Search Results (Refine Search)

Search Parameters:
There are 149,571 matching records.
Displaying matches 1,401 through 1,420.
Vuln ID Summary CVSS Severity
CVE-2021-22639

An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

Published: January 27, 2021; 3:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-22637

Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

Published: January 27, 2021; 3:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3325

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.

Published: January 27, 2021; 2:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-26118

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

Published: January 27, 2021; 2:15:13 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-26117

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

Published: January 27, 2021; 2:15:13 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-25247

A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability.

Published: January 27, 2021; 2:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-25226

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Published: January 27, 2021; 2:15:13 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-25225

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Published: January 27, 2021; 2:15:13 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-25224

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Published: January 27, 2021; 2:15:13 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-3318

attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.

Published: January 27, 2021; 1:15:14 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-5428

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

Published: January 27, 2021; 1:15:13 PM -0500
V3.1: 6.0 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2020-5427

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

Published: January 27, 2021; 1:15:13 PM -0500
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-20357

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.

Published: January 27, 2021; 12:15:14 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-4952

IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.

Published: January 27, 2021; 12:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2020-4865

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.

Published: January 27, 2021; 12:15:13 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-4855

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.

Published: January 27, 2021; 12:15:12 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-4789

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.

Published: January 27, 2021; 12:15:12 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-4787

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.

Published: January 27, 2021; 12:15:12 PM -0500
V3.1: 2.3 LOW
V2.0: 2.1 LOW
CVE-2020-4786

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.

Published: January 27, 2021; 12:15:11 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-4547

IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.

Published: January 27, 2021; 12:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW