CVE List - 2021 / February
Showing 501 - 600 of 1455 CVEs for February 2021 (Page 6 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-17425 | 2021-02-09 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17426 | 2021-02-09 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17427 | 2021-02-09 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17428 | 2021-02-09 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17429 | 2021-02-09 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17430 | 2021-02-09 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17431 | 2021-02-09 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17432 | 2021-02-09 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17433 | 2021-02-09 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17434 | 2021-02-09 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17435 | 2021-02-09 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17436 | 2021-02-09 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-27855 | 2021-02-09 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-27856 | 2021-02-09 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-27857 | 2021-02-09 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2021-26675 | 2021-02-09 | A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. |
| CVE-2021-26676 | 2021-02-09 | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. |
| CVE-2021-25139 | 2021-02-09 | A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft... |
| CVE-2021-25140 | 2021-02-09 | A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft... |
| CVE-2021-25141 | 2021-02-09 | A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user... |
| CVE-2021-22663 | 2021-02-09 | Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability... |
| CVE-2020-35942 | 2021-02-09 | A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution... |
| CVE-2020-35943 | 2021-02-09 | A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a... |
| CVE-2020-35572 | 2021-02-09 | Adminer through 4.7.8 allows XSS via the history parameter to the default URI. |
| CVE-2020-16144 | 2021-02-09 | When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user... |
| CVE-2019-17582 | 2021-02-09 | A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states... |
| CVE-2021-3191 | 2021-02-09 | Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through... |
| CVE-2020-28644 | 2021-02-09 | The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6. |
| CVE-2021-22267 | 2021-02-09 | Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L)... |
| CVE-2020-28645 | 2021-02-09 | Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web... |
| CVE-2020-13117 | 2021-02-09 | Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request. |
| CVE-2020-18215 | 2021-02-09 | Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. |
| CVE-2021-26549 | 2021-02-09 | An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute... |
| CVE-2021-26550 | 2021-02-09 | An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml. |
| CVE-2021-26551 | 2021-02-09 | An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console... |
| CVE-2021-26937 | 2021-02-09 | encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted... |
| CVE-2020-22839 | 2021-02-09 | Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. |
| CVE-2021-21472 | 2021-02-09 | SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform... |
| CVE-2021-21475 | 2021-02-09 | Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to... |
| CVE-2021-21477 | 2021-02-09 | SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in... |
| CVE-2021-21474 | 2021-02-09 | SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance... |
| CVE-2021-21444 | 2021-02-09 | SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This... |
| CVE-2021-21476 | 2021-02-09 | SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. |
| CVE-2021-21478 | 2021-02-09 | SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. |
| CVE-2021-21479 | 2021-02-09 | In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. |
| CVE-2020-26191 | 2021-02-09 | Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC... |
| CVE-2020-26192 | 2021-02-09 | Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data,... |
| CVE-2020-26193 | 2021-02-09 | Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary... |
| CVE-2020-26194 | 2021-02-09 | Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges... |
| CVE-2020-26195 | 2021-02-09 | Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may... |
| CVE-2020-26196 | 2021-02-09 | Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data... |
| CVE-2021-21502 | 2021-02-09 | Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an... |
| CVE-2020-35125 | 2021-02-09 | A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also... |
| CVE-2021-26953 | 2021-02-09 | An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation. |
| CVE-2021-26956 | 2021-02-09 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type... |
| CVE-2021-26958 | 2021-02-09 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to... |
| CVE-2021-26957 | 2021-02-09 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32... |
| CVE-2021-26955 | 2021-02-09 | An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server. |
| CVE-2021-26954 | 2021-02-09 | An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop. |
| CVE-2021-26952 | 2021-02-09 | An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read. |
| CVE-2021-26951 | 2021-02-09 | An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized... |
| CVE-2020-13574 | 2021-02-10 | A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP... |
| CVE-2020-13576 | 2021-02-10 | A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an... |
| CVE-2020-13577 | 2021-02-10 | A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP... |
| CVE-2020-13578 | 2021-02-10 | A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP... |
| CVE-2020-28871 | 2021-02-10 | Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. |
| CVE-2020-36244 | 2021-02-10 | The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions... |
| CVE-2020-28870 | 2021-02-10 | In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php. |
| CVE-2021-20654 | 2021-02-10 | Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site. |
| CVE-2021-23878 | 2021-02-10 | Clear text storage of sensitive Information in ENS |
| CVE-2021-23880 | 2021-02-10 | Improper Access Control in the ENS installer |
| CVE-2021-23882 | 2021-02-10 | Improper Access Control in the ENS installer |
| CVE-2021-23883 | 2021-02-10 | Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) |
| CVE-2021-23873 | 2021-02-10 | McAfee Total Protection (MTP) privilege escalation vulnerability |
| CVE-2021-23876 | 2021-02-10 | McAfee Total Protection (MTP) Bypass Remote Procedure call vulnerability |
| CVE-2021-23874 | 2021-02-10 | McAfee Total Protection (MTP) privilege escalation vulnerability |
| CVE-2021-23881 | 2021-02-10 | Stored Cross Site Scripting in ENS |
| CVE-2020-29171 | 2021-02-10 | Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress. |
| CVE-2020-24837 | 2021-02-10 | An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be... |
| CVE-2020-24838 | 2021-02-10 | An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the... |
| CVE-2021-27135 | 2021-02-10 | xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. |
| CVE-2021-0340 | 2021-02-10 | In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2021-0339 | 2021-02-10 | In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation... |
| CVE-2021-0305 | 2021-02-10 | In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed.... |
| CVE-2021-0302 | 2021-02-10 | In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed.... |
| CVE-2021-0338 | 2021-02-10 | In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges... |
| CVE-2021-0337 | 2021-02-10 | In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is... |
| CVE-2021-0336 | 2021-02-10 | In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User... |
| CVE-2021-0335 | 2021-02-10 | In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2021-0334 | 2021-02-10 | In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with... |
| CVE-2021-0333 | 2021-02-10 | In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead... |
| CVE-2021-0332 | 2021-02-10 | In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User... |
| CVE-2021-0331 | 2021-02-10 | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution... |
| CVE-2021-0330 | 2021-02-10 | In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges... |
| CVE-2021-0314 | 2021-02-10 | In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege... |
| CVE-2021-0329 | 2021-02-10 | In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in... |
| CVE-2021-0341 | 2021-02-10 | In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with... |
| CVE-2021-0328 | 2021-02-10 | In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation... |
| CVE-2021-0327 | 2021-02-10 | In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-0326 | 2021-02-10 | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is... |