CVE List - 2021 / January
Showing 1101 - 1200 of 1514 CVEs for January 2021 (Page 12 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-1278 | 2021-01-20 | Cisco SD-WAN Denial of Service Vulnerabilities |
| CVE-2021-1277 | 2021-01-20 | Cisco Data Center Network Manager Certificate Validation Vulnerabilities |
| CVE-2021-1276 | 2021-01-20 | Cisco Data Center Network Manager Certificate Validation Vulnerabilities |
| CVE-2021-1274 | 2021-01-20 | Cisco SD-WAN Denial of Service Vulnerabilities |
| CVE-2021-1272 | 2021-01-20 | Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability |
| CVE-2021-1273 | 2021-01-20 | Cisco SD-WAN Denial of Service Vulnerabilities |
| CVE-2021-1271 | 2021-01-20 | Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability |
| CVE-2021-1270 | 2021-01-20 | Cisco Data Center Network Manager Authorization Bypass Vulnerabilities |
| CVE-2021-1269 | 2021-01-20 | Cisco Data Center Network Manager Authorization Bypass Vulnerabilities |
| CVE-2021-1265 | 2021-01-20 | Cisco DNA Center Information Disclosure Vulnerability |
| CVE-2021-1264 | 2021-01-20 | Cisco DNA Center Command Runner Command Injection Vulnerability |
| CVE-2021-1263 | 2021-01-20 | Cisco SD-WAN Command Injection Vulnerabilities |
| CVE-2021-1262 | 2021-01-20 | Cisco SD-WAN Command Injection Vulnerabilities |
| CVE-2021-1261 | 2021-01-20 | Cisco SD-WAN Command Injection Vulnerabilities |
| CVE-2021-1260 | 2021-01-20 | Cisco SD-WAN Command Injection Vulnerabilities |
| CVE-2021-1259 | 2021-01-20 | Cisco SD-WAN vManage Software Path Traversal Vulnerability |
| CVE-2021-1257 | 2021-01-20 | Cisco DNA Center Cross-Site Request Forgery Vulnerability |
| CVE-2021-1255 | 2021-01-20 | Cisco Data Center Network Manager REST API Vulnerabilities |
| CVE-2021-1364 | 2021-01-20 | Cisco Unified Communications Products Vulnerabilities |
| CVE-2021-1357 | 2021-01-20 | Cisco Unified Communications Products Vulnerabilities |
| CVE-2021-1355 | 2021-01-20 | Cisco Unified Communications Products Vulnerabilities |
| CVE-2021-1353 | 2021-01-20 | Cisco StarOS IPv4 Denial of Service Vulnerability |
| CVE-2021-1350 | 2021-01-20 | Cisco Umbrella Dashboard Packet Flood Vulnerability |
| CVE-2021-1349 | 2021-01-20 | Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability |
| CVE-2021-1312 | 2021-01-20 | Cisco Elastic Services Controller Denial of Service Vulnerability |
| CVE-2021-1305 | 2021-01-20 | Cisco SD-WAN vManage Authorization Bypass Vulnerabilities |
| CVE-2021-1253 | 2021-01-20 | Cisco Data Center Network Manager Vulnerabilities |
| CVE-2021-1233 | 2021-01-20 | Cisco SD-WAN Information Disclosure Vulnerability |
| CVE-2021-1235 | 2021-01-20 | Cisco SD-WAN vManage Information Disclosure Vulnerability |
| CVE-2021-1241 | 2021-01-20 | Cisco SD-WAN Denial of Service Vulnerabilities |
| CVE-2021-1247 | 2021-01-20 | Cisco Data Center Network Manager SQL Injection Vulnerabilities |
| CVE-2021-1248 | 2021-01-20 | Cisco Data Center Network Manager SQL Injection Vulnerabilities |
| CVE-2021-1249 | 2021-01-20 | Cisco Data Center Network Manager Vulnerabilities |
| CVE-2021-1250 | 2021-01-20 | Cisco Data Center Network Manager Vulnerabilities |
| CVE-2021-1225 | 2021-01-20 | Cisco SD-WAN vManage SQL Injection Vulnerabilities |
| CVE-2021-1222 | 2021-01-20 | Cisco Smart Software Manager Satellite SQL Injection Vulnerability |
| CVE-2021-1219 | 2021-01-20 | Cisco Smart Software Manager Satellite Static Credential Vulnerability |
| CVE-2021-1218 | 2021-01-20 | Cisco Smart Software Manager Satellite Open Redirect Vulnerability |
| CVE-2021-1142 | 2021-01-20 | Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities |
| CVE-2021-1141 | 2021-01-20 | Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities |
| CVE-2021-1140 | 2021-01-20 | Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities |
| CVE-2021-1139 | 2021-01-20 | Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities |
| CVE-2021-1138 | 2021-01-20 | Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities |
| CVE-2021-1135 | 2021-01-20 | Cisco Data Center Network Manager REST API Vulnerabilities |
| CVE-2020-24085 | 2021-01-20 | A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript... |
| CVE-2020-26252 | 2021-01-20 | Layout XML RCE Vulnerability in OpenMage |
| CVE-2020-26278 | 2021-01-20 | Weave Net Pods running in host PID namespace can be used to escalate other Kubernetes vulnerabilities |
| CVE-2021-1067 | 2021-01-20 | NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration... |
| CVE-2021-1068 | 2021-01-20 | NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is... |
| CVE-2021-1069 | 2021-01-20 | NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss. |
| CVE-2020-27735 | 2021-01-20 | An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed)... |
| CVE-2020-24549 | 2021-01-20 | openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server. |
| CVE-2020-35239 | 2021-01-20 | A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string... |
| CVE-2020-27583 | 2021-01-21 | IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are... |
| CVE-2020-27221 | 2021-01-21 | In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to... |
| CVE-2021-3164 | 2021-01-21 | ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a... |
| CVE-2021-3188 | 2021-01-21 | phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. |
| CVE-2021-3190 | 2021-01-21 | The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. |
| CVE-2021-3195 | 2021-01-21 | bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not... |
| CVE-2020-11119 | 2021-01-21 | Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics... |
| CVE-2020-11136 | 2021-01-21 | Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2020-11137 | 2021-01-21 | Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon... |
| CVE-2020-11138 | 2021-01-21 | Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2020-11139 | 2021-01-21 | Out of bound memory access while processing frames due to lack of check of invalid frames received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-11140 | 2021-01-21 | Out of bound memory access during music playback with ALAC modified content due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-11143 | 2021-01-21 | Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2020-11144 | 2021-01-21 | Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of size of compresses packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... |
| CVE-2020-11145 | 2021-01-21 | Divide by zero issue can happen while updating delta extension header due to improper validation of master SN and extension header SN in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon... |
| CVE-2020-11146 | 2021-01-21 | Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2020-11148 | 2021-01-21 | Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is... |
| CVE-2020-11149 | 2021-01-21 | Out of bound access due to usage of an out-of-range pointer offset in the camera driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-11150 | 2021-01-21 | Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute,... |
| CVE-2020-11151 | 2021-01-21 | Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial... |
| CVE-2020-11152 | 2021-01-21 | Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2020-11167 | 2021-01-21 | Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-11179 | 2021-01-21 | Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2020-11180 | 2021-01-21 | Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2020-11181 | 2021-01-21 | Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2020-11183 | 2021-01-21 | A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2020-11185 | 2021-01-21 | Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer... |
| CVE-2020-11197 | 2021-01-21 | Possible integer overflow can occur when stream info update is called when total number of streams detected are zero while parsing TS clip with invalid data in Snapdragon Auto, Snapdragon... |
| CVE-2020-11200 | 2021-01-21 | Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2020-11212 | 2021-01-21 | Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2020-11213 | 2021-01-21 | Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,... |
| CVE-2020-11214 | 2021-01-21 | Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute,... |
| CVE-2020-11215 | 2021-01-21 | An out of bounds read can happen when processing VSA attribute due to improper minimum required length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2020-11216 | 2021-01-21 | Buffer over read can happen in video driver when playing clip with atomsize having value UINT32_MAX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-11217 | 2021-01-21 | A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2020-11225 | 2021-01-21 | Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,... |
| CVE-2020-3685 | 2021-01-21 | Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2020-3686 | 2021-01-21 | Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute,... |
| CVE-2020-3687 | 2021-01-21 | Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue. |
| CVE-2020-3691 | 2021-01-21 | Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-26285 | 2021-01-21 | Widget instances allows a hacker to inject an executable file on the server on OpenMage |
| CVE-2020-26295 | 2021-01-21 | CMS Editor code execution |
| CVE-2020-4958 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID:... |
| CVE-2020-4966 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending... |
| CVE-2020-4968 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427. |
| CVE-2020-4969 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could... |
| CVE-2021-21239 | 2021-01-21 | Open default xmlsec1 key-type preference |