-
2021-02-26 21:15:12
In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; National Vulnerability Database
-
2021-02-26 21:15:12
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: National Vulnerability Database
-
2021-02-26 21:15:12
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: National Vulnerability Database
-
2021-02-26 21:15:12
In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. National Vulnerability Database
-
2021-02-26 21:15:12
In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: National Vulnerability Database
-
2021-02-26 21:15:12
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: National Vulnerability Database
-
2021-02-26 21:15:12
In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. National Vulnerability Database
-
2021-02-26 04:15:12
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.National Vulnerability Database
-
2021-02-26 04:15:12
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.National Vulnerability Database
-
2021-02-26 04:15:12
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.National Vulnerability Database
-
2021-02-26 04:15:12
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.National Vulnerability Database
-
2021-02-26 04:15:12
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.National Vulnerability Database
-
2021-02-26 04:15:12
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.National Vulnerability Database
-
2021-02-25 23:15:16
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.National Vulnerability Database
-
2021-02-25 23:15:16
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.National Vulnerability Database
-
2021-02-25 23:15:13
.NET Core and Visual Studio Denial of Service VulnerabilityNational Vulnerability Database
-
2021-02-25 15:15:12
Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.National Vulnerability Database
-
2021-02-25 14:15:12
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. National Vulnerability Database
-
2021-02-25 14:15:12
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. National Vulnerability Database
-
2021-02-25 01:15:13
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.National Vulnerability Database
-
2021-02-25 01:15:13
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.National Vulnerability Database
-
2021-02-24 20:15:13
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. National Vulnerability Database
-
2021-02-24 20:15:13
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. National Vulnerability Database
-
2021-02-24 20:15:13
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, National Vulnerability Database
-
2021-02-24 20:15:13
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, National Vulnerability Database
-
2021-02-24 18:15:12
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.National Vulnerability Database
-
2021-02-24 18:15:11
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, National Vulnerability Database
-
2021-02-24 18:15:11
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, National Vulnerability Database
-
2021-02-24 17:15:16
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, National Vulnerability Database
-
2021-02-24 17:15:15
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.National Vulnerability Database
-
2021-02-24 17:15:15
VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. National Vulnerability Database
-
2021-02-24 16:15:15
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.National Vulnerability Database
-
2021-02-24 16:15:15
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.National Vulnerability Database
-
2021-02-24 16:15:15
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, National Vulnerability Database
-
2021-02-24 16:15:14
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.National Vulnerability Database
-
2021-02-24 16:15:14
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, National Vulnerability Database
-
2021-02-24 16:15:14
A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations.National Vulnerability Database
-
2021-02-24 16:15:14
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. National Vulnerability Database
-
2021-02-24 16:15:14
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.National Vulnerability Database
-
2021-02-24 16:15:14
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.National Vulnerability Database
-
2021-02-24 15:15:13
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.National Vulnerability Database
-
2021-02-24 15:15:13
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, National Vulnerability Database
-
2021-02-24 12:15:23
Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.National Vulnerability Database
-
2021-02-24 12:15:23
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.National Vulnerability Database
-
2021-02-24 12:15:23
Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.National Vulnerability Database
-
2021-02-24 12:15:22
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.National Vulnerability Database
-
2021-02-24 12:15:22
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.National Vulnerability Database
-
2021-02-24 12:15:22
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, National Vulnerability Database
-
2021-02-24 12:15:22
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.National Vulnerability Database