CVE List - 2021 / February
Showing 701 - 800 of 1455 CVEs for February 2021 (Page 8 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-20404 | 2021-02-11 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent... |
| CVE-2021-20405 | 2021-02-11 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183. |
| CVE-2020-25493 | 2021-02-11 | Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with... |
| CVE-2021-21299 | 2021-02-11 | Multiple Transfer-Encoding headers misinterprets request payload |
| CVE-2021-21301 | 2021-02-11 | Video feed was captured while user has disabled video |
| CVE-2021-21307 | 2021-02-11 | Remote Code Exploit in Lucee Admin |
| CVE-2021-21031 | 2021-02-11 | Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access |
| CVE-2021-21027 | 2021-02-11 | Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification |
| CVE-2021-21030 | 2021-02-11 | Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution |
| CVE-2021-21022 | 2021-02-11 | Magento Commerce Incorrect permissions Could Lead To Unauthorized Access |
| CVE-2021-21023 | 2021-02-11 | Magento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21026 | 2021-02-11 | Magento Commerce Incorrect permissions Could Lead To Unauthorized Access |
| CVE-2021-21024 | 2021-02-11 | Magento Commerce Blind SQL Injection Could Lead To Unauthorized Access |
| CVE-2021-21020 | 2021-02-11 | Magento Commerce Improper Access Control Vulnerability |
| CVE-2021-21019 | 2021-02-11 | Magento Commerce XML Injection Could Lead To Remote Code Execution |
| CVE-2021-21015 | 2021-02-11 | Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution |
| CVE-2021-21029 | 2021-02-11 | Magento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution |
| CVE-2021-21032 | 2021-02-11 | Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access |
| CVE-2021-21018 | 2021-02-11 | Magnto Commerce Unauthorized Data Modification Could Lead To Arbitrary Code Execution |
| CVE-2021-21025 | 2021-02-11 | Magento Commerce XML Injection Could Lead To Arbitrary Code Execution |
| CVE-2021-21016 | 2021-02-11 | Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution |
| CVE-2021-21060 | 2021-02-11 | Acrobat Pro DC Improper File Parsing Could Lead to Information Disclosure |
| CVE-2021-21042 | 2021-02-11 | Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-21017 | 2021-02-11 | Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21045 | 2021-02-11 | Acrobat Reader DC Improper Installer Access Control Vulnerability Could Lead To Privilege Escalation |
| CVE-2021-21061 | 2021-02-11 | Acrobat Pro DC Use-After-Free Vulnerability Could Lead to Information Disclosure |
| CVE-2021-21044 | 2021-02-11 | Acrobat Reader DC Out-Of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21046 | 2021-02-11 | Acrobat Reader DC Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21057 | 2021-02-11 | Acrobat Reader DC Invalid Memory Read Due To An Uninitialized Pointer |
| CVE-2021-21037 | 2021-02-11 | Acrobat Reader DC Path Traversal Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21028 | 2021-02-11 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21040 | 2021-02-11 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21038 | 2021-02-11 | Acrobat Reader DC Out-Of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21035 | 2021-02-11 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21021 | 2021-02-11 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21033 | 2021-02-11 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21041 | 2021-02-11 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21039 | 2021-02-11 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21034 | 2021-02-11 | Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-21036 | 2021-02-11 | Acrobat Reader DC Integer Overflow Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21058 | 2021-02-11 | Acrobat Reader DC Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2021-21059 | 2021-02-11 | Acrobat Reader DC Buffer Overflow Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2021-21062 | 2021-02-11 | Acrobat Reader DC Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21063 | 2021-02-11 | Acrobat Reader DC Buffer Overflow Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2019-19004 | 2021-02-11 | A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. |
| CVE-2019-19005 | 2021-02-11 | A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. |
| CVE-2021-21051 | 2021-02-11 | Adobe Photoshop Buffer Overflow Vulnerability Could Lead To Remote Code Execution Vulnerability |
| CVE-2021-21047 | 2021-02-11 | Adobe Photoshop Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution |
| CVE-2021-21050 | 2021-02-11 | Adobe Photoshop Out-Of-Bounds Read Vulnerability Could Lead To Remote Code Execution Vulnerability |
| CVE-2021-21048 | 2021-02-11 | Adobe Photoshop Buffer Overflow Vulnerability Could Lead To Remote Code Execution Vulnerability |
| CVE-2021-21049 | 2021-02-11 | Adobe Photoshop Out-Of-Bounds Read Vulnerability Could Lead To Remote Code Execution Vulnerability |
| CVE-2021-21052 | 2021-02-11 | Adobe Animate Out-of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-21055 | 2021-02-11 | Adobe Dreamweaver Untrusted Search Path Vulnerability Could Lead To Information Disclosure |
| CVE-2021-21054 | 2021-02-11 | Adobe Illustrator Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution Vulnerability |
| CVE-2021-21053 | 2021-02-11 | Adobe Illustrator Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution |
| CVE-2021-21014 | 2021-02-11 | Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution |
| CVE-2020-9307 | 2021-02-11 | Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports... |
| CVE-2021-21976 | 2021-02-11 | vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated... |
| CVE-2021-21311 | 2021-02-11 | SSRF in adminer |
| CVE-2021-21310 | 2021-02-11 | Token verification bug in next-auth |
| CVE-2020-27860 | 2021-02-11 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-27861 | 2021-02-11 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2020-27862 | 2021-02-11 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2020-27863 | 2021-02-11 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2020-27864 | 2021-02-11 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific... |
| CVE-2020-27865 | 2021-02-11 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific... |
| CVE-2020-27866 | 2021-02-11 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers.... |
| CVE-2020-27867 | 2021-02-11 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400... |
| CVE-2020-27868 | 2021-02-11 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2020-27869 | 2021-02-11 | This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw... |
| CVE-2013-20001 | 2021-02-12 | An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6... |
| CVE-2021-27190 | 2021-02-12 | A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript... |
| CVE-2021-20635 | 2021-02-12 | Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. |
| CVE-2021-20636 | 2021-02-12 | Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device... |
| CVE-2021-20637 | 2021-02-12 | Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. |
| CVE-2021-20638 | 2021-02-12 | LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. |
| CVE-2021-20639 | 2021-02-12 | LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. |
| CVE-2021-20640 | 2021-02-12 | Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors. |
| CVE-2021-20641 | 2021-02-12 | Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device... |
| CVE-2021-20642 | 2021-02-12 | Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. |
| CVE-2021-20643 | 2021-02-12 | Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request. |
| CVE-2021-20644 | 2021-02-12 | ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. |
| CVE-2021-20645 | 2021-02-12 | Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. |
| CVE-2021-20646 | 2021-02-12 | Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device... |
| CVE-2021-20647 | 2021-02-12 | Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device... |
| CVE-2021-20648 | 2021-02-12 | ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. |
| CVE-2021-20649 | 2021-02-12 | ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on... |
| CVE-2021-20650 | 2021-02-12 | Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device... |
| CVE-2021-20651 | 2021-02-12 | Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with... |
| CVE-2021-27205 | 2021-02-12 | Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure. |
| CVE-2021-27204 | 2021-02-12 | Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure. |
| CVE-2021-27187 | 2021-02-12 | The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked. |
| CVE-2021-27188 | 2021-02-12 | The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a... |
| CVE-2021-27197 | 2021-02-12 | DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious... |
| CVE-2021-22975 | 2021-02-12 | On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts... |
| CVE-2021-22973 | 2021-02-12 | On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or... |
| CVE-2021-22974 | 2021-02-12 | On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to... |
| CVE-2021-20406 | 2021-02-12 | IBM Security Verify Information Queue information disclosure |
| CVE-2021-20407 | 2021-02-12 | IBM Security Verify Information Queue information disclosure |
| CVE-2021-20408 | 2021-02-12 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187. |