CVE List - 2021 / January
Showing 301 - 400 of 1514 CVEs for January 2021 (Page 4 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-16037 | 2021-01-08 | Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-16038 | 2021-01-08 | Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-16039 | 2021-01-08 | Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-16040 | 2021-01-08 | Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-16041 | 2021-01-08 | Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory... |
| CVE-2020-16042 | 2021-01-08 | Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2020-16043 | 2021-01-08 | Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. |
| CVE-2021-21106 | 2021-01-08 | Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted... |
| CVE-2021-21107 | 2021-01-08 | Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox... |
| CVE-2021-21108 | 2021-01-08 | Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted... |
| CVE-2021-21109 | 2021-01-08 | Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted... |
| CVE-2021-21110 | 2021-01-08 | Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2021-21111 | 2021-01-08 | Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via... |
| CVE-2021-21112 | 2021-01-08 | Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21113 | 2021-01-08 | Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21114 | 2021-01-08 | Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21115 | 2021-01-08 | User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a... |
| CVE-2021-21116 | 2021-01-08 | Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-25678 | 2021-01-08 | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for... |
| CVE-2020-26186 | 2021-01-08 | Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the... |
| CVE-2020-5017 | 2021-01-08 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653. |
| CVE-2020-5018 | 2021-01-08 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. |
| CVE-2020-5019 | 2021-01-08 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request,... |
| CVE-2020-5020 | 2021-01-08 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site,... |
| CVE-2020-5021 | 2021-01-08 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force... |
| CVE-2020-5022 | 2021-01-08 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access.... |
| CVE-2020-4487 | 2021-01-08 | IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in... |
| CVE-2020-4544 | 2021-01-08 | IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in... |
| CVE-2020-4691 | 2021-01-08 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2020-4697 | 2021-01-08 | IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2020-4733 | 2021-01-08 | IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2020-5146 | 2021-01-09 | A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier. |
| CVE-2020-5147 | 2021-01-09 | SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows... |
| CVE-2020-26298 | 2021-01-11 | Injection in Redcarpet |
| CVE-2020-35203 | 2021-01-11 | Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file... |
| CVE-2020-35206 | 2021-01-11 | Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file... |
| CVE-2020-35205 | 2021-01-11 | Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE:... |
| CVE-2020-35204 | 2021-01-11 | Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter.... |
| CVE-2020-35719 | 2021-01-11 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter.... |
| CVE-2020-35720 | 2021-01-11 | Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user... |
| CVE-2020-35721 | 2021-01-11 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter.... |
| CVE-2020-35722 | 2021-01-11 | CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only... |
| CVE-2020-35723 | 2021-01-11 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter.... |
| CVE-2020-35724 | 2021-01-11 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter... |
| CVE-2020-35725 | 2021-01-11 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter.... |
| CVE-2020-35726 | 2021-01-11 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter.... |
| CVE-2020-35727 | 2021-01-11 | Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter.... |
| CVE-2021-3116 | 2021-01-11 | before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or). |
| CVE-2021-3118 | 2021-01-11 | EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data... |
| CVE-2021-3121 | 2021-01-11 | An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. |
| CVE-2020-11995 | 2021-01-11 | Apache Dubbo default deserialization protocol Hessian2 cause CRE |
| CVE-2020-13922 | 2021-01-11 | Apache DolphinScheduler (incubating) Permission vulnerability |
| CVE-2020-17508 | 2021-01-11 | The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. |
| CVE-2020-17509 | 2021-01-11 | ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11... |
| CVE-2020-26800 | 2021-01-11 | A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service. |
| CVE-2020-23643 | 2021-01-11 | XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. |
| CVE-2020-23644 | 2021-01-11 | XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. |
| CVE-2020-23849 | 2021-01-11 | Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript. |
| CVE-2020-23630 | 2021-01-11 | A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). |
| CVE-2020-2508 | 2021-01-11 | Command Injection Vulnerability in QTS and QuTS hero |
| CVE-2020-35483 | 2021-01-11 | AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local... |
| CVE-2020-26118 | 2021-01-11 | In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly... |
| CVE-2020-27277 | 2021-01-11 | Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. |
| CVE-2020-27275 | 2021-01-11 | Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. |
| CVE-2020-24003 | 2021-01-11 | Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted... |
| CVE-2020-27287 | 2021-01-11 | Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. |
| CVE-2020-27291 | 2021-01-11 | Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. |
| CVE-2020-27289 | 2021-01-11 | Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. |
| CVE-2020-27293 | 2021-01-11 | Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code. |
| CVE-2018-9332 | 2021-01-11 | K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). |
| CVE-2020-17534 | 2021-01-11 | There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability... |
| CVE-2018-9333 | 2021-01-11 | K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. |
| CVE-2018-8724 | 2021-01-11 | K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. |
| CVE-2018-8725 | 2021-01-11 | K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. |
| CVE-2018-8726 | 2021-01-11 | K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. |
| CVE-2018-8044 | 2021-01-11 | K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys. |
| CVE-2020-25659 | 2021-01-11 | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. |
| CVE-2018-11006 | 2021-01-11 | An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. |
| CVE-2018-11008 | 2021-01-11 | An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. |
| CVE-2018-11009 | 2021-01-11 | A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. |
| CVE-2018-11007 | 2021-01-11 | A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. |
| CVE-2018-11005 | 2021-01-11 | A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. |
| CVE-2018-11010 | 2021-01-11 | A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. |
| CVE-2018-11246 | 2021-01-11 | K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak. |
| CVE-2021-23253 | 2021-01-11 | Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With... |
| CVE-2019-3405 | 2021-01-11 | In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data... |
| CVE-2020-23960 | 2021-01-11 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the... |
| CVE-2020-27281 | 2021-01-11 | A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code. |
| CVE-2020-35701 | 2021-01-11 | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can... |
| CVE-2020-4869 | 2021-01-11 | IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query... |
| CVE-2020-24025 | 2021-01-11 | Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. |
| CVE-2020-13559 | 2021-01-11 | A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious... |
| CVE-2020-23631 | 2021-01-11 | Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter. |
| CVE-2020-24027 | 2021-01-11 | In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute... |
| CVE-2021-0342 | 2021-01-11 | In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction... |
| CVE-2020-27059 | 2021-01-11 | In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no... |
| CVE-2021-21241 | 2021-01-11 | CSRF can expose users authentication token in Flask-Security-Too |
| CVE-2021-0306 | 2021-01-11 | In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead... |
| CVE-2021-0307 | 2021-01-11 | In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to... |
| CVE-2021-0308 | 2021-01-11 | In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |