Search
Total
30003 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-0404 | 1 Google | 1 Android | 2021-03-02 | 2.1 LOW | 4.4 MEDIUM |
In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039. | |||||
CVE-2021-0405 | 1 Google | 1 Android | 2021-03-02 | 7.2 HIGH | 6.7 MEDIUM |
In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547. | |||||
CVE-2021-0403 | 1 Google | 1 Android | 2021-03-02 | 2.1 LOW | 4.4 MEDIUM |
In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124. | |||||
CVE-2021-0402 | 1 Google | 1 Android | 2021-03-02 | 7.2 HIGH | 6.7 MEDIUM |
In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311. | |||||
CVE-2021-0366 | 1 Google | 1 Android | 2021-03-02 | 6.9 MEDIUM | 6.4 MEDIUM |
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093. | |||||
CVE-2021-0367 | 1 Google | 1 Android | 2021-03-02 | 6.9 MEDIUM | 6.4 MEDIUM |
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085. | |||||
CVE-2021-0401 | 1 Google | 1 Android | 2021-03-02 | 6.9 MEDIUM | 6.4 MEDIUM |
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265. | |||||
CVE-2020-28500 | 1 Lodash | 1 Lodash | 2021-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2) | |||||
CVE-2021-20220 | 1 Redhat | 1 Undertow | 2021-03-01 | 5.8 MEDIUM | 4.8 MEDIUM |
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
CVE-2021-26678 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | |||||
CVE-2020-22474 | 1 Weberp | 1 Weberp | 2021-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion. | |||||
CVE-2021-26595 | 1 Rangerstudio | 1 Directus | 2021-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2021-27583 | 1 Rangerstudio | 1 Directus | 2021-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-13956 | 1 Apache | 1 Httpclient | 2021-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | |||||
CVE-2019-18946 | 1 Microfocus | 1 Solutions Business Manager | 2021-03-01 | 3.8 LOW | 4.8 MEDIUM |
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. | |||||
CVE-2021-20656 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2021-03-01 | 4.0 MEDIUM | 4.3 MEDIUM |
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors. | |||||
CVE-2021-3355 | 1 Lightcms Project | 1 Lightcms | 2021-03-01 | 3.5 LOW | 5.4 MEDIUM |
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords. | |||||
CVE-2021-3407 | 1 Artifex | 1 Mupdf | 2021-03-01 | 4.3 MEDIUM | 5.5 MEDIUM |
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. | |||||
CVE-2021-20657 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2021-03-01 | 5.5 MEDIUM | 5.4 MEDIUM |
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors. | |||||
CVE-2020-4931 | 1 Ibm | 1 Mq | 2021-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747. |