| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25329 | — | Hig | 0.39 | 7.0 | 0.09 | Mar 1, 2021 | The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note… | |
| CVE-2021-25122 | — | Hig | 0.50 | 7.5 | 0.18 | Mar 1, 2021 | When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the… | |
| CVE-2020-35662 | — | Hig | 0.48 | 7.4 | 0.03 | Feb 27, 2021 | In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | |
| CVE-2020-28243 | — | Hig | 0.51 | 7.8 | 0.04 | Feb 27, 2021 | An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | |
| CVE-2019-25021 | Hig | 0.49 | 7.5 | 0.01 | Feb 27, 2021 | An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. | ||
| CVE-2019-25020 | Hig | 0.49 | 7.5 | 0.01 | Feb 27, 2021 | An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. | ||
| CVE-2021-27803 | Hig | 0.49 | 7.5 | 0.01 | Feb 26, 2021 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | ||
| CVE-2020-36079 | Hig | 0.47 | 7.2 | 0.05 | Feb 26, 2021 | Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example,… | ||
| CVE-2021-27799 | Hig | 0.49 | 7.5 | 0.02 | Feb 26, 2021 | ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code. | ||
| CVE-2021-26567 | Hig | 0.00 | 7.8 | 0.01 | Feb 26, 2021 | Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. | ||
| CVE-2021-26566 | Hig | 0.54 | 8.3 | 0.01 | Feb 26, 2021 | Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. | ||
| CVE-2021-26565 | Hig | 0.54 | 8.3 | 0.01 | Feb 26, 2021 | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. | ||
| CVE-2021-26564 | Hig | 0.54 | 8.3 | 0.01 | Feb 26, 2021 | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | ||
| CVE-2021-26563 | Hig | 0.53 | 8.2 | 0.01 | Feb 26, 2021 | Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | ||
| CVE-2021-21297 | Hig | 0.50 | 7.7 | 0.01 | Feb 26, 2021 | Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to… | ||
| CVE-2021-23979 | Hig | 0.57 | 8.8 | 0.01 | Feb 26, 2021 | Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. | ||
| CVE-2021-23978 | Hig | 0.57 | 8.8 | 0.02 | Feb 26, 2021 | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects… | ||
| CVE-2021-23965 | Hig | 0.57 | 8.8 | 0.01 | Feb 26, 2021 | Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. | ||
| CVE-2021-23964 | Hig | 0.57 | 8.8 | 0.01 | Feb 26, 2021 | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects… | ||
| CVE-2020-24686 | Hig | 0.49 | 7.5 | 0.01 | Feb 26, 2021 | The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show… | ||
| CVE-2021-22661 | Hig | 0.49 | 7.5 | 0.01 | Feb 26, 2021 | Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior). | ||
| CVE-2020-28646 | Hig | 0.51 | 7.8 | 0.01 | Feb 26, 2021 | ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. | ||
| CVE-2019-18945 | Hig | 0.47 | 7.3 | 0.00 | Feb 26, 2021 | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | ||
| CVE-2021-23962 | Hig | 0.57 | 8.8 | 0.01 | Feb 26, 2021 | Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. | ||
| CVE-2021-23961 | Hig | 0.48 | 7.4 | 0.01 | Feb 26, 2021 | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. | ||
| CVE-2021-23960 | Hig | 0.57 | 8.8 | 0.01 | Feb 26, 2021 | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | ||
| CVE-2021-23957 | Hig | 0.48 | 7.4 | 0.01 | Feb 26, 2021 | Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | ||
| CVE-2021-23954 | Hig | 0.57 | 8.8 | 0.01 | Feb 26, 2021 | Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | ||
| CVE-2021-23976 | Hig | 0.53 | 8.1 | 0.01 | Feb 26, 2021 | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to… | ||
| CVE-2021-23972 | Hig | 0.57 | 8.8 | 0.01 | Feb 26, 2021 | One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a… | ||
| CVE-2021-26701 | Hig | 0.55 | 8.1 | 0.30 | Feb 25, 2021 | .NET Core Remote Code Execution Vulnerability | ||
| CVE-2021-26700 | Hig | 0.51 | 7.8 | 0.06 | Feb 25, 2021 | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | ||
| CVE-2021-25195 | Hig | 0.51 | 7.8 | 0.01 | Feb 25, 2021 | Windows PKU2U Elevation of Privilege Vulnerability | ||
| CVE-2021-24112 | Hig | 0.53 | 8.1 | 0.03 | Feb 25, 2021 | .NET Core Remote Code Execution Vulnerability | ||
| CVE-2021-24111 | Hig | 0.49 | 7.5 | 0.04 | Feb 25, 2021 | .NET Framework Denial of Service Vulnerability | ||
| CVE-2021-24105 | Hig | 0.55 | 8.4 | 0.02 | Feb 25, 2021 | Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code… | ||
| CVE-2021-24103 | Hig | 0.51 | 7.8 | 0.01 | Feb 25, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | ||
| CVE-2021-24102 | Hig | 0.51 | 7.8 | 0.01 | Feb 25, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | ||
| CVE-2021-24096 | Hig | 0.51 | 7.8 | 0.01 | Feb 25, 2021 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2021-24093 | Hig | 0.61 | 8.8 | 0.44 | Feb 25, 2021 | Windows Graphics Component Remote Code Execution Vulnerability | ||
| CVE-2021-24092 | Hig | 0.51 | 7.8 | 0.01 | Feb 25, 2021 | Microsoft Defender Elevation of Privilege Vulnerability | ||
| CVE-2021-24091 | Hig | 0.51 | 7.8 | 0.03 | Feb 25, 2021 | Windows Camera Codec Pack Remote Code Execution Vulnerability | ||
| CVE-2021-24088 | Hig | 0.57 | 8.8 | 0.02 | Feb 25, 2021 | Windows Local Spooler Remote Code Execution Vulnerability | ||
| CVE-2021-24087 | Hig | 0.46 | 7.0 | 0.00 | Feb 25, 2021 | Azure IoT CLI extension Elevation of Privilege Vulnerability | ||
| CVE-2021-24086 | Hig | 0.53 | 7.5 | 0.59 | Feb 25, 2021 | Windows TCP/IP Denial of Service Vulnerability | ||
| CVE-2021-24083 | Hig | 0.51 | 7.8 | 0.03 | Feb 25, 2021 | Windows Address Book Remote Code Execution Vulnerability | ||
| CVE-2021-24081 | Hig | 0.51 | 7.8 | 0.02 | Feb 25, 2021 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | ||
| CVE-2021-24072 | Hig | 0.57 | 8.8 | 0.02 | Feb 25, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2021-24070 | Hig | 0.51 | 7.8 | 0.02 | Feb 25, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-24069 | Hig | 0.51 | 7.8 | 0.02 | Feb 25, 2021 | Microsoft Excel Remote Code Execution Vulnerability |
- risk 0.39cvss 7.0epss 0.09
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note…
- risk 0.50cvss 7.5epss 0.18
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the…
- risk 0.48cvss 7.4epss 0.03
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
- risk 0.51cvss 7.8epss 0.04
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI.
- risk 0.49cvss 7.5epss 0.01
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
- risk 0.47cvss 7.2epss 0.05
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example,…
- risk 0.49cvss 7.5epss 0.02
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.
- risk 0.00cvss 7.8epss 0.01
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
- risk 0.54cvss 8.3epss 0.01
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
- risk 0.54cvss 8.3epss 0.01
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
- risk 0.54cvss 8.3epss 0.01
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
- risk 0.53cvss 8.2epss 0.01
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
- risk 0.50cvss 7.7epss 0.01
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to…
- risk 0.57cvss 8.8epss 0.01
Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.
- risk 0.57cvss 8.8epss 0.02
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…
- risk 0.57cvss 8.8epss 0.01
Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.
- risk 0.57cvss 8.8epss 0.01
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…
- risk 0.49cvss 7.5epss 0.01
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show…
- risk 0.49cvss 7.5epss 0.01
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).
- risk 0.51cvss 7.8epss 0.01
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.
- risk 0.47cvss 7.3epss 0.00
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
- risk 0.57cvss 8.8epss 0.01
Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.
- risk 0.48cvss 7.4epss 0.01
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
- risk 0.57cvss 8.8epss 0.01
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
- risk 0.48cvss 7.4epss 0.01
Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.
- risk 0.57cvss 8.8epss 0.01
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
- risk 0.53cvss 8.1epss 0.01
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to…
- risk 0.57cvss 8.8epss 0.01
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a…
- risk 0.55cvss 8.1epss 0.30
.NET Core Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.06
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows PKU2U Elevation of Privilege Vulnerability
- risk 0.53cvss 8.1epss 0.03
.NET Core Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.04
.NET Framework Denial of Service Vulnerability
- risk 0.55cvss 8.4epss 0.02
Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code…
- risk 0.51cvss 7.8epss 0.01
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.61cvss 8.8epss 0.44
Windows Graphics Component Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Microsoft Defender Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.03
Windows Camera Codec Pack Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Local Spooler Remote Code Execution Vulnerability
- risk 0.46cvss 7.0epss 0.00
Azure IoT CLI extension Elevation of Privilege Vulnerability
- risk 0.53cvss 7.5epss 0.59
Windows TCP/IP Denial of Service Vulnerability
- risk 0.51cvss 7.8epss 0.03
Windows Address Book Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability