Critical
CVE-2021-20617
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative…
Read moreUncategorized 2021
Page 26/26.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2021-01-14
2021-01-13
High
CVE-2020-14101
The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
Read moreHigh
CVE-2020-14097
Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18.
Read moreMedium
CVE-2021-1258
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operatin…
Read moreHigh
CVE-2021-23900
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these sit…
Read more2021-01-12
High
CVE-2021-3134
Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878.
Read moreHigh
CVE-2021-1723
ASP.NET Core and Visual Studio Denial of Service Vulnerability
Read moreHigh
CVE-2021-1718
Microsoft SharePoint Server Tampering Vulnerability
Read moreMedium
CVE-2021-1717
Microsoft SharePoint Server Spoofing Vulnerability
Read moreHigh
CVE-2021-1716
Microsoft Word Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1714
Microsoft Excel Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1711
Microsoft Office Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1710
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-1708
Windows GDI+ Information Disclosure Vulnerability
Read moreHigh
CVE-2021-1707
Microsoft SharePoint Server Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-1705
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Read moreHigh
CVE-2021-1701
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1700
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-1699
Windows (modem.sys) Information Disclosure Vulnerability
Read moreMedium
CVE-2021-1696
Windows Graphics Component Information Disclosure Vulnerability
Read moreHigh
CVE-2021-1692
Windows Hyper-V Denial of Service Vulnerability
Read moreHigh
CVE-2021-1691
Windows Hyper-V Denial of Service Vulnerability
Read moreMedium
CVE-2021-1684
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To…
Read moreMedium
CVE-2021-1683
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To…
Read moreMedium
CVE-2021-1679
Windows CryptoAPI Denial of Service Vulnerability
Read moreHigh
CVE-2021-1678
Windows Print Spooler Spoofing Vulnerability
Read moreMedium
CVE-2021-1676
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
Read moreHigh
CVE-2021-1674
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Read moreHigh
CVE-2021-1673
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-1672
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Read moreHigh
CVE-2021-1671
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-1670
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Read moreHigh
CVE-2021-1669
Windows Remote Desktop Security Feature Bypass Vulnerability
Read moreHigh
CVE-2021-1668
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1667
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1666
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1665
GDI+ Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1664
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-1663
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Read moreHigh
CVE-2021-1660
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1658
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-1656
TPM Device Driver Information Disclosure Vulnerability
Read moreHigh
CVE-2021-1647
Microsoft Defender Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-1645
Windows Docker Information Disclosure Vulnerability
Read moreHigh
CVE-2021-1644
HEVC Video Extensions Remote Code Execution Vulnerability
Read moreHigh
CVE-2021-1643
HEVC Video Extensions Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-1641
Microsoft SharePoint Server Spoofing Vulnerability
Read moreHigh
CVE-2021-1638
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To…
Read moreMedium
CVE-2021-1637
Windows DNS Query Information Disclosure Vulnerability
Read moreCritical
CVE-2021-3129
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(…
Read moreMedium
CVE-2021-21471
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity…
Read moreMedium
CVE-2021-21448
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can acce…
Read moreHigh
CVE-2021-21446
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service,…
Read moreCritical
CVE-2020-14275
Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unau…
Read moreHigh
CVE-2020-14274
Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors.
Read more2021-01-11
Medium
CVE-2021-0309
In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User…
Read moreHigh
CVE-2021-0307
In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege al…
Read moreMedium
CVE-2021-23253
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With t…
Read moreLow
CVE-2020-24003
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access…
Read moreMedium
CVE-2019-3405
In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause ot…
Read moreHigh
CVE-2020-17508
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
Read moreMedium
CVE-2020-13922
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
Read more2021-01-08
Medium
CVE-2020-5017
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653.
Read moreHigh
CVE-2020-16043
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.
Read moreMedium
CVE-2020-16036
Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.
Read moreHigh
CVE-2020-16035
Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a mal…
Read moreMedium
CVE-2020-16034
Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page.
Read moreHigh
CVE-2020-16022
Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page.
Read moreHigh
CVE-2020-16020
Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass discretionary access control…
Read moreHigh
CVE-2020-16019
Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a mal…
Read moreCritical
CVE-2020-16016
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H…
Read moreMedium
CVE-2020-16012
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Read moreCritical
CVE-2020-8584
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.
Read moreMedium
CVE-2021-1055
NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of…
Read moreHigh
CVE-2021-1052
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can acces…
Read more2021-01-07
Critical
CVE-2019-18642
Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any u…
Read moreHigh
CVE-2020-28672
MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php cau…
Read moreHigh
CVE-2020-35112
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an…
Read moreMedium
CVE-2020-35111
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a us…
Read moreMedium
CVE-2020-26978
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerabi…
Read moreMedium
CVE-2020-26977
By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects F…
Read moreMedium
CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe…
Read moreMedium
CVE-2020-26975
When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authori…
Read moreHigh
CVE-2020-26973
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird…
Read more2021-01-06
Medium
CVE-2020-29041
A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScrip…
Read moreMedium
CVE-2020-36170
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.
Read moreCritical
CVE-2020-36169
An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on th…
Read moreCritical
CVE-2020-36168
An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library…
Read moreCritical
CVE-2020-36166
An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (a…
Read moreCritical
CVE-2020-36165
An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openss…
Read moreCritical
CVE-2020-36164
An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does n…
Read moreCritical
CVE-2020-36163
An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on…
Read moreCritical
CVE-2020-36162
An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration…
Read moreHigh
CVE-2020-36161
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directo…
Read moreCritical
CVE-2020-36160
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf config…
Read more2021-01-05
High
CVE-2020-36066
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
Read moreMedium
CVE-2020-36159
Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication.
Read moreMedium
CVE-2021-3022
An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021).
Read moreMedium
CVE-2021-22494
An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequentl…
Read moreMedium
CVE-2020-7202
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose t…
Read moreHigh
CVE-2020-4762
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access co…
Read more2021-01-04
Critical
CVE-2020-36157
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that cou…
Read moreMedium
CVE-2020-24386
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email m…
Read moreLow
CVE-2020-4919
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.
Read moreHigh
CVE-2020-4912
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.
Read more2021-01-03
High
CVE-2020-35962
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.
Read moreHigh
CVE-2021-3006
The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in Decemb…
Read moreMedium
CVE-2020-28841
MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1.
Read moreMedium
CVE-2021-3005
MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.
Read moreMedium
CVE-2020-35952
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect user…
Read more2021-01-01
High
CVE-2020-35935
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism…
Read moreHigh
CVE-2016-20003
The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
Read moreHigh
CVE-2016-20008
The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
Read moreHigh
CVE-2016-20006
The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
Read more