IDCVSSSummaryLast (major) updatePublished
CVE-2021-21285 4.3
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
28-02-2021 - 12:15 02-02-2021 - 18:15
CVE-2021-21284 2.7
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace
28-02-2021 - 12:15 02-02-2021 - 18:15
CVE-2020-15257 3.6
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the
28-02-2021 - 12:15 01-12-2020 - 03:15
CVE-2020-15157 4.3
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a sp
28-02-2021 - 12:15 16-10-2020 - 17:15
CVE-2020-8022 7.2
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise S
28-02-2021 - 12:15 29-06-2020 - 09:15
CVE-2020-0822 4.6
An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.
28-02-2021 - 12:15 12-03-2020 - 16:15
CVE-2021-21330 None
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a differe
27-02-2021 - 20:15 26-02-2021 - 03:15
CVE-2021-27803 None
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacke
27-02-2021 - 10:15 26-02-2021 - 23:15
CVE-2021-27132 None
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
27-02-2021 - 06:15 27-02-2021 - 06:15
CVE-2019-25022 None
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2021-3151 None
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CO
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2020-28243 None
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-b
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2019-25023 None
An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2019-25021 None
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2020-28972 None
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2019-25020 None
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2021-3197 None
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2021-25283 None
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2021-25282 None
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2021-3148 None
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/uti
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2021-25284 None
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2020-35662 None
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2021-25281 None
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2021-3144 None
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
27-02-2021 - 05:15 27-02-2021 - 05:15
CVE-2021-22882 5.0
UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
27-02-2021 - 05:00 23-02-2021 - 19:15
CVE-2020-7846 6.8
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.
27-02-2021 - 04:59 24-02-2021 - 16:15
CVE-2021-21616 3.5
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
27-02-2021 - 04:56 24-02-2021 - 16:15
CVE-2021-21618 3.5
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
27-02-2021 - 04:53 24-02-2021 - 16:15
CVE-2021-21619 3.5
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security
27-02-2021 - 04:52 24-02-2021 - 16:15
CVE-2021-21621 5.0
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some con
27-02-2021 - 04:49 24-02-2021 - 16:15
CVE-2021-21622 3.5
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
27-02-2021 - 04:46 24-02-2021 - 16:15
CVE-2021-27645 4.9
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the loc
27-02-2021 - 04:41 24-02-2021 - 15:15
CVE-2021-20247 5.8
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access
27-02-2021 - 04:38 23-02-2021 - 19:15
CVE-2020-11223 7.2
Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
27-02-2021 - 04:31 22-02-2021 - 07:15
CVE-2021-3355 3.5
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
27-02-2021 - 04:28 24-02-2021 - 15:15
CVE-2020-36079 None
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of t
27-02-2021 - 04:18 26-02-2021 - 23:15
CVE-2021-27799 None
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.19.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.
27-02-2021 - 04:18 26-02-2021 - 22:15
CVE-2021-21308 None
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2
27-02-2021 - 04:18 26-02-2021 - 20:15
CVE-2021-21302 None
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2
27-02-2021 - 04:18 26-02-2021 - 20:15
CVE-2021-26683 9.0
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated use
27-02-2021 - 04:17 23-02-2021 - 18:15
CVE-2020-14359 7.5
A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put
27-02-2021 - 04:13 23-02-2021 - 13:15
CVE-2021-22651 6.8
When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the ext
27-02-2021 - 04:06 23-02-2021 - 18:15
CVE-2021-20252 6.8
A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently lar
27-02-2021 - 03:58 23-02-2021 - 23:15
CVE-2021-20198 6.8
A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet p
27-02-2021 - 03:49 23-02-2021 - 18:15
CVE-2021-20182 6.5
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize t
27-02-2021 - 03:41 23-02-2021 - 22:15
CVE-2020-27782 7.8
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vul
27-02-2021 - 03:34 23-02-2021 - 19:15
CVE-2021-26684 9.0
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated use
27-02-2021 - 03:27 23-02-2021 - 18:15
CVE-2021-3252 5.0
KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provid
27-02-2021 - 03:24 23-02-2021 - 15:15
CVE-2021-20194 4.6
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt i
27-02-2021 - 03:08 23-02-2021 - 23:15
CVE-2021-25630 7.2
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case.
27-02-2021 - 03:04 23-02-2021 - 16:15
Back to Top Mark selected
Back to Top