Search Results (Refine Search)

Search Parameters:
There are 147,613 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2021-3138

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.

Published: January 13, 2021; 11:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-16119

Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.

Published: January 13, 2021; 8:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-27267

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

Published: January 13, 2021; 7:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-27265

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.

Published: January 13, 2021; 7:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-27263

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

Published: January 13, 2021; 7:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-21013

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-21012

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2021-21011

Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2021-21010

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2021-21009

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 8.6 HIGH
V2.0:(not available)
CVE-2021-21008

Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2021-21007

Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:13 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2021-21006

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-9209

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-1866

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-1865

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-14102

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-14101

The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-14098

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-14097

Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)