CVE List - 2021 / January
Showing 601 - 700 of 1514 CVEs for January 2021 (Page 7 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-5685 | 2021-01-13 | UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a... |
| CVE-2020-5686 | 2021-01-13 | Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature... |
| CVE-2021-20616 | 2021-01-13 | Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2021-3139 | 2021-01-13 | In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in... |
| CVE-2021-3131 | 2021-01-13 | The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter. |
| CVE-2021-23899 | 2021-01-13 | OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents. |
| CVE-2021-23900 | 2021-01-13 | OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to... |
| CVE-2021-21602 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. |
| CVE-2021-21603 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. |
| CVE-2021-21604 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the... |
| CVE-2021-21605 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. |
| CVE-2021-21606 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence... |
| CVE-2021-21607 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory... |
| CVE-2021-21608 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability... |
| CVE-2021-21609 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs... |
| CVE-2021-21610 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a... |
| CVE-2021-21611 | 2021-01-13 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting... |
| CVE-2021-21612 | 2021-01-13 | Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the... |
| CVE-2021-21613 | 2021-01-13 | Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content. |
| CVE-2021-21614 | 2021-01-13 | Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to... |
| CVE-2021-3028 | 2021-01-13 | git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution. |
| CVE-2020-15218 | 2021-01-13 | Admin pages are cached and can be embedded |
| CVE-2020-35687 | 2021-01-13 | PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim. |
| CVE-2020-15219 | 2021-01-13 | SQL query displayed on portal error |
| CVE-2020-15220 | 2021-01-13 | Session fixation |
| CVE-2020-15221 | 2021-01-13 | XSS in the breadcrumbs |
| CVE-2019-4160 | 2021-01-13 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577. |
| CVE-2019-4687 | 2021-01-13 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs,... |
| CVE-2019-4702 | 2021-01-13 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CVE-2020-23653 | 2021-01-13 | An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. |
| CVE-2021-3031 | 2021-01-13 | PAN-OS: Information exposure in Ethernet data frame construction (Etherleak) |
| CVE-2021-3032 | 2021-01-13 | PAN-OS: Configuration secrets for log forwarding may be logged in system logs |
| CVE-2020-4594 | 2021-01-13 | IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800. |
| CVE-2020-4595 | 2021-01-13 | IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819. |
| CVE-2020-4596 | 2021-01-13 | IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812. |
| CVE-2020-4597 | 2021-01-13 | IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http://... |
| CVE-2020-4599 | 2021-01-13 | IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used... |
| CVE-2020-4600 | 2021-01-13 | IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used... |
| CVE-2020-4602 | 2021-01-13 | IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836. |
| CVE-2020-4604 | 2021-01-13 | IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861. |
| CVE-2020-26262 | 2021-01-13 | Loopback bypass in Coturn |
| CVE-2020-9144 | 2021-01-13 | There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a... |
| CVE-2020-27488 | 2021-01-13 | Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or... |
| CVE-2020-9145 | 2021-01-13 | There is an Out-of-bounds Write vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability may cause out-of-bounds access to the physical memory. |
| CVE-2020-35578 | 2021-01-13 | An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user... |
| CVE-2021-1189 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1200 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1201 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1202 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1203 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1204 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1205 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1206 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1207 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1208 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1209 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1210 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1211 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1212 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1213 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1214 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1215 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1216 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1217 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1223 | 2021-01-13 | Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability |
| CVE-2021-1224 | 2021-01-13 | Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability |
| CVE-2021-1226 | 2021-01-13 | Cisco Unified Communications Products Information Disclosure Vulnerability |
| CVE-2021-1236 | 2021-01-13 | Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability |
| CVE-2021-1237 | 2021-01-13 | Cisco AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability |
| CVE-2021-1238 | 2021-01-13 | Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1239 | 2021-01-13 | Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerabilities |
| CVE-2021-1240 | 2021-01-13 | Cisco Proximity Desktop for Windows DLL Hijacking Vulnerability |
| CVE-2021-1242 | 2021-01-13 | Cisco Webex Teams Shared File Manipulation Vulnerability |
| CVE-2021-1246 | 2021-01-13 | Cisco Finesse OpenSocial Gadget Editor Unauthenticated Access Vulnerability |
| CVE-2021-1245 | 2021-01-13 | Cisco Finesse OpenSocial Gadget Editor Cross-Site Scripting Vulnerability |
| CVE-2021-1258 | 2021-01-13 | Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability |
| CVE-2021-1143 | 2021-01-13 | Cisco Connected Mobile Experiences User Enumeration Vulnerability |
| CVE-2021-1131 | 2021-01-13 | Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Denial of Service Vulnerability |
| CVE-2021-1130 | 2021-01-13 | Cisco DNA Center Cross-Site Scripting Vulnerability |
| CVE-2021-1127 | 2021-01-13 | Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability |
| CVE-2021-1126 | 2021-01-13 | Cisco Firepower Management Center Information Disclosure Vulnerability |
| CVE-2021-1177 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1178 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1179 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1180 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1181 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1182 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1183 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1184 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1185 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1186 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1187 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1188 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1190 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1191 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1192 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1193 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1194 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1195 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1196 | 2021-01-13 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |