CVE List - 2021 / January
Showing 401 - 500 of 1514 CVEs for January 2021 (Page 5 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-0309 | 2021-01-11 | In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for... |
| CVE-2021-0322 | 2021-01-11 | In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction... |
| CVE-2021-0304 | 2021-01-11 | In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution... |
| CVE-2021-0321 | 2021-01-11 | In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determine if a package is installed due to side channel information disclosure. This could lead to local information disclosure with... |
| CVE-2021-0319 | 2021-01-11 | In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local... |
| CVE-2021-0318 | 2021-01-11 | In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0317 | 2021-01-11 | In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0316 | 2021-01-11 | In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional... |
| CVE-2020-0471 | 2021-01-11 | In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege... |
| CVE-2021-0315 | 2021-01-11 | In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to... |
| CVE-2021-0320 | 2021-01-11 | In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure... |
| CVE-2021-0310 | 2021-01-11 | In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0311 | 2021-01-11 | In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2021-0303 | 2021-01-11 | In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User... |
| CVE-2021-0312 | 2021-01-11 | In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2021-0313 | 2021-01-11 | In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no... |
| CVE-2021-0301 | 2021-01-11 | In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2020-27637 | 2021-01-12 | The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD... |
| CVE-2020-28391 | 2021-01-12 | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0),... |
| CVE-2020-28395 | 2021-01-12 | A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do... |
| CVE-2021-23239 | 2021-01-12 | The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by... |
| CVE-2020-16146 | 2021-01-12 | Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in... |
| CVE-2020-26050 | 2021-01-12 | SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572. |
| CVE-2020-24700 | 2021-01-12 | OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. |
| CVE-2020-24701 | 2021-01-12 | OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI). |
| CVE-2020-35653 | 2021-01-12 | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
| CVE-2020-35654 | 2021-01-12 | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. |
| CVE-2020-35655 | 2021-01-12 | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. |
| CVE-2021-23240 | 2021-01-12 | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary... |
| CVE-2021-3129 | 2021-01-12 | Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on... |
| CVE-2020-26712 | 2021-01-12 | REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is... |
| CVE-2020-26713 | 2021-01-12 | REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to... |
| CVE-2021-21471 | 2021-01-12 | In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact... |
| CVE-2020-35458 | 2021-01-12 | An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine... |
| CVE-2020-14341 | 2021-01-12 | The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts... |
| CVE-2020-14275 | 2021-01-12 | Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative... |
| CVE-2020-14274 | 2021-01-12 | Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. |
| CVE-2020-35459 | 2021-01-12 | An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to... |
| CVE-2020-25657 | 2021-01-12 | A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1... |
| CVE-2021-21459 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21460 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21452 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21455 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21451 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21464 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21454 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21453 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21450 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21458 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21449 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21446 | 2021-01-12 | SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the... |
| CVE-2021-21461 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21448 | 2021-01-12 | SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker... |
| CVE-2021-21456 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21457 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21447 | 2021-01-12 | SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be... |
| CVE-2021-21462 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21468 | 2021-01-12 | The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. |
| CVE-2021-21465 | 2021-01-12 | The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the... |
| CVE-2021-21470 | 2021-01-12 | SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious... |
| CVE-2021-21467 | 2021-01-12 | SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business... |
| CVE-2021-21463 | 2021-01-12 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2021-21445 | 2021-01-12 | SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation,... |
| CVE-2021-21466 | 2021-01-12 | SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote... |
| CVE-2021-21469 | 2021-01-12 | When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom... |
| CVE-2020-4673 | 2021-01-12 | IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286. |
| CVE-2020-4674 | 2021-01-12 | IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. |
| CVE-2020-4838 | 2021-01-12 | IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-27148 | 2021-01-12 | TIBCO EBX EXML External Entity |
| CVE-2020-13116 | 2021-01-12 | OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation. |
| CVE-2021-3133 | 2021-01-12 | The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. |
| CVE-2021-3134 | 2021-01-12 | Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878. |
| CVE-2020-4079 | 2021-01-12 | Information disclosure vulnerability in iTop |
| CVE-2020-36190 | 2021-01-12 | RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms. |
| CVE-2021-1636 | 2021-01-12 | Microsoft SQL Elevation of Privilege Vulnerability |
| CVE-2021-1637 | 2021-01-12 | Windows DNS Query Information Disclosure Vulnerability |
| CVE-2021-1638 | 2021-01-12 | Windows Bluetooth Security Feature Bypass Vulnerability |
| CVE-2021-1641 | 2021-01-12 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-1642 | 2021-01-12 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
| CVE-2021-1643 | 2021-01-12 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2021-1644 | 2021-01-12 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2021-1645 | 2021-01-12 | Windows Docker Information Disclosure Vulnerability |
| CVE-2021-1646 | 2021-01-12 | Windows WLAN Service Elevation of Privilege Vulnerability |
| CVE-2021-1648 | 2021-01-12 | Microsoft splwow64 Elevation of Privilege Vulnerability |
| CVE-2021-1647 | 2021-01-12 | Microsoft Defender Remote Code Execution Vulnerability |
| CVE-2021-1649 | 2021-01-12 | Active Template Library Elevation of Privilege Vulnerability |
| CVE-2021-1650 | 2021-01-12 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability |
| CVE-2021-1651 | 2021-01-12 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| CVE-2021-1652 | 2021-01-12 | Windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2021-1653 | 2021-01-12 | Windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2021-1654 | 2021-01-12 | Windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2021-1655 | 2021-01-12 | Windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2021-1656 | 2021-01-12 | TPM Device Driver Information Disclosure Vulnerability |
| CVE-2021-1657 | 2021-01-12 | Windows Fax Compose Form Remote Code Execution Vulnerability |
| CVE-2021-1658 | 2021-01-12 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-1659 | 2021-01-12 | Windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2021-1660 | 2021-01-12 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-1661 | 2021-01-12 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2021-1662 | 2021-01-12 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-1663 | 2021-01-12 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability |