IDCVSSSummaryLast (major) updatePublished
CVE-2020-12530 None
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.
02-03-2021 - 22:15 02-03-2021 - 22:15
CVE-2020-12528 None
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.
02-03-2021 - 22:15 02-03-2021 - 22:15
CVE-2020-12529 None
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.
02-03-2021 - 22:15 02-03-2021 - 22:15
CVE-2020-12527 None
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to.
02-03-2021 - 22:15 02-03-2021 - 22:15
CVE-2021-23840 5.0
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value
02-03-2021 - 22:15 16-02-2021 - 17:15
CVE-2021-23841 5.0
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while
02-03-2021 - 22:15 16-02-2021 - 17:15
CVE-2021-21311 6.4
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected.
02-03-2021 - 22:15 11-02-2021 - 21:15
CVE-2021-0215 2.9
On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packe
02-03-2021 - 22:15 15-01-2021 - 18:15
CVE-2020-15705 4.4
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB imag
02-03-2021 - 22:15 29-07-2020 - 18:15
CVE-2021-24073 5.8
Skype for Business and Lync Spoofing Vulnerability
02-03-2021 - 22:13 25-02-2021 - 23:15
CVE-2021-24074 7.5
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094.
02-03-2021 - 21:59 25-02-2021 - 23:15
CVE-2021-24094 7.5
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074.
02-03-2021 - 21:57 25-02-2021 - 23:15
CVE-2020-27543 5.0
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.
02-03-2021 - 21:43 25-02-2021 - 17:15
CVE-2021-27579 4.4
Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabl
02-03-2021 - 21:33 23-02-2021 - 18:15
CVE-2021-21064 4.0
Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malic
02-03-2021 - 21:27 25-02-2021 - 14:15
CVE-2020-27223 None
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS)
02-03-2021 - 21:15 26-02-2021 - 22:15
CVE-2020-11276 9.4
Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consume
02-03-2021 - 21:15 22-02-2021 - 07:15
CVE-2020-35269 6.8
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
02-03-2021 - 21:15 23-12-2020 - 19:15
CVE-2018-6621 4.3
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
02-03-2021 - 21:11 05-02-2018 - 04:29
CVE-2020-27221 7.5
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
02-03-2021 - 21:09 21-01-2021 - 05:15
CVE-2021-25177 6.8
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash
02-03-2021 - 21:09 18-01-2021 - 08:15
CVE-2021-2036 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
02-03-2021 - 21:03 20-01-2021 - 15:15
CVE-2020-36232 4.0
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups a
02-03-2021 - 20:44 22-02-2021 - 21:15
CVE-2020-29453 5.0
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-I
02-03-2021 - 20:42 22-02-2021 - 21:15
CVE-2020-11278 7.8
Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, S
02-03-2021 - 20:41 22-02-2021 - 07:15
CVE-2020-11277 6.9
Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
02-03-2021 - 20:40 22-02-2021 - 07:15
CVE-2021-21258 None
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerab
02-03-2021 - 20:15 02-03-2021 - 20:15
CVE-2021-21255 None
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixe
02-03-2021 - 20:15 02-03-2021 - 20:15
CVE-2020-11270 7.8
Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivi
02-03-2021 - 19:52 22-02-2021 - 07:15
CVE-2021-3273 9.0
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.
02-03-2021 - 19:45 25-02-2021 - 14:15
CVE-2020-11280 7.8
Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electro
02-03-2021 - 19:35 22-02-2021 - 07:15
CVE-2021-22294 None
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.
02-03-2021 - 19:15 02-03-2021 - 19:15
CVE-2021-22187 None
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 12.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted.
02-03-2021 - 19:15 02-03-2021 - 19:15
CVE-2021-22296 None
A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.
02-03-2021 - 19:15 02-03-2021 - 19:15
CVE-2020-28657 None
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
02-03-2021 - 19:15 02-03-2021 - 19:15
CVE-2021-27885 None
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
02-03-2021 - 19:15 02-03-2021 - 19:15
CVE-2021-27804 None
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.
02-03-2021 - 19:15 02-03-2021 - 01:15
CVE-2020-36254 6.8
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
02-03-2021 - 19:09 25-02-2021 - 09:15
CVE-2020-11281 5.0
Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snap
02-03-2021 - 18:54 22-02-2021 - 07:15
CVE-2020-11297 7.8
Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Sna
02-03-2021 - 18:48 22-02-2021 - 07:15
CVE-2020-3664 3.6
Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrag
02-03-2021 - 18:44 22-02-2021 - 07:15
CVE-2021-25330 None
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.
02-03-2021 - 18:15 02-03-2021 - 18:15
CVE-2021-3384 None
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7
02-03-2021 - 18:15 02-03-2021 - 18:15
CVE-2020-28243 None
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-b
02-03-2021 - 18:15 27-02-2021 - 05:15
CVE-2020-28972 None
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
02-03-2021 - 18:15 27-02-2021 - 05:15
CVE-2021-3197 None
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
02-03-2021 - 18:15 27-02-2021 - 05:15
CVE-2021-25283 None
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
02-03-2021 - 18:15 27-02-2021 - 05:15
CVE-2021-25282 None
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
02-03-2021 - 18:15 27-02-2021 - 05:15
CVE-2021-3148 None
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/uti
02-03-2021 - 18:15 27-02-2021 - 05:15
CVE-2021-25284 None
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
02-03-2021 - 18:15 27-02-2021 - 05:15
Back to Top Mark selected
Back to Top