CVE List - 2021 / February
Showing 601 - 700 of 1455 CVEs for February 2021 (Page 7 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-0325 | 2021-02-10 | In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges... |
| CVE-2020-13546 | 2021-02-10 | In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon... |
| CVE-2020-5023 | 2021-02-10 | IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force... |
| CVE-2021-20353 | 2021-02-10 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability... |
| CVE-2021-3033 | 2021-02-10 | Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console |
| CVE-2021-26936 | 2021-02-10 | The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged... |
| CVE-2021-26938 | 2021-02-10 | A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17... |
| CVE-2021-26939 | 2021-02-10 | An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem |
| CVE-2020-26299 | 2021-02-10 | File System Bounds Escape |
| CVE-2021-27179 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a... |
| CVE-2021-27178 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram. |
| CVE-2021-27177 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server. |
| CVE-2021-27176 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions. |
| CVE-2021-27175 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions. |
| CVE-2021-27174 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions. |
| CVE-2021-27173 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow... |
| CVE-2021-27172 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh. |
| CVE-2021-27171 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of... |
| CVE-2021-27170 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. |
| CVE-2021-27169 | 2021-02-10 | An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account. |
| CVE-2021-27168 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account. |
| CVE-2021-27167 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so. |
| CVE-2021-27166 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon. |
| CVE-2021-27165 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials. |
| CVE-2021-27164 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP. |
| CVE-2021-27163 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP. |
| CVE-2021-27162 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP. |
| CVE-2021-27161 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP. |
| CVE-2021-27160 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP. |
| CVE-2021-27159 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP. |
| CVE-2021-27158 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP. |
| CVE-2021-27157 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP. |
| CVE-2021-27156 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0... |
| CVE-2021-27155 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP. |
| CVE-2021-27154 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP. |
| CVE-2021-27153 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP. |
| CVE-2021-27152 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP. |
| CVE-2021-27151 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP. |
| CVE-2021-27150 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP. |
| CVE-2021-27149 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP. |
| CVE-2021-27148 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP. |
| CVE-2021-27147 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP. |
| CVE-2021-27146 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP. |
| CVE-2021-27145 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP. |
| CVE-2021-27144 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. |
| CVE-2021-27143 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP. |
| CVE-2021-27142 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions. |
| CVE-2021-27141 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR... |
| CVE-2021-27140 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs. |
| CVE-2021-27139 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp. |
| CVE-2020-7021 | 2021-02-10 | Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as... |
| CVE-2021-22133 | 2021-02-10 | The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive... |
| CVE-2020-13548 | 2021-02-10 | In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user... |
| CVE-2020-16120 | 2021-02-10 | Unprivileged overlay + shiftfs read access |
| CVE-2020-13565 | 2021-02-10 | An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users... |
| CVE-2021-21296 | 2021-02-10 | Denial-of-service in Fleet |
| CVE-2020-13575 | 2021-02-10 | A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP... |
| CVE-2021-27185 | 2021-02-10 | The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec. |
| CVE-2020-8355 | 2021-02-10 | An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed... |
| CVE-2021-27186 | 2021-02-10 | Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. |
| CVE-2020-13581 | 2021-02-10 | In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer... |
| CVE-2020-13583 | 2021-02-10 | A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP... |
| CVE-2020-27250 | 2021-02-10 | In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized... |
| CVE-2020-13585 | 2021-02-10 | An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a... |
| CVE-2020-13571 | 2021-02-10 | An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a... |
| CVE-2020-13561 | 2021-02-10 | An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file... |
| CVE-2020-13572 | 2021-02-10 | A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which... |
| CVE-2020-28596 | 2021-02-10 | A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An... |
| CVE-2020-28595 | 2021-02-10 | An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An... |
| CVE-2020-24842 | 2021-02-10 | PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser. |
| CVE-2021-25251 | 2021-02-10 | The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and... |
| CVE-2020-27870 | 2021-02-10 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx.... |
| CVE-2020-27871 | 2021-02-10 | This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can... |
| CVE-2020-27874 | 2021-02-10 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-35498 | 2021-02-11 | A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow... |
| CVE-2021-27184 | 2021-02-11 | Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node... |
| CVE-2021-20335 | 2021-02-11 | SSL may be unexpectedly disabled during upgrade of multiple-server MongoDB Ops Manager |
| CVE-2021-23335 | 2021-02-11 | LDAP Injection |
| CVE-2020-8031 | 2021-02-11 | obs: Stored XSS |
| CVE-2020-13185 | 2021-02-11 | Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker... |
| CVE-2020-13186 | 2021-02-11 | An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a... |
| CVE-2021-25690 | 2021-02-11 | A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software. |
| CVE-2021-25689 | 2021-02-11 | An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code. |
| CVE-2021-25688 | 2021-02-11 | Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in... |
| CVE-2020-1717 | 2021-02-11 | A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack. |
| CVE-2020-10734 | 2021-02-11 | A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on... |
| CVE-2021-20188 | 2021-02-11 | A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged... |
| CVE-2020-8029 | 2021-02-11 | skuba: Insecure handling of private key |
| CVE-2020-8030 | 2021-02-11 | skuba: Insecure /tmp usage when joining node to cluster |
| CVE-2021-22654 | 2021-02-11 | Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. |
| CVE-2021-22658 | 2021-02-11 | Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. |
| CVE-2021-22656 | 2021-02-11 | Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. |
| CVE-2021-22652 | 2021-02-11 | Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. |
| CVE-2020-8027 | 2021-02-11 | openldap uses fixed paths in /tmp |
| CVE-2021-22880 | 2021-02-11 | The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the... |
| CVE-2021-22881 | 2021-02-11 | The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the... |
| CVE-2021-27191 | 2021-02-11 | The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1)... |
| CVE-2020-4768 | 2021-02-11 | IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in... |
| CVE-2021-20402 | 2021-02-11 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information... |
| CVE-2021-20403 | 2021-02-11 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that... |