Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-0404 1 Google 1 Android 2021-03-02 2.1 LOW 4.4 MEDIUM
In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039.
CVE-2021-0405 1 Google 1 Android 2021-03-02 7.2 HIGH 6.7 MEDIUM
In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547.
CVE-2021-0403 1 Google 1 Android 2021-03-02 2.1 LOW 4.4 MEDIUM
In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124.
CVE-2021-0402 1 Google 1 Android 2021-03-02 7.2 HIGH 6.7 MEDIUM
In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311.
CVE-2021-0366 1 Google 1 Android 2021-03-02 6.9 MEDIUM 6.4 MEDIUM
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093.
CVE-2021-0367 1 Google 1 Android 2021-03-02 6.9 MEDIUM 6.4 MEDIUM
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085.
CVE-2021-0401 1 Google 1 Android 2021-03-02 6.9 MEDIUM 6.4 MEDIUM
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265.
CVE-2020-28500 1 Lodash 1 Lodash 2021-03-01 5.0 MEDIUM 5.3 MEDIUM
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)
CVE-2021-20220 1 Redhat 1 Undertow 2021-03-01 5.8 MEDIUM 4.8 MEDIUM
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2021-26678 1 Arubanetworks 1 Clearpass Policy Manager 2021-03-01 4.3 MEDIUM 6.1 MEDIUM
A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.
CVE-2020-22474 1 Weberp 1 Weberp 2021-03-01 4.0 MEDIUM 6.5 MEDIUM
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion.
CVE-2021-26595 1 Rangerstudio 1 Directus 2021-03-01 5.0 MEDIUM 5.3 MEDIUM
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2021-27583 1 Rangerstudio 1 Directus 2021-03-01 5.0 MEDIUM 5.3 MEDIUM
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-13956 1 Apache 1 Httpclient 2021-03-01 5.0 MEDIUM 5.3 MEDIUM
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
CVE-2019-18946 1 Microfocus 1 Solutions Business Manager 2021-03-01 3.8 LOW 4.8 MEDIUM
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
CVE-2021-20656 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2021-03-01 4.0 MEDIUM 4.3 MEDIUM
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.
CVE-2021-3355 1 Lightcms Project 1 Lightcms 2021-03-01 3.5 LOW 5.4 MEDIUM
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
CVE-2021-3407 1 Artifex 1 Mupdf 2021-03-01 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
CVE-2021-20657 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2021-03-01 5.5 MEDIUM 5.4 MEDIUM
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.
CVE-2020-4931 1 Ibm 1 Mq 2021-03-01 4.0 MEDIUM 6.5 MEDIUM
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.