Virus and Security Alerts

CVE-2021-0402 (android)

2021-02-26 21:15:12
In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android;
National Vulnerability Database
CVE-2021-0401 (android)

2021-02-26 21:15:12
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions:
National Vulnerability Database
CVE-2021-0366 (android)

2021-02-26 21:15:12
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:
National Vulnerability Database
CVE-2021-0404 (android)

2021-02-26 21:15:12
In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
National Vulnerability Database
CVE-2021-0403 (android)

2021-02-26 21:15:12
In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product:
National Vulnerability Database
CVE-2021-0367 (android)

2021-02-26 21:15:12
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:
National Vulnerability Database
CVE-2021-0405 (android)

2021-02-26 21:15:12
In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
National Vulnerability Database
CVE-2019-18944 (solutions_business_manager)

2021-02-26 04:15:12
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
National Vulnerability Database
CVE-2019-18942 (solutions_business_manager)

2021-02-26 04:15:12
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
National Vulnerability Database
CVE-2019-18945 (solutions_business_manager)

2021-02-26 04:15:12
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
National Vulnerability Database
CVE-2019-18943 (solutions_business_manager)

2021-02-26 04:15:12
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
National Vulnerability Database
CVE-2019-18946 (solutions_business_manager)

2021-02-26 04:15:12
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
National Vulnerability Database
CVE-2019-18947 (solutions_business_manager)

2021-02-26 04:15:12
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.
National Vulnerability Database
CVE-2021-26701 (.net, .net_core)

2021-02-25 23:15:16
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.
National Vulnerability Database
CVE-2021-24112 (.net, .net_core, mono, visual_studio_2019)

2021-02-25 23:15:16
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.
National Vulnerability Database
CVE-2021-1721 (.net, .net_core, powershell_core, visual_studio_2017, visual_studio_2019)

2021-02-25 23:15:13
.NET Core and Visual Studio Denial of Service Vulnerability
National Vulnerability Database
CVE-2021-3124 (custom_global_variables)

2021-02-25 15:15:12
Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.
National Vulnerability Database
CVE-2021-21065 (bridge)

2021-02-25 14:15:12
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user.
National Vulnerability Database
CVE-2021-21066 (bridge)

2021-02-25 14:15:12
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user.
National Vulnerability Database
CVE-2021-27670 (appspace)

2021-02-25 01:15:13
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
National Vulnerability Database
CVE-2021-27671 (comrak)

2021-02-25 01:15:13
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
National Vulnerability Database
CVE-2021-1450 (anyconnect_secure_mobility_client)

2021-02-24 20:15:13
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
National Vulnerability Database
CVE-2021-1388 (aci_multi-site_orchestrator, application_policy_infrastructure_controller)

2021-02-24 20:15:13
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
National Vulnerability Database
CVE-2021-1396 (application_policy_infrastructure_controller, application_services_engine)

2021-02-24 20:15:13
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files,
National Vulnerability Database
CVE-2021-1393 (application_policy_infrastructure_controller, application_services_engine)

2021-02-24 20:15:13
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files,
National Vulnerability Database
CVE-2020-4931 (mq)

2021-02-24 18:15:12
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.
National Vulnerability Database
CVE-2020-11988 (xmlgraphics_commons)

2021-02-24 18:15:11
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument,
National Vulnerability Database
CVE-2020-11987 (batik)

2021-02-24 18:15:11
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument,
National Vulnerability Database
CVE-2021-22667 (bb-eswgp506-2sfp-t_firmware)

2021-02-24 17:15:16
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials,
National Vulnerability Database
CVE-2020-27224 (theia)

2021-02-24 17:15:15
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.
National Vulnerability Database
CVE-2020-7836 (voiceye_wsactivebridges)

2021-02-24 17:15:15
VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack.
National Vulnerability Database
CVE-2021-21622 (artifact_repository_parameter)

2021-02-24 16:15:15
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
National Vulnerability Database
CVE-2021-21620 (claim)

2021-02-24 16:15:15
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.
National Vulnerability Database
CVE-2021-21621 (support_core)

2021-02-24 16:15:15
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information,
National Vulnerability Database
CVE-2021-21618 (repository_connector)

2021-02-24 16:15:14
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
National Vulnerability Database
CVE-2021-21619 (claim)

2021-02-24 16:15:14
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users,
National Vulnerability Database
CVE-2021-21617 (configuration_slicing)

2021-02-24 16:15:14
A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations.
National Vulnerability Database
CVE-2020-28599 (openscad)

2021-02-24 16:15:14
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution.
National Vulnerability Database
CVE-2020-7846 (helpcom)

2021-02-24 16:15:14
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.
National Vulnerability Database
CVE-2021-21616 (active_choices)

2021-02-24 16:15:14
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
National Vulnerability Database
CVE-2021-3355 (lightcms)

2021-02-24 15:15:13
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
National Vulnerability Database
CVE-2021-27645 (glibc)

2021-02-24 15:15:13
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free,
National Vulnerability Database
CVE-2021-20662 (sv-cpt-mc310_firmware)

2021-02-24 12:15:23
Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.
National Vulnerability Database
CVE-2021-20660 (sv-cpt-mc310_firmware)

2021-02-24 12:15:23
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.
National Vulnerability Database
CVE-2021-20661 (sv-cpt-mc310_firmware)

2021-02-24 12:15:23
Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
National Vulnerability Database
CVE-2021-20657 (sv-cpt-mc310_firmware)

2021-02-24 12:15:22
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.
National Vulnerability Database
CVE-2021-20659 (sv-cpt-mc310_firmware)

2021-02-24 12:15:22
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.
National Vulnerability Database
CVE-2021-20656 (sv-cpt-mc310_firmware)

2021-02-24 12:15:22
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system,
National Vulnerability Database
CVE-2021-20658 (sv-cpt-mc310_firmware)

2021-02-24 12:15:22
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.
National Vulnerability Database