Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25334 | 1 Google | 1 Android | 2021-03-11 | 4.7 MEDIUM | 5.5 MEDIUM |
| Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. | |||||
| CVE-2021-21321 | 1 Fastify-reply-from Project | 1 Fastify-reply-from | 2021-03-09 | 7.5 HIGH | 10.0 CRITICAL |
| fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2. | |||||
| CVE-2021-21123 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |||||
| CVE-2021-21322 | 1 Fastify-http-proxy Project | 1 Fastify-http-proxy | 2021-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1. | |||||
| CVE-2021-23131 | 1 Joomla | 1 Joomla\! | 2021-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager. | |||||
| CVE-2019-19942 | 1 Swisscom | 3 Centro Business, Centro Grande, Centro Grande Firmware | 2021-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests. | |||||
| CVE-2021-20252 | 1 Redhat | 1 3scale Api Management | 2021-02-27 | 6.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal server error resulting in denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-0350 | 1 Google | 1 Android | 2021-02-23 | 4.9 MEDIUM | 4.4 MEDIUM |
| In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05342338. | |||||
| CVE-2020-7849 | 2 Microsoft, Uprism | 2 Windows, Curix | 2021-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. | |||||
| CVE-2020-24453 | 1 Intel | 1 Epid Software Development Kit | 2021-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-24452 | 1 Intel | 1 Sgx Platform | 2021-02-23 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2020-12385 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12377 | 1 Intel | 48 Bmc Firmware, Hns2600bpb, Hns2600bpb24 and 45 more | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12366 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-24496 | 1 Intel | 4 Ethernet Network Adapter X722-da2, Ethernet Network Adapter X722-da2 Firmware, Ethernet Network Adapter X722-da4 and 1 more | 2021-02-22 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-24502 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2021-02-22 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2020-24505 | 1 Intel | 33 Ethernet Network Adapter 700 Firmware, Ethernet Network Adapter V710-at2, Ethernet Network Adapter X710-am2 and 30 more | 2021-02-22 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-7848 | 1 Iptime | 2 C200, C200 Firmware | 2021-02-18 | 7.7 HIGH | 8.0 HIGH |
| The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value. | |||||
| CVE-2020-28645 | 1 Owncloud | 1 Owncloud | 2021-02-16 | 5.0 MEDIUM | 9.1 CRITICAL |
| Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6. | |||||
| CVE-2020-28221 | 1 Schneider-electric | 42 Ecostruxure Operator Terminal Expert, Gp-4104g, Gp-4104w and 39 more | 2021-02-12 | 9.3 HIGH | 9.8 CRITICAL |
| A CWE-20: Improper Input Validation vulnerability exists in EcoStruxureâ„¢ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI. | |||||