Weekly Vulnerabilities Reports > April 19 to 25, 2021

Overview

445 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 85 high severity vulnerabilities. This weekly summary report vulnerabilities in 319 products from 119 vendors including Oracle, Juniper, Netapp, Fedoraproject, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Path Traversal", and "NULL Pointer Dereference".

  • 347 reported vulnerabilities are remotely exploitables.
  • 81 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 273 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 181 reported vulnerabilities.
  • Juniper has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-04-23 CVE-2021-22893 Ivanti Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.

10.0
2021-04-22 CVE-2021-0265 Juniper OS Command Injection vulnerability in Juniper Appformix

An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment.

10.0
2021-04-22 CVE-2021-0249 Juniper Classic Buffer Overflow vulnerability in Juniper Junos 15.1X49/17.4

On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device.

10.0
2021-04-22 CVE-2021-29465 Discord OS Command Injection vulnerability in Discord Discord-Recon 0.0.1/0.0.2/0.0.3

Discord-Recon is a bot for the Discord chat service.

9.8
2021-04-20 CVE-2021-28827 Tibco Cross-site Scripting vulnerability in Tibco Administrator and Runtime Agent

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system.

9.6
2021-04-22 CVE-2021-0275 Juniper Cross-site Scripting vulnerability in Juniper Junos

A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session.

9.3
2021-04-19 CVE-2021-27031 Autodesk Use After Free vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.

9.3
2021-04-19 CVE-2021-27030 Autodesk Path Traversal vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0

A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.

9.3
2021-04-19 CVE-2021-21070 Adobe Uncontrolled Search Path Element vulnerability in Adobe Robohelp

Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation.

9.3
2021-04-23 CVE-2021-26291 Apache
Quarkus
Oracle
Origin Validation Error vulnerability in multiple products

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.

9.1
2021-04-20 CVE-2020-26197 Dell Cleartext Transmission of Sensitive Information vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability.

9.1
2021-04-23 CVE-2020-7034 Avaya Command Injection vulnerability in Avaya Session Border Controller for Enterprise

A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges.

9.0
2021-04-19 CVE-2021-20991 Fibaro Command Injection vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.

9.0

85 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-04-23 CVE-2021-20089 Purl Project Unspecified vulnerability in Purl Project Purl 2.3.2

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype.

8.8
2021-04-23 CVE-2021-20086 Jquery BBQ Project Unspecified vulnerability in Jquery-Bbq Project Jquery-Bbq 1.2.1

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.

8.8
2021-04-23 CVE-2021-20085 Backbone Query Parameters Project Unspecified vulnerability in Backbone-Query-Parameters Project Backbone-Query-Parameters 0.4.0

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype.

8.8
2021-04-23 CVE-2021-20083 Jquery Plugin Query Object Project Unspecified vulnerability in Jquery-Plugin-Query-Object Project Jquery-Plugin-Query-Object 2.2.3

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.

8.8
2021-04-23 CVE-2021-20088 Mootools Unspecified vulnerability in Mootools Mootools-More 1.6.0

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.

8.8
2021-04-23 CVE-2021-20087 Acemetrix Unspecified vulnerability in Acemetrix Jquery-Deparam 0.5.1

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.

8.8
2021-04-23 CVE-2021-20084 Jquery Sparkle Project Unspecified vulnerability in Jquery-Sparkle Project Jquery-Sparkle 1.5.2

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype.

8.8
2021-04-21 CVE-2021-21646 Jenkins Unspecified vulnerability in Jenkins Templating Engine

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

8.8
2021-04-20 CVE-2021-29461 Demon1A Argument Injection or Modification vulnerability in Demon1A Discord-Recon 0.0.2

Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord.

8.8
2021-04-20 CVE-2021-28828 Tibco SQL Injection vulnerability in Tibco Administrator

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system.

8.8
2021-04-22 CVE-2020-25244 Siemens Uncontrolled Search Path Element vulnerability in Siemens Logo! Soft Comfort

A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4).

8.4
2021-04-22 CVE-2020-27009 Siemens Out-of-bounds Write vulnerability in Siemens Nucleus NET and Nucleus Source Code

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5).

8.1
2021-04-22 CVE-2020-15795 Siemens Out-of-bounds Write vulnerability in Siemens Nucleus NET and Nucleus Source Code

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5).

8.1
2021-04-21 CVE-2021-21642 Jenkins XXE vulnerability in Jenkins Config File Provider

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

8.1
2021-04-20 CVE-2021-28829 Tibco Injection vulnerability in Tibco Administrator

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system.

8.0
2021-04-23 CVE-2021-22204 Exiftool Project
Debian
Fedoraproject
Code Injection vulnerability in multiple products

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

7.8
2021-04-23 CVE-2021-22682 Hornerautomation Unspecified vulnerability in Hornerautomation Cscape

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access.

7.8
2021-04-23 CVE-2021-22678 Hornerautomation Out-of-bounds Write vulnerability in Hornerautomation Cscape

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files.

7.8
2021-04-23 CVE-2021-31607 Saltstack
Fedoraproject
OS Command Injection vulnerability in multiple products

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion.

7.8
2021-04-22 CVE-2021-3496 Jhead Project Out-of-bounds Write vulnerability in Jhead Project Jhead 3.06

A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.

7.8
2021-04-21 CVE-2021-1076 Nvidia
Debian
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
7.8
2021-04-21 CVE-2020-35980 Gpac Use After Free vulnerability in Gpac 0.8.0/1.0.1

An issue was discovered in GPAC version 0.8.0 and 1.0.1.

7.8
2021-04-19 CVE-2021-3498 Gstreamer Project
Redhat
Debian
Out-of-bounds Write vulnerability in multiple products

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

7.8
2021-04-19 CVE-2021-3497 Gstreamer Project
Redhat
Debian
Use After Free vulnerability in multiple products

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

7.8
2021-04-19 CVE-2021-29457 Exiv2
Fedoraproject
Debian
Heap-based Buffer Overflow vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

7.8
2021-04-25 CVE-2021-31726 Akuvox Command Injection vulnerability in Akuvox C315 Firmware 115.116.2613

Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service.

7.5
2021-04-25 CVE-2021-30502 Simple Glasgow Haskell Compiler Project Unspecified vulnerability in Simple Glasgow Haskell Compiler Project Simple Glasgow Haskell Compiler

The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.

7.5
2021-04-23 CVE-2021-22205 Gitlab Code Injection vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9.

7.5
2021-04-23 CVE-2021-31597 Xmlhttprequest SSL Project Improper Certificate Validation vulnerability in Xmlhttprequest-Ssl Project Xmlhttprequest-Ssl

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js.

7.5
2021-04-22 CVE-2021-2317 Oracle Unspecified vulnerability in Oracle Cloud Infrastructure Storage Gateway

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console).

7.5
2021-04-22 CVE-2021-2310 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.5
2021-04-22 CVE-2021-2302 Oracle Unspecified vulnerability in Oracle Platform Security for Java 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware (component: OPSS).

7.5
2021-04-22 CVE-2021-2256 Oracle Unspecified vulnerability in Oracle Storage Cloud Software Appliance

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console).

7.5
2021-04-22 CVE-2021-2248 Oracle Unspecified vulnerability in Oracle Secure Global Desktop 5.6

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server).

7.5
2021-04-22 CVE-2021-2244 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI).

7.5
2021-04-22 CVE-2021-2240 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.5

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2021-04-22 CVE-2021-2218 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise PT Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center).

7.5
2021-04-22 CVE-2021-2177 Oracle Unspecified vulnerability in Oracle Secure Global Desktop 5.6

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway).

7.5
2021-04-22 CVE-2021-2136 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

7.5
2021-04-22 CVE-2021-2135 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container).

7.5
2021-04-22 CVE-2021-2008 Oracle Unspecified vulnerability in Oracle Enterprise Manager 11.1.1.9/12.2.1.3

Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin).

7.5
2021-04-22 CVE-2021-24240 Aivahthemes Unrestricted Upload of File with Dangerous Type vulnerability in Aivahthemes Business Hours PRO 5.5.0

The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.

7.5
2021-04-22 CVE-2021-27389 Siemens Use of Hard-coded Cryptographic Key vulnerability in Siemens Opcenter Quality and QMS Automotive

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30).

7.5
2021-04-22 CVE-2021-25669 Siemens Stack-based Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl.

7.5
2021-04-22 CVE-2021-25668 Siemens Heap-based Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl.

7.5
2021-04-22 CVE-2021-25664 Siemens Infinite Loop vulnerability in Siemens products

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack).

7.5
2021-04-22 CVE-2021-25663 Siemens Infinite Loop vulnerability in Siemens products

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack).

7.5
2021-04-22 CVE-2021-0266 Juniper Use of Hard-coded Credentials vulnerability in Juniper Junos 20.2/20.3/20.4

The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services.

7.5
2021-04-22 CVE-2021-0260 Juniper Unspecified vulnerability in Juniper Junos

An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication.

7.5
2021-04-22 CVE-2021-0254 Juniper Out-of-bounds Write vulnerability in Juniper Junos

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE).

7.5
2021-04-22 CVE-2021-0248 Juniper Use of Hard-coded Credentials vulnerability in Juniper Junos

This issue is not applicable to NFX NextGen Software.

7.5
2021-04-22 CVE-2021-20590 Mitsubishielectric Improper Authentication vulnerability in Mitsubishielectric products

Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.

7.5
2021-04-22 CVE-2020-7861 Anysupport Path Traversal vulnerability in Anysupport

AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC.

7.5
2021-04-22 CVE-2021-31572 Amazon Integer Overflow or Wraparound vulnerability in Amazon Freertos

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.

7.5
2021-04-22 CVE-2021-31571 Amazon Integer Overflow or Wraparound vulnerability in Amazon Freertos

The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.

7.5
2021-04-22 CVE-2021-30476 Hashicorp Unspecified vulnerability in Hashicorp Terraform Provider

HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method.

7.5
2021-04-22 CVE-2021-3287 Zohocorp Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager

Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.

7.5
2021-04-21 CVE-2021-21426 Openmage Deserialization of Untrusted Data vulnerability in Openmage Magento

Magento-lts is a long-term support alternative to Magento Community Edition (CE).

7.5
2021-04-21 CVE-2020-23907 Avast Out-of-bounds Write vulnerability in Avast Retdec 3.3

An issue was discovered in retdec v3.3.

7.5
2021-04-21 CVE-2021-28965 Ruby Lang
Fedoraproject
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues.
7.5
2021-04-20 CVE-2021-29462 Pupnp Project Insufficient Verification of Data Authenticity vulnerability in Pupnp Project Pupnp

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications.

7.5
2021-04-20 CVE-2020-7857 Tobesoft Improper Input Validation vulnerability in Tobesoft Xplatform

A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command.

7.5
2021-04-20 CVE-2020-35314 Wondercms OS Command Injection vulnerability in Wondercms 3.1.3

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.

7.5
2021-04-20 CVE-2020-35313 Wondercms Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3

A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.

7.5
2021-04-20 CVE-2021-28156 Hashicorp Unspecified vulnerability in Hashicorp Consul

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events.

7.5
2021-04-20 CVE-2021-28793 Lextudio Incorrect Authorization vulnerability in Lextudio Restructuredtext

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.

7.5
2021-04-20 CVE-2020-7856 Cnesty Improper Authentication vulnerability in Cnesty Helpcom

A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command.

7.5
2021-04-20 CVE-2021-25681 Adtran Unspecified vulnerability in Adtran Personal Phone Manager 10.8.1

AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS.

7.5
2021-04-19 CVE-2020-27241 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3.

7.5
2021-04-19 CVE-2020-27240 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3.

7.5
2021-04-19 CVE-2021-20990 Fibaro Missing Authentication for Critical Function vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware

In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode.

7.5
2021-04-22 CVE-2020-27738 Siemens Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens products

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5).

7.4
2021-04-22 CVE-2021-0232 Juniper
Fedoraproject
Authentication Bypass by Spoofing vulnerability in multiple products

An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details.

7.4
2021-04-22 CVE-2021-0255 Juniper Improper Privilege Management vulnerability in Juniper Junos 17.3/17.4/18.1

A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root.

7.2
2021-04-22 CVE-2021-0245 Juniper Use of Hard-coded Credentials vulnerability in Juniper Junos 16.1/17.1/17.2

A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device.

7.2
2021-04-22 CVE-2021-27277 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2020.2

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2.

7.2
2021-04-21 CVE-2021-31523 Xscreensaver Project Improper Privilege Management vulnerability in Xscreensaver Project Xscreensaver 5.42+Dfsg11

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.

7.2
2021-04-20 CVE-2021-21526 Dell OS Command Injection vulnerability in Dell Powerscale Onefs

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

7.2
2021-04-22 CVE-2021-0258 Juniper Race Condition vulnerability in Juniper Junos 17.2/17.3/17.4

A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS).

7.1
2021-04-21 CVE-2020-23931 Gpac Out-of-bounds Read vulnerability in Gpac

An issue was discovered in gpac before 1.0.1.

7.1
2021-04-21 CVE-2020-23928 Gpac Out-of-bounds Read vulnerability in Gpac

An issue was discovered in gpac before 1.0.1.

7.1
2021-04-21 CVE-2020-23922 Giflib Project
Apache
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in giflib through 5.1.4.

7.1
2021-04-21 CVE-2020-23921 Fast BER Project Out-of-bounds Read vulnerability in Fast BER Project Fast BER

An issue was discovered in fast_ber through v0.4.

7.1
2021-04-19 CVE-2021-3506 Linux
Debian
Netapp
Out-of-bounds Read vulnerability in multiple products

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4.

7.1
2021-04-22 CVE-2021-23133 Linux
Fedoraproject
Debian
Netapp
Broadcom
Race Condition vulnerability in multiple products

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process.

7.0

286 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-04-24 CVE-2021-31795 Pvrsrvkm KO Project Out-of-bounds Write vulnerability in Pvrsrvkm.Ko Project Pvrsrvkm.Ko

The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.

6.9
2021-04-21 CVE-2021-1074 Nvidia Unspecified vulnerability in Nvidia GPU Display Driver 390/392.61

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files.

6.9
2021-04-25 CVE-2021-31762 Webmin Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.

6.8
2021-04-25 CVE-2021-31761 Webmin Cross-site Scripting vulnerability in Webmin 1.973

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.

6.8
2021-04-25 CVE-2021-31760 Webmin Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.

6.8
2021-04-25 CVE-2021-31718 Npupnp Project Origin Validation Error vulnerability in Npupnp Project Npupnp

The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.

6.8
2021-04-23 CVE-2021-31584 Sipwise Cross-Site Request Forgery (CSRF) vulnerability in Sipwise Next Generation Communication Platform 3.6.4

Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges.

6.8
2021-04-23 CVE-2020-7385 Rapid7 Deserialization of Untrusted Data vulnerability in Rapid7 Metasploit

By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions.

6.8
2021-04-22 CVE-2021-2279 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

6.8
2021-04-22 CVE-2021-2221 Oracle Unspecified vulnerability in Oracle Secure Global Desktop 5.6

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client).

6.8
2021-04-22 CVE-2020-26997 Siemens Untrusted Pointer Dereference vulnerability in Siemens Solid Edge Se2020 and Solid Edge Se2021

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4).

6.8
2021-04-22 CVE-2021-27382 Siemens Stack-based Buffer Overflow vulnerability in Siemens Solid Edge Se2020 and Solid Edge Se2021

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4).

6.8
2021-04-22 CVE-2021-25678 Siemens Out-of-bounds Write vulnerability in Siemens Solid Edge Se2020 and Solid Edge Se2021

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4).

6.8
2021-04-22 CVE-2021-25670 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Robotexpert

A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1).

6.8
2021-04-22 CVE-2021-0247 Juniper Race Condition vulnerability in Juniper Junos 14.1X53/15.1X53

A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device.

6.8
2021-04-22 CVE-2021-0236 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos

Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS).

6.8
2021-04-22 CVE-2021-0231 Juniper Path Traversal vulnerability in Juniper Junos

A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files.

6.8
2021-04-21 CVE-2020-35982 Gpac NULL Pointer Dereference vulnerability in Gpac 0.8.0/1.0.1

An issue was discovered in GPAC version 0.8.0 and 1.0.1.

6.8
2021-04-21 CVE-2020-35981 Gpac NULL Pointer Dereference vulnerability in Gpac 0.8.0/1.0.1

An issue was discovered in GPAC version 0.8.0 and 1.0.1.

6.8
2021-04-21 CVE-2020-35979 Gpac Out-of-bounds Write vulnerability in Gpac 0.8.0/1.0.1

An issue was discovered in GPAC version 0.8.0 and 1.0.1.

6.8
2021-04-19 CVE-2021-27028 Autodesk Out-of-bounds Write vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0

A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.

6.8
2021-04-19 CVE-2021-27027 Autodesk Out-of-bounds Read vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.

6.8
2021-04-19 CVE-2020-7851 Innorix Argument Injection or Modification vulnerability in Innorix File Transfer Solution

Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method.

6.8
2021-04-23 CVE-2021-29470 Exiv2
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

6.5
2021-04-23 CVE-2021-22207 Wireshark
Fedoraproject
Oracle
Debian
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file

6.5
2021-04-22 CVE-2021-2320 Oracle Unspecified vulnerability in Oracle Cloud Infrastructure Storage Gateway

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console).

6.5
2021-04-22 CVE-2021-2319 Oracle Unspecified vulnerability in Oracle Cloud Infrastructure Storage Gateway

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console).

6.5
2021-04-22 CVE-2021-2318 Oracle Unspecified vulnerability in Oracle Cloud Infrastructure Storage Gateway

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console).

6.5
2021-04-22 CVE-2021-2219 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR).

6.5
2021-04-22 CVE-2021-2178 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
6.5
2021-04-22 CVE-2021-2172 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
6.5
2021-04-22 CVE-2021-2151 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security).

6.5
2021-04-22 CVE-2021-2144 Oracle
Netapp
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).
6.5
2021-04-22 CVE-2021-24238 Purethemes Forced Browsing vulnerability in Purethemes Findeo and Realteo

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.

6.5
2021-04-22 CVE-2020-27737 Siemens Out-of-bounds Read vulnerability in Siemens products

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5).

6.5
2021-04-22 CVE-2020-27736 Siemens Out-of-bounds Read vulnerability in Siemens products

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5).

6.5
2021-04-21 CVE-2021-21427 Openmage SQL Injection vulnerability in Openmage Magento

Magento-lts is a long-term support alternative to Magento Community Edition (CE).

6.5
2021-04-21 CVE-2021-28167 Eclipse Missing Initialization of Resource vulnerability in Eclipse Openj9

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries.

6.5
2021-04-21 CVE-2021-21643 Jenkins Unspecified vulnerability in Jenkins Config File Provider

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.

6.5
2021-04-20 CVE-2021-3035 Paloaltonetworks Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file.

6.5
2021-04-19 CVE-2021-20527 IBM Command Injection vulnerability in IBM Resilient 26.0/26.1/26.2

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user.

6.5
2021-04-22 CVE-2021-2294 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

6.4
2021-04-22 CVE-2021-2253 Oracle Unspecified vulnerability in Oracle Advanced Supply Chain Planning 12.1/12.2

Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core).

6.4
2021-04-22 CVE-2021-2242 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.5

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

6.4
2021-04-22 CVE-2021-2205 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

6.4
2021-04-22 CVE-2021-2200 Oracle Unspecified vulnerability in Oracle Applications Framework 12.2.10

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Home page).

6.4
2021-04-22 CVE-2020-17564 Feifeicms Path Traversal vulnerability in Feifeicms 4.0

Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component.

6.4
2021-04-22 CVE-2020-17563 Feifeicms Path Traversal vulnerability in Feifeicms 4.0

Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=".

6.4
2021-04-22 CVE-2021-31553 An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2.
6.4
2021-04-21 CVE-2021-20501 IBM Unspecified vulnerability in IBM I

IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration.

6.4
2021-04-21 CVE-2021-20454 IBM XXE vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

6.4
2021-04-20 CVE-2021-20453 IBM XXE vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

6.4
2021-04-22 CVE-2021-24239 Genetechsolutions Cross-site Scripting vulnerability in Genetechsolutions PIE Register

The Pie Register – User Registration Forms.

6.1
2021-04-22 CVE-2021-24237 Purethemes Cross-site Scripting vulnerability in Purethemes Findeo and Realteo

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius.

6.1
2021-04-22 CVE-2021-24235 Boostifythemes Cross-site Scripting vulnerability in Boostifythemes Goto

The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.

6.1
2021-04-22 CVE-2021-0272 Juniper Memory Leak vulnerability in Juniper Junos 16.1/16.2/17.1

A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device.

6.1
2021-04-22 CVE-2021-0242 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos

A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart.

6.1
2021-04-22 CVE-2021-0239 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved 20.4

In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition.

6.1
2021-04-20 CVE-2020-25864 Hashicorp Cross-site Scripting vulnerability in Hashicorp Consul

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting.

6.1
2021-04-20 CVE-2021-25680 Adtran Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1

The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues.

6.1
2021-04-19 CVE-2021-20208 Samba
Redhat
Fedoraproject
Improper Privilege Management vulnerability in multiple products

A flaw was found in cifs-utils in versions before 6.13.

6.1
2021-04-22 CVE-2021-2161 Oracle
Debian
Fedoraproject
Netapp
Mcafee
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
5.9
2021-04-19 CVE-2021-20989 Fibaro Improper Certificate Validation vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities.

5.9
2021-04-22 CVE-2021-2315 Oracle Unspecified vulnerability in Oracle Http Server 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener).

5.8
2021-04-22 CVE-2021-2216 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Multichannel Framework).

5.8
2021-04-22 CVE-2021-2210 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes).

5.8
2021-04-22 CVE-2021-2206 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes).

5.8
2021-04-22 CVE-2021-2199 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2198 Oracle Unspecified vulnerability in Oracle Knowledge Management

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin).

5.8
2021-04-22 CVE-2021-2197 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2195 Oracle Unspecified vulnerability in Oracle Partner Management

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup).

5.8
2021-04-22 CVE-2021-2188 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2187 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2186 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2185 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2184 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2183 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2182 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2150 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.8
2021-04-22 CVE-2021-2142 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

5.8
2021-04-22 CVE-2021-2140 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework).

5.8
2021-04-22 CVE-2021-2053 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.4.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework).

5.8
2021-04-22 CVE-2021-0268 Juniper Injection vulnerability in Juniper Junos

An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication.

5.8
2021-04-20 CVE-2021-30496 Telegram Unspecified vulnerability in Telegram 7.6.2

The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group.

5.7
2021-04-21 CVE-2021-1075 Nvidia NULL Pointer Dereference vulnerability in Nvidia GPU Display Driver

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges.

5.6
2021-04-23 CVE-2021-25382 Google Unspecified vulnerability in Google Android

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

5.5
2021-04-22 CVE-2021-2316 Oracle Unspecified vulnerability in Oracle Human Resource Management Software for France

Vulnerability in the Oracle HRMS (France) product of Oracle E-Business Suite (component: French HR).

5.5
2021-04-22 CVE-2021-2314 Oracle Unspecified vulnerability in Oracle Application Object Library

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Profiles).

5.5
2021-04-22 CVE-2021-2304 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
5.5
2021-04-22 CVE-2021-2295 Oracle Unspecified vulnerability in Oracle Concurrent Processing 12.1.3

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration).

5.5
2021-04-22 CVE-2021-2292 Oracle Unspecified vulnerability in Oracle Document Management and Collaboration

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Document Management).

5.5
2021-04-22 CVE-2021-2290 Oracle Unspecified vulnerability in Oracle Engineering

Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management).

5.5
2021-04-22 CVE-2021-2289 Oracle Unspecified vulnerability in Oracle Product HUB

Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Template, GTIN search).

5.5
2021-04-22 CVE-2021-2288 Oracle Unspecified vulnerability in Oracle Bills of Material

Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite (component: Bill Issues).

5.5
2021-04-22 CVE-2021-2276 Oracle Unspecified vulnerability in Oracle Isetup 12.1.3

Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports).

5.5
2021-04-22 CVE-2021-2275 Oracle Unspecified vulnerability in Oracle Applications Manager

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports).

5.5
2021-04-22 CVE-2021-2274 Oracle Unspecified vulnerability in Oracle E-Business TAX

Vulnerability in the Oracle E-Business Tax product of Oracle E-Business Suite (component: User Interface).

5.5
2021-04-22 CVE-2021-2273 Oracle Unspecified vulnerability in Oracle Legal Entity Configurator

Vulnerability in the Oracle Legal Entity Configurator product of Oracle E-Business Suite (component: Create Contracts).

5.5
2021-04-22 CVE-2021-2272 Oracle Unspecified vulnerability in Oracle Subledger Accounting

Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Inquiries).

5.5
2021-04-22 CVE-2021-2271 Oracle Unspecified vulnerability in Oracle Work in Progress 12.1.3

Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Resource Exceptions).

5.5
2021-04-22 CVE-2021-2270 Oracle Unspecified vulnerability in Oracle Site HUB

Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Sites).

5.5
2021-04-22 CVE-2021-2269 Oracle Unspecified vulnerability in Oracle Advanced Pricing 12.1.3

Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price Book).

5.5
2021-04-22 CVE-2021-2268 Oracle Unspecified vulnerability in Oracle Quoting 12.1.1/12.1.3

Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware).

5.5
2021-04-22 CVE-2021-2267 Oracle Unspecified vulnerability in Oracle Labor Distribution

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite (component: User Interface).

5.5
2021-04-22 CVE-2021-2263 Oracle Unspecified vulnerability in Oracle Sourcing

Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Intelligence, RFx).

5.5
2021-04-22 CVE-2021-2262 Oracle Unspecified vulnerability in Oracle Purchasing 12.1.3

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Endeca).

5.5
2021-04-22 CVE-2021-2261 Oracle Unspecified vulnerability in Oracle Lease and Finance Management

Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Quotes).

5.5
2021-04-22 CVE-2021-2260 Oracle Unspecified vulnerability in Oracle Human Resources 12.1.3

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: iRecruitment).

5.5
2021-04-22 CVE-2021-2259 Oracle Unspecified vulnerability in Oracle Payables

Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: India Localization, Results).

5.5
2021-04-22 CVE-2021-2258 Oracle Unspecified vulnerability in Oracle Projects

Vulnerability in the Oracle Projects product of Oracle E-Business Suite (component: User Interface).

5.5
2021-04-22 CVE-2021-2255 Oracle Unspecified vulnerability in Oracle Service Contracts 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring).

5.5
2021-04-22 CVE-2021-2254 Oracle Unspecified vulnerability in Oracle Project Contracts 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Project Contracts product of Oracle E-Business Suite (component: Hold Management).

5.5
2021-04-22 CVE-2021-2252 Oracle Unspecified vulnerability in Oracle Loans

Vulnerability in the Oracle Loans product of Oracle E-Business Suite (component: Loan Details, Loan Accounting Events).

5.5
2021-04-22 CVE-2021-2251 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Data Source).

5.5
2021-04-22 CVE-2021-2249 Oracle Unspecified vulnerability in Oracle Landed Cost Management

Vulnerability in the Oracle Landed Cost Management product of Oracle E-Business Suite (component: Shipment Workbench).

5.5
2021-04-22 CVE-2021-2247 Oracle Unspecified vulnerability in Oracle Advanced Collections 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Advanced Collections product of Oracle E-Business Suite (component: Admin).

5.5
2021-04-22 CVE-2021-2246 Oracle Unspecified vulnerability in Oracle Universal Work Queue 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration).

5.5
2021-04-22 CVE-2021-2241 Oracle Unspecified vulnerability in Oracle Istore 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

5.5
2021-04-22 CVE-2021-2239 Oracle Unspecified vulnerability in Oracle Time and Labor

Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard).

5.5
2021-04-22 CVE-2021-2238 Oracle Unspecified vulnerability in Oracle Manufacturing Execution System for Process Manufacturing 12.1.3

Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Process Operations).

5.5
2021-04-22 CVE-2021-2237 Oracle Unspecified vulnerability in Oracle General Ledger 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager).

5.5
2021-04-22 CVE-2021-2236 Oracle Unspecified vulnerability in Oracle Financials Common Modules

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Advanced Global Intercompany).

5.5
2021-04-22 CVE-2021-2235 Oracle Unspecified vulnerability in Oracle Transportation Execution

Vulnerability in the Oracle Transportation Execution product of Oracle E-Business Suite (component: Install and Upgrade).

5.5
2021-04-22 CVE-2021-2233 Oracle Unspecified vulnerability in Oracle Enterprise Asset Management

Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Setup).

5.5
2021-04-22 CVE-2021-2231 Oracle Unspecified vulnerability in Oracle Installed Base 12.1.3

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs).

5.5
2021-04-22 CVE-2021-2229 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: LOVs).

5.5
2021-04-22 CVE-2021-2228 Oracle Unspecified vulnerability in Oracle Incentive Compensation 12.1.3

Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: User Interface).

5.5
2021-04-22 CVE-2021-2227 Oracle Unspecified vulnerability in Oracle Cash Management

Vulnerability in the Oracle Cash Management product of Oracle E-Business Suite (component: Bank Account Transfer).

5.5
2021-04-22 CVE-2021-2225 Oracle Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups).

5.5
2021-04-22 CVE-2021-2224 Oracle Unspecified vulnerability in Oracle Compensation Workbench

Vulnerability in the Oracle Compensation Workbench product of Oracle E-Business Suite (component: Compensation Workbench).

5.5
2021-04-22 CVE-2021-2223 Oracle Unspecified vulnerability in Oracle Receivables

Vulnerability in the Oracle Receivables product of Oracle E-Business Suite (component: Receipts).

5.5
2021-04-22 CVE-2021-2222 Oracle Unspecified vulnerability in Oracle Bill Presentment Architecture

Vulnerability in the Oracle Bill Presentment Architecture product of Oracle E-Business Suite (component: Template Search).

5.5
2021-04-22 CVE-2021-2220 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Eprocurement 9.2

Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of Oracle PeopleSoft (component: Manage Requisition Status).

5.5
2021-04-22 CVE-2021-2209 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

5.5
2021-04-22 CVE-2021-2181 Oracle Unspecified vulnerability in Oracle Document Management and Collaboration 12.1.3/12.2.3/12.2.9

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments).

5.5
2021-04-22 CVE-2021-2156 Oracle Unspecified vulnerability in Oracle Customers Online 12.1.3

Vulnerability in the Oracle Customers Online product of Oracle E-Business Suite (component: Customer Tab).

5.5
2021-04-22 CVE-2021-28168 Eclipse
Oracle
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability.

5.5
2021-04-22 CVE-2021-30356 Checkpoint Unspecified vulnerability in Checkpoint Identity Agent

A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.

5.5
2021-04-22 CVE-2021-31554 Mediawiki Incorrect Authorization vulnerability in Mediawiki

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.

5.5
2021-04-22 CVE-2021-31552 Mediawiki Incorrect Authorization vulnerability in Mediawiki

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.

5.5
2021-04-21 CVE-2021-1077 Nvidia Improper Resource Shutdown or Release vulnerability in Nvidia GPU Display Driver

NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.

5.5
2021-04-21 CVE-2020-23930 Gpac NULL Pointer Dereference vulnerability in Gpac

An issue was discovered in gpac through 20200801.

5.5
2021-04-21 CVE-2020-23915 CPP Peglib Project Out-of-bounds Read vulnerability in Cpp-Peglib Project Cpp-Peglib

An issue was discovered in cpp-peglib through v0.1.12.

5.5
2021-04-20 CVE-2021-29155 Linux
Fedoraproject
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in the Linux kernel through 5.11.x.

5.5
2021-04-20 CVE-2021-3038 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Globalprotect

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error.

5.5
2021-04-19 CVE-2021-3505 Libtpms Project
Redhat
Fedoraproject
Insufficient Entropy vulnerability in multiple products

A flaw was found in libtpms in versions before 0.8.0.

5.5
2021-04-19 CVE-2021-29458 Exiv2
Fedoraproject
Debian
Out-of-bounds Read vulnerability in multiple products

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.

5.5
2021-04-23 CVE-2021-31583 Sipwise Cross-site Scripting vulnerability in Sipwise Next Generation Communication Platform 3.6.7

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).

5.4
2021-04-21 CVE-2021-21644 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Config File Provider

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.

5.4
2021-04-20 CVE-2021-25679 Adtran Cross-site Scripting vulnerability in Adtran Personal Phone Manager 10.8.1

The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues.

5.4
2021-04-22 CVE-2021-2163 Oracle
Debian
Fedoraproject
Netapp
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
5.3
2021-04-22 CVE-2021-25677 Siemens Use of Insufficiently Random Values vulnerability in Siemens products

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5).

5.3
2021-04-22 CVE-2020-25243 Siemens Path Traversal vulnerability in Siemens Logo! Soft Comfort

A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4).

5.1
2021-04-22 CVE-2021-0269 Juniper Unspecified vulnerability in Juniper Junos 17.4/18.1/18.2

The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web.

5.1
2021-04-24 CVE-2021-31598 Ezxml Project
Debian
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in libezxml.a in ezXML 0.8.6.

5.0
2021-04-23 CVE-2021-31791 In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.
5.0
2021-04-23 CVE-2021-25899 Void SQL Injection vulnerability in Void Aurall REC Monitor 9.0.0.1

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1.

5.0
2021-04-23 CVE-2021-25898 Void Cleartext Storage of Sensitive Information vulnerability in Void Aural REC Monitor 9.0.0.1

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1.

5.0
2021-04-23 CVE-2021-31780 Misp Improper Cross-boundary Removal of Sensitive Data vulnerability in Misp 2.4.141

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit.

5.0
2021-04-23 CVE-2021-29469 Redis JS Unspecified vulnerability in Redis.Js Redis

Node-redis is a Node.js Redis client.

5.0
2021-04-23 CVE-2021-31410 Vaadin Exposure of Resource to Wrong Sphere vulnerability in Vaadin Designer

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

5.0
2021-04-23 CVE-2021-31407 Vaadin Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

5.0
2021-04-23 CVE-2021-31405 Vaadin Resource Exhaustion vulnerability in Vaadin Flow

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

5.0
2021-04-23 CVE-2020-36321 Vaadin Path Traversal vulnerability in Vaadin Flow

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder.

5.0
2021-04-23 CVE-2020-36320 Vaadin Resource Exhaustion vulnerability in Vaadin

Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

5.0
2021-04-23 CVE-2021-26909 Automox Use of Insufficiently Random Values vulnerability in Automox

Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program.

5.0
2021-04-22 CVE-2021-2277 Oracle Unspecified vulnerability in Oracle Coherence

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core).

5.0
2021-04-22 CVE-2021-2204 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

5.0
2021-04-22 CVE-2021-2190 Oracle Unspecified vulnerability in Oracle Sales Offline

Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Template).

5.0
2021-04-22 CVE-2021-2189 Oracle Unspecified vulnerability in Oracle Sales Offline

Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Template).

5.0
2021-04-22 CVE-2021-2157 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: TopLink Integration).

5.0
2021-04-22 CVE-2021-27393 Siemens Use of Insufficiently Random Values vulnerability in Siemens products

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules).

5.0
2021-04-22 CVE-2021-0273 Juniper Infinite Loop vulnerability in Juniper Junos 15.1/15.2/16.1

An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop').

5.0
2021-04-22 CVE-2021-0264 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved

A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS).

5.0
2021-04-22 CVE-2021-0261 Juniper Unspecified vulnerability in Juniper Junos 12.3/12.3X48/15.1X49

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service (DoS) for these services by sending a high number of specific requests.

5.0
2021-04-22 CVE-2021-0251 Juniper NULL Pointer Dereference vulnerability in Juniper Junos 17.3/17.4/18.1

A NULL Pointer Dereference vulnerability in the Captive Portal Content Delivery (CPCD) services daemon (cpcd) of Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC allows an attacker to send malformed HTTP packets to the device thereby causing a Denial of Service (DoS), crashing the Multiservices PIC Management Daemon (mspmand) process thereby denying users the ability to login, while concurrently impacting other mspmand services and traffic through the device.

5.0
2021-04-22 CVE-2021-0250 Juniper Unspecified vulnerability in Juniper Junos

In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition.

5.0
2021-04-22 CVE-2021-0234 Juniper Improper Initialization vulnerability in Juniper Junos 17.3/17.4/18.1

Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) settings when configured from the CLI.

5.0
2021-04-22 CVE-2021-0233 Juniper Unspecified vulnerability in Juniper Junos 17.4

A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash.

5.0
2021-04-22 CVE-2021-0230 Juniper Memory Leak vulnerability in Juniper Junos

On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak.

5.0
2021-04-22 CVE-2021-0229 Juniper Resource Exhaustion vulnerability in Juniper Junos 16.1/16.2/17.1

An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets.

5.0
2021-04-22 CVE-2021-0227 Juniper Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos 17.3/17.4/18.2

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets.

5.0
2021-04-22 CVE-2021-0226 Juniper Improper Initialization vulnerability in Juniper Junos OS Evolved 20.1/20.2/20.3

On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition.

5.0
2021-04-22 CVE-2021-0225 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos OS Evolved

An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect.

5.0
2021-04-22 CVE-2020-7858 Cdnetworks Path Traversal vulnerability in Cdnetworks Aquanplayer 2.0.0.92

There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92.

5.0
2021-04-22 CVE-2021-27400 Hashicorp Improper Certificate Validation vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters.

5.0
2021-04-22 CVE-2021-31555 An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
5.0
2021-04-22 CVE-2021-31545 An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
5.0
2021-04-22 CVE-2021-29466 Discord Path Traversal vulnerability in Discord Discord-Recon 0.0.1/0.0.2/0.0.3

Discord-Recon is a bot for the Discord chat service.

5.0
2021-04-21 CVE-2020-27569 Aviatrix Incorrect Default Permissions vulnerability in Aviatrix Openvpn

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier.

5.0
2021-04-21 CVE-2020-27568 Aviatrix Incorrect Permission Assignment for Critical Resource vulnerability in Aviatrix Controller 5.3.1516

Insecure File Permissions exist in Aviatrix Controller 5.3.1516.

5.0
2021-04-21 CVE-2020-28973 Abus Information Exposure vulnerability in Abus Secvest Wireless Alarm System Fuaa50000 Firmware 3.01.17

The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface.

5.0
2021-04-20 CVE-2021-30464 Omicronenergy Resource Exhaustion vulnerability in Omicronenergy Stationguard

OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port.

5.0
2021-04-19 CVE-2021-27458 Jtekt Improper Resource Shutdown or Release vulnerability in Jtekt products

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.

5.0
2021-04-19 CVE-2021-29455 Grassroot Improper Verification of Cryptographic Signature vulnerability in Grassroot Platform

Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities.

5.0
2021-04-19 CVE-2021-20992 Fibaro Cleartext Transmission of Sensitive Information vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol.

5.0
2021-04-22 CVE-2021-2196 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.9
2021-04-22 CVE-2021-2194 Oracle
Fedoraproject
Netapp
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2021-04-22 CVE-2021-2193 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2021-04-22 CVE-2021-2191 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

4.9
2021-04-22 CVE-2021-2180 Oracle
Netapp
Fedoraproject
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2021-04-22 CVE-2021-2179 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
4.9
2021-04-22 CVE-2021-2170 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2021-04-22 CVE-2021-2169 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2021-04-22 CVE-2021-2166 Oracle
Fedoraproject
Netapp
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.9
2021-04-22 CVE-2021-2164 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2021-04-22 CVE-2021-2154 Oracle
Mariadb
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.9
2021-04-22 CVE-2021-2146 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).
4.9
2021-04-21 CVE-2021-1078 Nvidia NULL Pointer Dereference vulnerability in Nvidia GPU Display Driver

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.

4.9
2021-04-21 CVE-2021-29456 Authelia Open Redirect vulnerability in Authelia

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal.

4.9
2021-04-22 CVE-2021-28648 Trendmicro Improper Privilege Management vulnerability in Trendmicro Antivirus 10.5/11.0

Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application.

4.6
2021-04-22 CVE-2021-2250 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2021-04-22 CVE-2021-2167 Oracle Unspecified vulnerability in Oracle Solaris 10

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment).

4.6
2021-04-22 CVE-2021-2158 Oracle Unspecified vulnerability in Oracle Hyperion Financial Management 11.1.2.4

Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Task Automation).

4.6
2021-04-22 CVE-2021-0253 Juniper Command Injection vulnerability in Juniper Junos

NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process.

4.6
2021-04-22 CVE-2021-0252 Juniper Command Injection vulnerability in Juniper Junos

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process.

4.6
2021-04-22 CVE-2021-0246 Juniper Incorrect Default Permissions vulnerability in Juniper Junos 18.3/18.4/19.1

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider.

4.6
2021-04-22 CVE-2021-0235 Juniper Incorrect Default Permissions vulnerability in Juniper Junos

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider.

4.6
2021-04-22 CVE-2021-27278 Parallels Path Traversal vulnerability in Parallels Desktop 16.1.1

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141.

4.6
2021-04-22 CVE-2021-2309 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.4
2021-04-22 CVE-2021-2174 Oracle
Fedoraproject
Netapp
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.4
2021-04-22 CVE-2021-2171 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.4
2021-04-22 CVE-2021-2145 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.4
2021-04-24 CVE-2021-31794 Directum Cross-site Scripting vulnerability in Directum 5.8.2

Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.

4.3
2021-04-23 CVE-2019-25027 Vaadin Cross-site Scripting vulnerability in Vaadin Flow

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL

4.3
2021-04-23 CVE-2019-25028 Vaadin Cross-site Scripting vulnerability in Vaadin

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector

4.3
2021-04-22 CVE-2021-2211 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

4.3
2021-04-22 CVE-2021-2155 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents).

4.3
2021-04-22 CVE-2021-2153 Oracle Unspecified vulnerability in Oracle Internet Expenses

Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses).

4.3
2021-04-22 CVE-2021-24241 Advancedcustomfields Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields

The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.

4.3
2021-04-22 CVE-2021-24234 Ivorysearch Cross-site Scripting vulnerability in Ivorysearch Ivory Search

The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user.

4.3
2021-04-22 CVE-2021-24233 Boxystudio Cross-site Scripting vulnerability in Boxystudio Cooked

The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an arbitrary attribute.

4.3
2021-04-22 CVE-2021-0270 Juniper Use After Free vulnerability in Juniper Junos 18.1

On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart.

4.3
2021-04-22 CVE-2021-0263 Juniper Unspecified vulnerability in Juniper Junos 18.2/18.3/18.4

A Data Processing vulnerability in the Multi-Service process (multi-svcs) on the FPC of Juniper Networks Junos OS on the PTX Series routers may lead to the process becoming unresponsive, ultimately affecting traffic forwarding, allowing an attacker to cause a Denial of Service (DoS) condition .

4.3
2021-04-22 CVE-2021-0244 Juniper Race Condition vulnerability in Juniper Junos 14.1X53/15.1

A signal handler race condition exists in the Layer 2 Address Learning Daemon (L2ALD) of Juniper Networks Junos OS due to the absence of a specific protection mechanism to avoid a race condition which may allow an attacker to bypass the storm-control feature on devices.

4.3
2021-04-22 CVE-2021-29653 Hashicorp Improper Certificate Validation vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL.

4.3
2021-04-22 CVE-2021-22540 Dart Cross-site Scripting vulnerability in Dart Software Development KIT

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering.

4.3
2021-04-22 CVE-2021-31551 An issue was discovered in the PageForms extension for MediaWiki through 1.35.2.
4.3
2021-04-22 CVE-2021-29467 Wrongthink Project Cross-site Scripting vulnerability in Wrongthink Project Wrongthink

Wrongthink is an encrypted peer-to-peer chat program.

4.3
2021-04-21 CVE-2020-36324 Wikimedia Cross-site Scripting vulnerability in Wikimedia Analytics-Quarry-Web

Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.

4.3
2021-04-21 CVE-2020-23914 CPP Peglib Project NULL Pointer Dereference vulnerability in Cpp-Peglib Project Cpp-Peglib

An issue was discovered in cpp-peglib through v0.1.12.

4.3
2021-04-21 CVE-2020-23912 Axiosys NULL Pointer Dereference vulnerability in Axiosys Bento4

An issue was discovered in Bento4 through v1.6.0-637.

4.3
2021-04-21 CVE-2021-21647 Jenkins Unspecified vulnerability in Jenkins Cloudbees CD

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.

4.3
2021-04-21 CVE-2021-21645 Jenkins Unspecified vulnerability in Jenkins Config File Provider

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.

4.3
2021-04-20 CVE-2021-29459 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

4.3
2021-04-19 CVE-2021-31256 Gpac Memory Leak vulnerability in Gpac 1.0.1

Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

4.3
2021-04-19 CVE-2021-27029 Autodesk NULL Pointer Dereference vulnerability in Autodesk FBX Review 1.4.1.0/1.5.0

The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service.

4.3
2021-04-22 CVE-2021-2173 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Recovery component of Oracle Database Server.

4.1
2021-04-23 CVE-2020-7036 Avaya XXE vulnerability in Avaya Callback Assist 4.7.1.1

An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system.

4.0
2021-04-23 CVE-2020-7035 Avaya XXE vulnerability in Avaya Aura Orchestration Designer

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system.

4.0
2021-04-23 CVE-2021-29158 Sonatype Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.25.1

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.

4.0
2021-04-23 CVE-2018-25007 Vaadin Improper Check for Unusual or Exceptional Conditions vulnerability in Vaadin Flow and Vaadin

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.

4.0
2021-04-22 CVE-2021-2311 Oracle Unspecified vulnerability in Oracle Hospitality Inventory Management 9.1.0

Vulnerability in the Oracle Hospitality Inventory Management product of Oracle Food and Beverage Applications (component: Export to Reporting and Analytics).

4.0
2021-04-22 CVE-2021-2308 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
4.0
2021-04-22 CVE-2021-2305 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.0
2021-04-22 CVE-2021-2303 Oracle Unspecified vulnerability in Oracle OSS Support Tools 2.11.33

Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant).

4.0
2021-04-22 CVE-2021-2301 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
4.0
2021-04-22 CVE-2021-2300 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.0
2021-04-22 CVE-2021-2299 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2021-04-22 CVE-2021-2298 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2021-04-22 CVE-2021-2293 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
4.0
2021-04-22 CVE-2021-2278 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2021-04-22 CVE-2021-2257 Oracle Unspecified vulnerability in Oracle Storage Cloud Software Appliance

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console).

4.0
2021-04-22 CVE-2021-2245 Oracle Unspecified vulnerability in Oracle Database 18C/19C

Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server.

4.0
2021-04-22 CVE-2021-2230 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2021-04-22 CVE-2021-2226 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
4.0
2021-04-22 CVE-2021-2217 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
4.0
2021-04-22 CVE-2021-2215 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
4.0
2021-04-22 CVE-2021-2213 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2021-04-22 CVE-2021-2212 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2021-04-22 CVE-2021-2208 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition).
4.0
2021-04-22 CVE-2021-2203 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2021-04-22 CVE-2021-2202 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.0
2021-04-22 CVE-2021-2201 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition).
4.0
2021-04-22 CVE-2021-2162 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in).
4.0
2021-04-22 CVE-2021-2160 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2021-04-22 CVE-2021-2134 Oracle Unspecified vulnerability in Oracle Enterprise Manager 12.2.1.4

Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin).

4.0
2021-04-22 CVE-2021-27392 Siemens Use of Hard-coded Credentials vulnerability in Siemens Siveillance Video Open Network Bridge 2018/2019/2020

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2).

4.0
2021-04-22 CVE-2021-27736 Fusionauth XXE vulnerability in Fusionauth Saml V2

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.

4.0
2021-04-22 CVE-2021-31549 An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.
4.0
2021-04-22 CVE-2021-31548 Mediawiki Incorrect Authorization vulnerability in Mediawiki

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.

4.0
2021-04-22 CVE-2021-31547 Mediawiki Information Exposure vulnerability in Mediawiki

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.

4.0
2021-04-22 CVE-2021-31546 Mediawiki Information Exposure vulnerability in Mediawiki

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2.

4.0
2021-04-20 CVE-2021-28492 Unisys Unspecified vulnerability in Unisys Stealth 5.0/5.0.024/5.0.026

Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.

4.0
2021-04-20 CVE-2021-20023 Sonicwall Path Traversal vulnerability in Sonicwall Email Security and Hosted Email Security

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

4.0
2021-04-19 CVE-2021-29453 Matrix Media Repo Project Allocation of Resources Without Limits or Throttling vulnerability in Matrix-Media-Repo Project Matrix-Media-Repo

matrix-media-repo is an open-source multi-domain media repository for Matrix.

4.0

61 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-04-22 CVE-2021-24242 Themeum Path Traversal vulnerability in Themeum Tutor LMS

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file

3.8
2021-04-23 CVE-2021-31540 Wowza Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine

Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory.

3.6
2021-04-22 CVE-2021-2264 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

3.6
2021-04-22 CVE-2021-2192 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

3.6
2021-04-22 CVE-2021-2152 Oracle Unspecified vulnerability in Oracle Business Intelligence

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General).

3.6
2021-04-20 CVE-2021-1079 Nvidia Unspecified vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation.

3.6
2021-04-24 CVE-2021-31712 React Draft Wysiwyg Project Cross-site Scripting vulnerability in React Draft Wysiwyg Project React Draft Wysiwyg

react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.

3.5
2021-04-23 CVE-2020-17542 Dotcms Cross-site Scripting vulnerability in Dotcms 5.1.5

Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin/#/c/workflow" component.

3.5
2021-04-23 CVE-2020-36319 Vaadin Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow and Vaadin

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g.

3.5
2021-04-22 CVE-2021-22199 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting with 12.9.

3.5
2021-04-22 CVE-2021-2234 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

3.5
2021-04-22 CVE-2021-2214 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

3.5
2021-04-22 CVE-2021-2159 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Campus Software Campus Community 9.2

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Frameworks).

3.5
2021-04-22 CVE-2021-24232 Elbtide Cross-site Scripting vulnerability in Elbtide Advanced Booking Calendar

The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue

3.5
2021-04-22 CVE-2021-31550 Mediawiki Cross-site Scripting vulnerability in Mediawiki

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2.

3.5
2021-04-19 CVE-2021-29434 Torchbox Cross-site Scripting vulnerability in Torchbox Wagtail

Wagtail is a Django content management system.

3.5
2021-04-23 CVE-2021-31408 Vaadin Insufficient Session Expiration vulnerability in Vaadin Flow and Vaadin

Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.

3.3
2021-04-22 CVE-2021-2307 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging).
3.3
2021-04-22 CVE-2021-0271 Juniper Double Free vulnerability in Juniper Junos 12.3/15.1

A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device.

3.3
2021-04-22 CVE-2021-0267 Juniper Improper Input Validation vulnerability in Juniper Junos

An Improper Input Validation vulnerability in the active-lease query portion in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending a crafted DHCP packet to the device thereby crashing the jdhcpd DHCP service.

3.3
2021-04-22 CVE-2021-0262 Juniper Use After Free vulnerability in Juniper Junos 19.1/19.2/20.2

Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform.

3.3
2021-04-22 CVE-2021-0259 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos 17.3/17.4/18.1

Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold.

3.3
2021-04-22 CVE-2021-0257 Juniper Memory Leak vulnerability in Juniper Junos

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart.

3.3
2021-04-22 CVE-2021-0243 Juniper Unspecified vulnerability in Juniper Junos 17.3/17.4/18.1

Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial of Service (DoS) condition.

3.3
2021-04-22 CVE-2021-0241 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos

On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a specific DHCPv6 packet is received, resulting in a restart of the daemon.

3.3
2021-04-22 CVE-2021-0237 Juniper Unspecified vulnerability in Juniper Junos 15.1/17.3

On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QFX5K Series deployed as a Virtual Chassis with a specific Layer 2 circuit configuration, Packet Forwarding Engine manager (FXPC) process may crash and restart upon receipt of specific layer 2 frames.

3.3
2021-04-22 CVE-2021-0228 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos 15.1/17.3

An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to trigger unexpectedly, resulting in traffic impact.

3.3
2021-04-22 CVE-2021-0224 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos

A vulnerability in the handling of internal resources necessary to bring up a large number of Layer 2 broadband remote access subscriber (BRAS) nodes in Juniper Networks Junos OS can cause the Access Node Control Protocol daemon (ANCPD) to crash and restart, leading to a Denial of Service (DoS) condition.

3.3
2021-04-22 CVE-2021-0216 Juniper Unspecified vulnerability in Juniper Junos

A vulnerability in Juniper Networks Junos OS running on the ACX5448 and ACX710 platforms may cause BFD sessions to flap when a high rate of transit ARP packets are received.

3.3
2021-04-22 CVE-2021-0214 Juniper Improper Input Validation vulnerability in Juniper Junos 17.3/17.4/18.1

A vulnerability in the distributed or centralized periodic packet management daemon (PPMD) of Juniper Networks Junos OS may cause receipt of a malformed packet to crash and restart the PPMD process, leading to network destabilization, service interruption, and a Denial of Service (DoS) condition.

3.3
2021-04-22 CVE-2021-0240 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos

On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon.

2.9
2021-04-22 CVE-2021-2175 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Database Vault component of Oracle Database Server.

2.7
2021-04-22 CVE-2021-2207 Oracle Unspecified vulnerability in Oracle Database

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server.

2.3
2021-04-20 CVE-2021-3037 Paloaltonetworks Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs.

2.3
2021-04-23 CVE-2021-31539 Wowza Cleartext Storage of Sensitive Information vulnerability in Wowza Streaming Engine

Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file.

2.1
2021-04-23 CVE-2021-26908 Automox Information Exposure Through Log Files vulnerability in Automox

Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program.

2.1
2021-04-22 CVE-2021-2312 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2306 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2287 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2286 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2285 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2284 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2283 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2282 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2281 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2280 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2266 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2021-04-22 CVE-2021-2141 Oracle Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login).

2.1
2021-04-22 CVE-2021-0256 Juniper Improper Privilege Management vulnerability in Juniper Junos 17.3/17.4/18.1

A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file.

2.1
2021-04-22 CVE-2021-0238 Juniper Resource Exhaustion vulnerability in Juniper Junos 17.3/18.1/18.2

When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications.

2.1
2021-04-20 CVE-2020-14105 MI Unspecified vulnerability in MI Miui

The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.

2.1
2021-04-20 CVE-2021-3036 Paloaltonetworks Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly.

2.1
2021-04-23 CVE-2021-31403 Vaadin Information Exposure Through Discrepancy vulnerability in Vaadin

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack

1.9
2021-04-23 CVE-2021-31404 Vaadin Information Exposure Through Discrepancy vulnerability in Vaadin Flow and Vaadin

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack.

1.9
2021-04-23 CVE-2021-31406 Vaadin Information Exposure Through Discrepancy vulnerability in Vaadin Flow and Vaadin

Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack.

1.9
2021-04-22 CVE-2021-2297 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

1.9
2021-04-22 CVE-2021-2296 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

1.9
2021-04-22 CVE-2021-2291 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

1.9
2021-04-22 CVE-2021-2232 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
1.9
2021-04-22 CVE-2021-2149 Oracle Unspecified vulnerability in Oracle ZFS Storage Appliance 8.8

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core).

1.9
2021-04-22 CVE-2021-2147 Oracle Unspecified vulnerability in Oracle ZFS Storage Appliance 8.8

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation).

1.2