE-2020-7858 | Cdnetworks | Path Traversal vulnerability in Cdnetworks Aquanplayer 2.0.0.92 There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. | 5.0 |
2021-04-22 | CVE-2021-27400 | Hashicorp | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. | 5.0 |
2021-04-22 | CVE-2021-31555 | An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. | 5.0 | |
2021-04-22 | CVE-2021-31545 | An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. | 5.0 | |
2021-04-22 | CVE-2021-29466 | Discord | Path Traversal vulnerability in Discord Discord-Recon 0.0.1/0.0.2/0.0.3 Discord-Recon is a bot for the Discord chat service. | 5.0 |
2021-04-21 | CVE-2020-27569 | Aviatrix | Incorrect Default Permissions vulnerability in Aviatrix Openvpn Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. | 5.0 |
2021-04-21 | CVE-2020-27568 | Aviatrix | Incorrect Permission Assignment for Critical Resource vulnerability in Aviatrix Controller 5.3.1516 Insecure File Permissions exist in Aviatrix Controller 5.3.1516. | 5.0 |
2021-04-21 | CVE-2020-28973 | Abus | Information Exposure vulnerability in Abus Secvest Wireless Alarm System Fuaa50000 Firmware 3.01.17 The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. | 5.0 |
2021-04-20 | CVE-2021-30464 | Omicronenergy | Resource Exhaustion vulnerability in Omicronenergy Stationguard OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port. | 5.0 |
2021-04-19 | CVE-2021-27458 | Jtekt | Improper Resource Shutdown or Release vulnerability in Jtekt products If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters. | 5.0 |
2021-04-19 | CVE-2021-29455 | Grassroot | Improper Verification of Cryptographic Signature vulnerability in Grassroot Platform Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. | 5.0 |
2021-04-19 | CVE-2021-20992 | Fibaro | Cleartext Transmission of Sensitive Information vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. | 5.0 |
2021-04-22 | CVE-2021-2196 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2021-04-22 | CVE-2021-2194 | Oracle Fedoraproject Netapp Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2021-04-22 | CVE-2021-2193 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2021-04-22 | CVE-2021-2191 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). | 4.9 |
2021-04-22 | CVE-2021-2180 | Oracle Netapp Fedoraproject Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2021-04-22 | CVE-2021-2179 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). | 4.9 |
2021-04-22 | CVE-2021-2170 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2021-04-22 | CVE-2021-2169 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2021-04-22 | CVE-2021-2166 | Oracle Fedoraproject Netapp Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2021-04-22 | CVE-2021-2164 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2021-04-22 | CVE-2021-2154 | Oracle Mariadb Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2021-04-22 | CVE-2021-2146 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). | 4.9 |
2021-04-21 | CVE-2021-1078 | Nvidia | NULL Pointer Dereference vulnerability in Nvidia GPU Display Driver NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash. | 4.9 |
2021-04-21 | CVE-2021-29456 | Authelia | Open Redirect vulnerability in Authelia Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. | 4.9 |
2021-04-22 | CVE-2021-28648 | Trendmicro | Improper Privilege Management vulnerability in Trendmicro Antivirus 10.5/11.0 Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. | 4.6 |
2021-04-22 | CVE-2021-2250 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.6 |
2021-04-22 | CVE-2021-2167 | Oracle | Unspecified vulnerability in Oracle Solaris 10 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). | 4.6 |
2021-04-22 | CVE-2021-2158 | Oracle | Unspecified vulnerability in Oracle Hyperion Financial Management 11.1.2.4 Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Task Automation). | 4.6 |
2021-04-22 | CVE-2021-0253 | Juniper | Command Injection vulnerability in Juniper Junos NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. | 4.6 |
2021-04-22 | CVE-2021-0252 | Juniper | Command Injection vulnerability in Juniper Junos NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. | 4.6 |
2021-04-22 | CVE-2021-0246 | Juniper | Incorrect Default Permissions vulnerability in Juniper Junos 18.3/18.4/19.1 On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. | 4.6 |
2021-04-22 | CVE-2021-0235 | Juniper | Incorrect Default Permissions vulnerability in Juniper Junos On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. | 4.6 |
2021-04-22 | CVE-2021-27278 | Parallels | Path Traversal vulnerability in Parallels Desktop 16.1.1 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. | 4.6 |
2021-04-22 | CVE-2021-2309 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2021-04-22 | CVE-2021-2174 | Oracle Fedoraproject Netapp Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.4 |
2021-04-22 | CVE-2021-2171 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.4 |
2021-04-22 | CVE-2021-2145 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2021-04-24 | CVE-2021-31794 | Directum | Cross-site Scripting vulnerability in Directum 5.8.2 Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header. | 4.3 |
2021-04-23 | CVE-2019-25027 | Vaadin | Cross-site Scripting vulnerability in Vaadin Flow Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL | 4.3 |
2021-04-23 | CVE-2019-25028 | Vaadin | Cross-site Scripting vulnerability in Vaadin Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector | 4.3 |
2021-04-22 | CVE-2021-2211 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 4.3 |
2021-04-22 | CVE-2021-2155 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). | 4.3 |
2021-04-22 | CVE-2021-2153 | Oracle | Unspecified vulnerability in Oracle Internet Expenses Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses). | 4.3 |
2021-04-22 | CVE-2021-24241 | Advancedcustomfields | Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. | 4.3 |
2021-04-22 | CVE-2021-24234 | Ivorysearch | Cross-site Scripting vulnerability in Ivorysearch Ivory Search The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. | 4.3 |
2021-04-22 | CVE-2021-24233 | Boxystudio | Cross-site Scripting vulnerability in Boxystudio Cooked The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute. | 4.3 |
2021-04-22 | CVE-2021-0270 | Juniper | Use After Free vulnerability in Juniper Junos 18.1 On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart. | 4.3 |
2021-04-22 | CVE-2021-0263 | Juniper | Unspecified vulnerability in Juniper Junos 18.2/18.3/18.4 A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition . | 4.3 |
2021-04-22 | CVE-2021-0244 | Juniper | Race Condition vulnerability in Juniper Junos 14.1X53/15.1 A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices. | 4.3 |
2021-04-22 | CVE-2021-29653 | Hashicorp | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. | 4.3 |
2021-04-22 | CVE-2021-22540 | Dart | Cross-site Scripting vulnerability in Dart Software Development KIT Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. | 4.3 |
2021-04-22 | CVE-2021-31551 | An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. | 4.3 | |
2021-04-22 | CVE-2021-29467 | Wrongthink Project | Cross-site Scripting vulnerability in Wrongthink Project Wrongthink Wrongthink is an encrypted peer-to-peer chat program. | 4.3 |
2021-04-21 | CVE-2020-36324 | Wikimedia | Cross-site Scripting vulnerability in Wikimedia Analytics-Quarry-Web Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. | 4.3 |
2021-04-21 | CVE-2020-23914 | CPP Peglib Project | NULL Pointer Dereference vulnerability in Cpp-Peglib Project Cpp-Peglib An issue was discovered in cpp-peglib through v0.1.12. | 4.3 |
2021-04-21 | CVE-2020-23912 | Axiosys | NULL Pointer Dereference vulnerability in Axiosys Bento4 An issue was discovered in Bento4 through v1.6.0-637. | 4.3 |
2021-04-21 | CVE-2021-21647 | Jenkins | Unspecified vulnerability in Jenkins Cloudbees CD Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission. | 4.3 |
2021-04-21 | CVE-2021-21645 | Jenkins | Unspecified vulnerability in Jenkins Config File Provider Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs. | 4.3 |
2021-04-20 | CVE-2021-29459 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.3 |
2021-04-19 | CVE-2021-31256 | Gpac | Memory Leak vulnerability in Gpac 1.0.1 Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | 4.3 |
2021-04-19 | CVE-2021-27029 | Autodesk | NULL Pointer Dereference vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0 The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service. | 4.3 |
2021-04-22 | CVE-2021-2173 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Recovery component of Oracle Database Server. | 4.1 |
2021-04-23 | CVE-2020-7036 | Avaya | XXE vulnerability in Avaya Callback Assist 4.7.1.1 An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.0 |
2021-04-23 | CVE-2020-7035 | Avaya | XXE vulnerability in Avaya Aura Orchestration Designer An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.0 |
2021-04-23 | CVE-2021-29158 | Sonatype | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.25.1 Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. | 4.0 |
2021-04-23 | CVE-2018-25007 | Vaadin | Improper Check for Unusual or Exceptional Conditions vulnerability in Vaadin Flow and Vaadin Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message. | 4.0 |
2021-04-22 | CVE-2021-2311 | Oracle | Unspecified vulnerability in Oracle Hospitality Inventory Management 9.1.0 Vulnerability in the Oracle Hospitality Inventory Management product of Oracle Food and Beverage Applications (component: Export to Reporting and Analytics). | 4.0 |
2021-04-22 | CVE-2021-2308 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). | 4.0 |
2021-04-22 | CVE-2021-2305 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.0 |
2021-04-22 | CVE-2021-2303 | Oracle | Unspecified vulnerability in Oracle OSS Support Tools 2.11.33 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant). | 4.0 |
2021-04-22 | CVE-2021-2301 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). | 4.0 |
2021-04-22 | CVE-2021-2300 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.0 |
2021-04-22 | CVE-2021-2299 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
2021-04-22 | CVE-2021-2298 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
2021-04-22 | CVE-2021-2293 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 4.0 |
2021-04-22 | CVE-2021-2278 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
2021-04-22 | CVE-2021-2257 | Oracle | Unspecified vulnerability in Oracle Storage Cloud Software Appliance Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). | 4.0 |
2021-04-22 | CVE-2021-2245 | Oracle | Unspecified vulnerability in Oracle Database 18C/19C Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. | 4.0 |
2021-04-22 | CVE-2021-2230 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
2021-04-22 | CVE-2021-2226 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). | 4.0 |
2021-04-22 | CVE-2021-2217 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 4.0 |
2021-04-22 | CVE-2021-2215 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 4.0 |
2021-04-22 | CVE-2021-2213 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
2021-04-22 | CVE-2021-2212 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
2021-04-22 | CVE-2021-2208 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). | 4.0 |
2021-04-22 | CVE-2021-2203 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
2021-04-22 | CVE-2021-2202 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.0 |
2021-04-22 | CVE-2021-2201 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). | 4.0 |
2021-04-22 | CVE-2021-2162 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). | 4.0 |
2021-04-22 | CVE-2021-2160 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
2021-04-22 | CVE-2021-2134 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager 12.2.1.4 Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). | 4.0 |
2021-04-22 | CVE-2021-27392 | Siemens | Use of Hard-coded Credentials vulnerability in Siemens Siveillance Video Open Network Bridge 2018/2019/2020 A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). | 4.0 |
2021-04-22 | CVE-2021-27736 | Fusionauth | XXE vulnerability in Fusionauth Saml V2 FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely. | 4.0 |
2021-04-22 | CVE-2021-31549 | An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. | 4.0 | |
2021-04-22 | CVE-2021-31548 | Mediawiki | Incorrect Authorization vulnerability in Mediawiki An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. | 4.0 |
2021-04-22 | CVE-2021-31547 | Mediawiki | Information Exposure vulnerability in Mediawiki An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. | 4.0 |
2021-04-22 | CVE-2021-31546 | Mediawiki | Information Exposure vulnerability in Mediawiki An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. | 4.0 |
2021-04-20 | CVE-2021-28492 | Unisys | Unspecified vulnerability in Unisys Stealth 5.0/5.0.024/5.0.026 Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format. | 4.0 |
2021-04-20 | CVE-2021-20023 | Sonicwall | Path Traversal vulnerability in Sonicwall Email Security and Hosted Email Security SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. | 4.0 |
2021-04-19 | CVE-2021-29453 | Matrix Media Repo Project | Allocation of Resources Without Limits or Throttling vulnerability in Matrix-Media-Repo Project Matrix-Media-Repo matrix-media-repo is an open-source multi-domain media repository for Matrix. | 4.0 |
61 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-04-22 | CVE-2021-24242 | Themeum | Path Traversal vulnerability in Themeum Tutor LMS The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file | 3.8 |
2021-04-23 | CVE-2021-31540 | Wowza | Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. | 3.6 |
2021-04-22 | CVE-2021-2264 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 3.6 |
2021-04-22 | CVE-2021-2192 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). | 3.6 |
2021-04-22 | CVE-2021-2152 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 3.6 |
2021-04-20 | CVE-2021-1079 | Nvidia | Unspecified vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. | 3.6 |
2021-04-24 | CVE-2021-31712 | React Draft Wysiwyg Project | Cross-site Scripting vulnerability in React Draft Wysiwyg Project React Draft Wysiwyg react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS. | 3.5 |
2021-04-23 | CVE-2020-17542 | Dotcms | Cross-site Scripting vulnerability in Dotcms 5.1.5 Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component. | 3.5 |
2021-04-23 | CVE-2020-36319 | Vaadin | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow and Vaadin Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. | 3.5 |
2021-04-22 | CVE-2021-22199 | Gitlab | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 12.9. | 3.5 |
2021-04-22 | CVE-2021-2234 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Java VM component of Oracle Database Server. | 3.5 |
2021-04-22 | CVE-2021-2214 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 3.5 |
2021-04-22 | CVE-2021-2159 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Campus Software Campus Community 9.2 Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Frameworks). | 3.5 |
2021-04-22 | CVE-2021-24232 | Elbtide | Cross-site Scripting vulnerability in Elbtide Advanced Booking Calendar The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue | 3.5 |
2021-04-22 | CVE-2021-31550 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. | 3.5 |
2021-04-19 | CVE-2021-29434 | Torchbox | Cross-site Scripting vulnerability in Torchbox Wagtail Wagtail is a Django content management system. | 3.5 |
2021-04-23 | CVE-2021-31408 | Vaadin | Insufficient Session Expiration vulnerability in Vaadin Flow and Vaadin Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out. | 3.3 |
2021-04-22 | CVE-2021-2307 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). | 3.3 |
2021-04-22 | CVE-2021-0271 | Juniper | Double Free vulnerability in Juniper Junos 12.3/15.1 A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. | 3.3 |
2021-04-22 | CVE-2021-0267 | Juniper | Improper Input Validation vulnerability in Juniper Junos An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service. | 3.3 |
2021-04-22 | CVE-2021-0262 | Juniper | Use After Free vulnerability in Juniper Junos 19.1/19.2/20.2 Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. | 3.3 |
2021-04-22 | CVE-2021-0259 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos 17.3/17.4/18.1 Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. | 3.3 |
2021-04-22 | CVE-2021-0257 | Juniper | Memory Leak vulnerability in Juniper Junos On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart. | 3.3 |
2021-04-22 | CVE-2021-0243 | Juniper | Unspecified vulnerability in Juniper Junos 17.3/17.4/18.1 Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition. | 3.3 |
2021-04-22 | CVE-2021-0241 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon. | 3.3 |
2021-04-22 | CVE-2021-0237 | Juniper | Unspecified vulnerability in Juniper Junos 15.1/17.3 On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames. | 3.3 |
2021-04-22 | CVE-2021-0228 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos 15.1/17.3 An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to trigger unexpectedly, resulting in traffic impact. | 3.3 |
2021-04-22 | CVE-2021-0224 | Juniper | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber (BRAS) nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon (ANCPD) to crash and restart, leading to a Denial of Service (DoS) condition. | 3.3 |
2021-04-22 | CVE-2021-0216 | Juniper | Unspecified vulnerability in Juniper Junos A vulnerability in Juniper Networks Junos OS running on the ACX5448 and ACX710 platforms may cause BFD sessions to flap when a high rate of transit ARP packets are received. | 3.3 |
2021-04-22 | CVE-2021-0214 | Juniper | Improper Input Validation vulnerability in Juniper Junos 17.3/17.4/18.1 A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition. | 3.3 |
2021-04-22 | CVE-2021-0240 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. | 2.9 |
2021-04-22 | CVE-2021-2175 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Database Vault component of Oracle Database Server. | 2.7 |
2021-04-22 | CVE-2021-2207 | Oracle | Unspecified vulnerability in Oracle Database Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. | 2.3 |
2021-04-20 | CVE-2021-3037 | Paloaltonetworks | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. | 2.3 |
2021-04-23 | CVE-2021-31539 | Wowza | Cleartext Storage of Sensitive Information vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. | 2.1 |
2021-04-23 | CVE-2021-26908 | Automox | Information Exposure Through Log Files vulnerability in Automox Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. | 2.1 |
2021-04-22 | CVE-2021-2312 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2306 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2287 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2286 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2285 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2284 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2283 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2282 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2281 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2280 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2266 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2021-04-22 | CVE-2021-2141 | Oracle | Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3 Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). | 2.1 |
2021-04-22 | CVE-2021-0256 | Juniper | Improper Privilege Management vulnerability in Juniper Junos 17.3/17.4/18.1 A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. | 2.1 |
2021-04-22 | CVE-2021-0238 | Juniper | Resource Exhaustion vulnerability in Juniper Junos 17.3/18.1/18.2 When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. | 2.1 |
2021-04-20 | CVE-2020-14105 | MI | Unspecified vulnerability in MI Miui The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | 2.1 |
2021-04-20 | CVE-2021-3036 | Paloaltonetworks | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. | 2.1 |
2021-04-23 | CVE-2021-31403 | Vaadin | Information Exposure Through Discrepancy vulnerability in Vaadin Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack | 1.9 |
2021-04-23 | CVE-2021-31404 | Vaadin | Information Exposure Through Discrepancy vulnerability in Vaadin Flow and Vaadin Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack. | 1.9 |
2021-04-23 | CVE-2021-31406 | Vaadin | Information Exposure Through Discrepancy vulnerability in Vaadin Flow and Vaadin Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack. | 1.9 |
2021-04-22 | CVE-2021-2297 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 1.9 |
2021-04-22 | CVE-2021-2296 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 1.9 |
2021-04-22 | CVE-2021-2291 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 1.9 |
2021-04-22 | CVE-2021-2232 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). | 1.9 |
2021-04-22 | CVE-2021-2149 | Oracle | Unspecified vulnerability in Oracle ZFS Storage Appliance 8.8 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). | 1.9 |
2021-04-22 | CVE-2021-2147 | Oracle | Unspecified vulnerability in Oracle ZFS Storage Appliance 8.8 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). | 1.2 |