| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-27939 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | ||
| CVE-2020-27938 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious… | ||
| CVE-2020-27936 | Hig | 0.46 | 7.1 | 0.00 | Apr 2, 2021 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause… | ||
| CVE-2020-27933 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing… | ||
| CVE-2020-27931 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur… | ||
| CVE-2020-27924 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously… | ||
| CVE-2020-27923 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously… | ||
| CVE-2020-27922 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted… | ||
| CVE-2020-27921 | Hig | 0.46 | 7.0 | 0.01 | Apr 2, 2021 | A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | ||
| CVE-2020-27920 | Hig | 0.57 | 8.8 | 0.01 | Apr 2, 2021 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously… | ||
| CVE-2020-27919 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. | ||
| CVE-2020-27915 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system… | ||
| CVE-2020-27914 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system… | ||
| CVE-2020-27908 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously… | ||
| CVE-2020-27907 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | ||
| CVE-2020-27899 | Hig | 0.51 | 7.8 | 0.00 | Apr 2, 2021 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges. | ||
| CVE-2020-27897 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel… | ||
| CVE-2020-10015 | Hig | 0.51 | 7.8 | 0.01 | Apr 2, 2021 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel… | ||
| CVE-2021-22203 | Hig | 0.49 | 7.5 | 0.01 | Apr 2, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on… | ||
| CVE-2020-11925 | Hig | 0.57 | 8.8 | 0.01 | Apr 2, 2021 | An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model. | ||
| CVE-2019-20466 | Hig | 0.51 | 7.8 | 0.00 | Apr 2, 2021 | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker… | ||
| CVE-2019-20465 | Hig | 0.49 | 7.5 | 0.01 | Apr 2, 2021 | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality. | ||
| CVE-2019-20464 | Hig | 0.49 | 7.5 | 0.02 | Apr 2, 2021 | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application… | ||
| CVE-2019-20463 | Hig | 0.49 | 7.5 | 0.02 | Apr 2, 2021 | An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot.… | ||
| CVE-2021-21400 | Hig | 0.00 | 7.1 | 0.01 | Apr 2, 2021 | wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does… | ||
| CVE-2021-22696 | Hig | 0.42 | 7.5 | 0.07 | Apr 2, 2021 | CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also… | ||
| CVE-2021-23924 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2021 | An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | ||
| CVE-2021-23923 | Hig | 0.53 | 8.1 | 0.01 | Apr 1, 2021 | An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. | ||
| CVE-2021-21421 | Hig | 0.46 | 8.1 | 0.01 | Apr 1, 2021 | node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later. | ||
| CVE-2021-21420 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2021 | vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary… | ||
| CVE-2021-29421 | — | Hig | 0.42 | 7.5 | 0.02 | Apr 1, 2021 | models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. | |
| CVE-2020-19613 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2021 | Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | ||
| CVE-2021-25924 | Hig | 0.00 | 8.8 | 0.01 | Apr 1, 2021 | In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands… | ||
| CVE-2021-22195 | Hig | 0.56 | 8.6 | 0.01 | Apr 1, 2021 | Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system | ||
| CVE-2020-9147 | Hig | 0.51 | 7.8 | 0.00 | Apr 1, 2021 | A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read. | ||
| CVE-2021-28165 | Hig | 0.53 | 7.5 | 0.54 | Apr 1, 2021 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | ||
| CVE-2021-28545 | Hig | 0.53 | 8.1 | 0.02 | Apr 1, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without… | ||
| CVE-2021-20235 | Hig | 0.49 | 8.1 | 0.44 | Apr 1, 2021 | There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to… | ||
| CVE-2021-29083 | Hig | 0.47 | 7.2 | 0.03 | Apr 1, 2021 | Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. | ||
| CVE-2021-29942 | — | Hig | 0.48 | 7.3 | 0.01 | Apr 1, 2021 | An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large. | |
| CVE-2021-29941 | — | Hig | 0.48 | 7.3 | 0.01 | Apr 1, 2021 | An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small. | |
| CVE-2021-29939 | — | Hig | 0.48 | 7.3 | 0.01 | Apr 1, 2021 | An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data. | |
| CVE-2021-29938 | — | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2021 | An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function. | |
| CVE-2021-29935 | — | Hig | 0.41 | 7.3 | 0.01 | Apr 1, 2021 | An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics. | |
| CVE-2021-29934 | — | Hig | 0.41 | 7.3 | 0.01 | Apr 1, 2021 | An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation. | |
| CVE-2021-29933 | — | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2021 | An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics. | |
| CVE-2021-29932 | — | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2021 | An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent. | |
| CVE-2021-29931 | — | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2021 | An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop(). | |
| CVE-2021-29930 | — | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2021 | An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default(). | |
| CVE-2021-29929 | — | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2021 | An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics. |
- risk 0.51cvss 7.8epss 0.01
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious…
- risk 0.46cvss 7.1epss 0.00
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause…
- risk 0.51cvss 7.8epss 0.01
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing…
- risk 0.51cvss 7.8epss 0.01
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur…
- risk 0.51cvss 7.8epss 0.01
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously…
- risk 0.51cvss 7.8epss 0.01
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously…
- risk 0.51cvss 7.8epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted…
- risk 0.46cvss 7.0epss 0.01
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.
- risk 0.57cvss 8.8epss 0.01
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously…
- risk 0.51cvss 7.8epss 0.01
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.01
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system…
- risk 0.51cvss 7.8epss 0.01
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system…
- risk 0.51cvss 7.8epss 0.01
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously…
- risk 0.51cvss 7.8epss 0.01
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.
- risk 0.51cvss 7.8epss 0.00
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.
- risk 0.51cvss 7.8epss 0.01
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel…
- risk 0.51cvss 7.8epss 0.01
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel…
- risk 0.49cvss 7.5epss 0.01
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot.…
- risk 0.00cvss 7.1epss 0.01
wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does…
- risk 0.42cvss 7.5epss 0.07
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.
- risk 0.53cvss 8.1epss 0.01
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.
- risk 0.46cvss 8.1epss 0.01
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.
- risk 0.49cvss 7.5epss 0.01
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary…
- risk 0.42cvss 7.5epss 0.02
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
- risk 0.49cvss 7.5epss 0.01
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
- risk 0.00cvss 8.8epss 0.01
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands…
- risk 0.56cvss 8.6epss 0.01
Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system
- risk 0.51cvss 7.8epss 0.00
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read.
- risk 0.53cvss 7.5epss 0.54
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
- risk 0.53cvss 8.1epss 0.02
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without…
- risk 0.49cvss 8.1epss 0.44
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to…
- risk 0.47cvss 7.2epss 0.03
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
- risk 0.48cvss 7.3epss 0.01
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large.
- risk 0.48cvss 7.3epss 0.01
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small.
- risk 0.48cvss 7.3epss 0.01
An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.
- risk 0.41cvss 7.3epss 0.01
An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics.
- risk 0.41cvss 7.3epss 0.01
An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop().
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default().
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics.