CVE List - 2021 / February
Showing 1301 - 1400 of 1455 CVEs for February 2021 (Page 14 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-23534 | 2021-02-25 | A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. |
| CVE-2020-27543 | 2021-02-25 | The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception. |
| CVE-2021-20327 | 2021-02-25 | MongoDB Node.js client side field level encryption library may not be validating KMS certificate |
| CVE-2021-20328 | 2021-02-25 | MongoDB Java driver client-side field level encryption not verifying KMS host name |
| CVE-2021-20203 | 2021-02-25 | An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values... |
| CVE-2021-3406 | 2021-02-25 | A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to... |
| CVE-2020-17162 | 2021-02-25 | Microsoft Windows Security Feature Bypass Vulnerability |
| CVE-2021-1639 | 2021-02-25 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2021-1698 | 2021-02-25 | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2021-1721 | 2021-02-25 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2021-1722 | 2021-02-25 | Windows Fax Service Remote Code Execution Vulnerability |
| CVE-2021-1724 | 2021-02-25 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
| CVE-2021-1726 | 2021-02-25 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-1727 | 2021-02-25 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2021-1728 | 2021-02-25 | System Center Operations Manager Elevation of Privilege Vulnerability |
| CVE-2021-1730 | 2021-02-25 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2021-1731 | 2021-02-25 | PFX Encryption Security Feature Bypass Vulnerability |
| CVE-2021-1732 | 2021-02-25 | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2021-1733 | 2021-02-25 | Sysinternals PsExec Elevation of Privilege Vulnerability |
| CVE-2021-1734 | 2021-02-25 | Windows Remote Procedure Call Information Disclosure Vulnerability |
| CVE-2021-24066 | 2021-02-25 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2021-24067 | 2021-02-25 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-24068 | 2021-02-25 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-24069 | 2021-02-25 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-24070 | 2021-02-25 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-24071 | 2021-02-25 | Microsoft SharePoint Information Disclosure Vulnerability |
| CVE-2021-24072 | 2021-02-25 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2021-24073 | 2021-02-25 | Skype for Business and Lync Spoofing Vulnerability |
| CVE-2021-24074 | 2021-02-25 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2021-24075 | 2021-02-25 | Microsoft Windows VMSwitch Denial of Service Vulnerability |
| CVE-2021-24076 | 2021-02-25 | Microsoft Windows VMSwitch Information Disclosure Vulnerability |
| CVE-2021-24077 | 2021-02-25 | Windows Fax Service Remote Code Execution Vulnerability |
| CVE-2021-24078 | 2021-02-25 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2021-24079 | 2021-02-25 | Windows Backup Engine Information Disclosure Vulnerability |
| CVE-2021-24080 | 2021-02-25 | Windows Trust Verification API Denial of Service Vulnerability |
| CVE-2021-24081 | 2021-02-25 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| CVE-2021-24082 | 2021-02-25 | Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability |
| CVE-2021-24083 | 2021-02-25 | Windows Address Book Remote Code Execution Vulnerability |
| CVE-2021-24084 | 2021-02-25 | Windows Mobile Device Management Information Disclosure Vulnerability |
| CVE-2021-24085 | 2021-02-25 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2021-24086 | 2021-02-25 | Windows TCP/IP Denial of Service Vulnerability |
| CVE-2021-24087 | 2021-02-25 | Azure IoT CLI extension Elevation of Privilege Vulnerability |
| CVE-2021-24088 | 2021-02-25 | Windows Local Spooler Remote Code Execution Vulnerability |
| CVE-2021-24091 | 2021-02-25 | Windows Camera Codec Pack Remote Code Execution Vulnerability |
| CVE-2021-24092 | 2021-02-25 | Microsoft Defender Elevation of Privilege Vulnerability |
| CVE-2021-24093 | 2021-02-25 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2021-24094 | 2021-02-25 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2021-24096 | 2021-02-25 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2021-24098 | 2021-02-25 | Windows Console Driver Denial of Service Vulnerability |
| CVE-2021-24099 | 2021-02-25 | Skype for Business and Lync Denial of Service Vulnerability |
| CVE-2021-24100 | 2021-02-25 | Microsoft Edge for Android Information Disclosure Vulnerability |
| CVE-2021-24101 | 2021-02-25 | Microsoft Dataverse Information Disclosure Vulnerability |
| CVE-2021-24102 | 2021-02-25 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-24103 | 2021-02-25 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-24105 | 2021-02-25 | Package Managers Configurations Remote Code Execution Vulnerability |
| CVE-2021-24106 | 2021-02-25 | Windows DirectX Information Disclosure Vulnerability |
| CVE-2021-24109 | 2021-02-25 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability |
| CVE-2021-24111 | 2021-02-25 | .NET Framework Denial of Service Vulnerability |
| CVE-2021-24112 | 2021-02-25 | .NET Core Remote Code Execution Vulnerability |
| CVE-2021-24113 | 2021-02-25 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2021-24114 | 2021-02-25 | Microsoft Teams iOS Information Disclosure Vulnerability |
| CVE-2021-25195 | 2021-02-25 | Windows PKU2U Elevation of Privilege Vulnerability |
| CVE-2021-26700 | 2021-02-25 | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability |
| CVE-2021-26701 | 2021-02-25 | .NET Core Remote Code Execution Vulnerability |
| CVE-2020-27618 | 2021-02-26 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails... |
| CVE-2021-21328 | 2021-02-26 | Denial of Service |
| CVE-2021-23976 | 2021-02-26 | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used... |
| CVE-2021-23975 | 2021-02-26 | The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof... |
| CVE-2021-23974 | 2021-02-26 | The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. |
| CVE-2021-23973 | 2021-02-26 | When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource.... |
| CVE-2021-23972 | 2021-02-26 | One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however,... |
| CVE-2021-23971 | 2021-02-26 | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being... |
| CVE-2021-23970 | 2021-02-26 | Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. |
| CVE-2021-23969 | 2021-02-26 | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page,... |
| CVE-2021-23968 | 2021-02-26 | If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI.... |
| CVE-2021-23962 | 2021-02-26 | Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. |
| CVE-2021-23961 | 2021-02-26 | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local... |
| CVE-2021-23960 | 2021-02-26 | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. |
| CVE-2021-23959 | 2021-02-26 | An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android.... |
| CVE-2021-23958 | 2021-02-26 | The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. |
| CVE-2021-23957 | 2021-02-26 | Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability... |
| CVE-2021-23956 | 2021-02-26 | An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new... |
| CVE-2021-23955 | 2021-02-26 | The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. |
| CVE-2021-23954 | 2021-02-26 | Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects... |
| CVE-2021-23953 | 2021-02-26 | If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects... |
| CVE-2021-23963 | 2021-02-26 | When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission.... |
| CVE-2021-23977 | 2021-02-26 | Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other... |
| CVE-2021-21330 | 2021-02-26 | Open redirect vulnerability in aiohttp |
| CVE-2021-21724 | 2021-02-26 | A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical... |
| CVE-2020-24455 | 2021-02-26 | Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and... |
| CVE-2019-18946 | 2021-02-26 | Session fixation |
| CVE-2019-18947 | 2021-02-26 | information disclosure |
| CVE-2019-18945 | 2021-02-26 | privilege escalation |
| CVE-2019-18944 | 2021-02-26 | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. |
| CVE-2019-18942 | 2021-02-26 | Stored cross site scripting |
| CVE-2019-18943 | 2021-02-26 | XML External Entity processing |
| CVE-2020-26200 | 2021-02-26 | A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and... |
| CVE-2021-3010 | 2021-02-26 | There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting... |
| CVE-2021-26904 | 2021-02-26 | LMA ISIDA Retriever 5.2 allows SQL Injection. |
| CVE-2021-26903 | 2021-02-26 | LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. |