Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0450 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117880 | |||||
| CVE-2021-0451 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117871 | |||||
| CVE-2021-0452 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117261 | |||||
| CVE-2021-0453 | 1 Google | 1 Android | 2021-03-12 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117199 | |||||
| CVE-2021-0454 | 1 Google | 1 Android | 2021-03-12 | 7.2 HIGH | 6.7 MEDIUM |
| In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117047 | |||||
| CVE-2021-0455 | 1 Google | 1 Android | 2021-03-12 | 7.2 HIGH | 6.7 MEDIUM |
| In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175116439 | |||||
| CVE-2021-3224 | 1 Cszcms | 1 Csz Cms | 2021-03-12 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. | |||||
| CVE-2020-35594 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADManager Plus before 7066 allows XSS. | |||||
| CVE-2020-29060 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account. | |||||
| CVE-2020-29059 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware. | |||||
| CVE-2021-26294 | 1 Afterlogic | 2 Aurora, Webmail Pro | 2021-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password). | |||||
| CVE-2009-20001 | 1 Mantisbt | 1 Mantisbt | 2021-03-11 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. | |||||
| CVE-2020-29057 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack. | |||||
| CVE-2020-27576 | 1 Maxum | 1 Rumpus | 2021-03-11 | 3.5 LOW | 5.4 MEDIUM |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-29055 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance. | |||||
| CVE-2020-29054 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials. | |||||
| CVE-2020-29062 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account. | |||||
| CVE-2020-29061 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account. | |||||
| CVE-2020-23967 | 1 Drweb | 1 Security Space | 2021-03-11 | 7.2 HIGH | 7.8 HIGH |
| Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate. | |||||
| CVE-2021-27222 | 1 Obss | 1 Time In Status | 2021-03-11 | 3.5 LOW | 5.4 MEDIUM |
| In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. | |||||
| CVE-2017-17780 | 1 Mediaburst | 8 Booking Calendar Sms, Clockwork Sms Notfications, Contact Form 7 Sms and 5 more | 2021-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5. | |||||
| CVE-2021-25344 | 1 Google | 1 Android | 2021-03-11 | 2.1 LOW | 5.5 MEDIUM |
| Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. | |||||
| CVE-2021-25345 | 2 Google, Samsung | 2 Android, Exynos | 2021-03-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. | |||||
| CVE-2020-6538 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-16006 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6554 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-03-11 | 6.8 MEDIUM | 8.6 HIGH |
| Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-16008 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. | |||||
| CVE-2020-16011 | 4 Debian, Google, Microsoft and 1 more | 5 Debian Linux, Chrome, Windows and 2 more | 2021-03-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-25340 | 1 Google | 1 Android | 2021-03-11 | 2.1 LOW | 2.4 LOW |
| Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. | |||||
| CVE-2020-15967 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-15970 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-15971 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-36255 | 1 Identitymodel Project | 1 Identitymodel | 2021-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens. | |||||
| CVE-2020-15973 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. | |||||
| CVE-2021-25339 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2021-03-11 | 2.1 LOW | 5.2 MEDIUM |
| Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | |||||
| CVE-2020-15980 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Android and 2 more | 2021-03-11 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. | |||||
| CVE-2021-25333 | 1 Samsung | 1 Pay Mini | 2021-03-11 | 1.9 LOW | 2.4 LOW |
| Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code. | |||||
| CVE-2021-25338 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2021-03-11 | 3.6 LOW | 5.2 MEDIUM |
| Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | |||||
| CVE-2020-15981 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-15982 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-15983 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-03-11 | 4.4 MEDIUM | 7.8 HIGH |
| Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-15984 | 5 Apple, Debian, Fedoraproject and 2 more | 5 Iphone Os, Debian Linux, Fedora and 2 more | 2021-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL. | |||||
| CVE-2020-15988 | 5 Debian, Fedoraproject, Google and 2 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-11 | 6.8 MEDIUM | 6.3 MEDIUM |
| Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2020-9949 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2021-03-11 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9965 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-03-11 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9966 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9969 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-03-11 | 1.9 LOW | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information. | |||||
| CVE-2020-9974 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-03-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2021-25331 | 1 Samsung | 1 Pay Mini | 2021-03-11 | 1.9 LOW | 2.4 LOW |
| Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition. | |||||
| CVE-2021-25335 | 2 Google, Samsung | 2 Android, One Ui | 2021-03-11 | 1.9 LOW | 2.5 LOW |
| Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | |||||