CVE-2021-27258
- This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSett...
read CVE-2021-27258
Published:
April 14, 2021; 12:15:13 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-27247
- This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...
read CVE-2021-27247
Published:
April 14, 2021; 12:15:13 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-26031
- An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
Published:
April 14, 2021; 2:15:14 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-29429
- In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files a...
read CVE-2021-29429
Published:
April 12, 2021; 6:15:13 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW
CVE-2021-28826
- The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability t...
read CVE-2021-28826
Published:
April 14, 2021; 1:15:14 PM -0400
CVE-2021-28825
- The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that ...
read CVE-2021-28825
Published:
April 14, 2021; 1:15:14 PM -0400
CVE-2021-31254
- Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
Published:
April 19, 2021; 3:15:18 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-10912
- keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could u...
read CVE-2018-10912
Published:
July 23, 2018; 6:29:00 PM -0400
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-9667
- Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of th...
read CVE-2020-9667
Published:
April 16, 2021; 2:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-36322
- An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vu...
read CVE-2020-36322
Published:
April 14, 2021; 2:15:12 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-26076
- The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can ...
read CVE-2021-26076
Published:
April 14, 2021; 8:15:12 PM -0400
V3.1: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2021-26075
- The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full pat...
read CVE-2021-26075
Published:
April 14, 2021; 8:15:12 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-29654
- AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
Published:
April 14, 2021; 2:15:14 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-7269
- Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is ...
read CVE-2020-7269
Published:
April 15, 2021; 4:15:12 AM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-23884
- Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the passwor...
read CVE-2021-23884
Published:
April 15, 2021; 4:15:14 AM -0400
V3.1: 4.3 MEDIUM
V2.0: 2.7 LOW
CVE-2021-23368
- The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Published:
April 12, 2021; 10:15:14 AM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-7270
- Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is ...
read CVE-2020-7270
Published:
April 15, 2021; 4:15:14 AM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-23886
- Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. Th...
read CVE-2021-23886
Published:
April 15, 2021; 4:15:14 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2020-29593
- An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.
Published:
April 14, 2021; 11:15:13 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-3017
- The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
Published:
April 14, 2021; 2:15:14 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM