CVE-2020-35483
- AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll f...
read CVE-2020-35483
Published:
January 11, 2021; 10:15:13 AM -0500
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-23253
- Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only se...
read CVE-2021-23253
Published:
January 11, 2021; 11:15:15 AM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-1663
- Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1670, CVE-2021-1672.
Published:
January 12, 2021; 3:15:31 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-1664
- Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
Published:
January 12, 2021; 3:15:31 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-1662
- Windows Event Tracing Elevation of Privilege Vulnerability
Published:
January 12, 2021; 3:15:31 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-15799
- A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The vulnerability could allow an unauthenticated attacker t...
read CVE-2020-15799
Published:
January 12, 2021; 4:15:16 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2020-28374
- In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c...
read CVE-2020-28374
Published:
January 12, 2021; 11:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2021-1146
- Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The...
read CVE-2021-1146
Published:
January 13, 2021; 5:15:14 PM -0500
CVE-2021-1127
- A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management i...
read CVE-2021-1127
Published:
January 13, 2021; 5:15:14 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-3032
- An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. ...
read CVE-2021-3032
Published:
January 13, 2021; 1:15:14 PM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-3031
- Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random...
read CVE-2021-3031
Published:
January 13, 2021; 1:15:14 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 3.3 LOW
CVE-2017-12116
- An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in autho...
read CVE-2017-12116
Published:
January 19, 2018; 6:29:00 PM -0500
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2015-6926
- The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.
Published:
January 19, 2018; 10:29:00 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2014-4919
- OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical...
read CVE-2014-4919
Published:
January 19, 2018; 10:29:00 AM -0500
V3.1: 5.4 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2020-25659
- python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
Published:
January 11, 2021; 11:15:15 AM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-7784
- This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:
Published:
January 08, 2021; 8:15:10 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-1710
- Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Published:
January 12, 2021; 3:15:34 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-1706
- Windows LUAFV Elevation of Privilege Vulnerability
Published:
January 12, 2021; 3:15:34 PM -0500
CVE-2020-9203
- There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience.
Published:
January 13, 2021; 5:15:14 PM -0500
CVE-2021-1707
- Microsoft SharePoint Server Remote Code Execution Vulnerability
Published:
January 12, 2021; 3:15:34 PM -0500