Lista CVE - 2021 / Febbraio
Visualizzazione 101 - 200 di 1455 CVE per Febbraio 2021 (Pagina 2 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-35152 | 2021-02-02 | Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows |
| CVE-2020-9388 | 2021-02-03 | CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a... |
| CVE-2020-9390 | 2021-02-03 | SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script. |
| CVE-2020-29163 | 2021-02-03 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection. |
| CVE-2020-29164 | 2021-02-03 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS). |
| CVE-2020-29165 | 2021-02-03 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges. |
| CVE-2020-29166 | 2021-02-03 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure. |
| CVE-2020-28144 | 2021-02-03 | Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series... |
| CVE-2021-25755 | 2021-02-03 | In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. |
| CVE-2021-25756 | 2021-02-03 | In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS. |
| CVE-2021-25758 | 2021-02-03 | In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. |
| CVE-2020-28895 | 2021-02-03 | integer overflow in calloc |
| CVE-2021-25757 | 2021-02-03 | In JetBrains Hub before 2020.1.12629, an open redirect was possible. |
| CVE-2021-25759 | 2021-02-03 | In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. |
| CVE-2021-25760 | 2021-02-03 | In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. |
| CVE-2020-29582 | 2021-02-03 | In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories... |
| CVE-2021-25761 | 2021-02-03 | In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. |
| CVE-2021-25763 | 2021-02-03 | In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. |
| CVE-2021-25762 | 2021-02-03 | In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. |
| CVE-2021-25765 | 2021-02-03 | In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. |
| CVE-2020-25208 | 2021-02-03 | In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions. |
| CVE-2021-25766 | 2021-02-03 | In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made. |
| CVE-2021-25767 | 2021-02-03 | In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution. |
| CVE-2021-25768 | 2021-02-03 | In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly. |
| CVE-2021-25769 | 2021-02-03 | In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments. |
| CVE-2021-25770 | 2021-02-03 | In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. |
| CVE-2021-25771 | 2021-02-03 | In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed. |
| CVE-2021-25773 | 2021-02-03 | JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. |
| CVE-2021-25772 | 2021-02-03 | In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. |
| CVE-2021-25776 | 2021-02-03 | In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. |
| CVE-2021-25774 | 2021-02-03 | In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. |
| CVE-2021-25775 | 2021-02-03 | In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. |
| CVE-2020-27222 | 2021-02-03 | In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong... |
| CVE-2020-35481 | 2021-02-03 | SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. |
| CVE-2020-35482 | 2021-02-03 | SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. |
| CVE-2021-25778 | 2021-02-03 | In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. |
| CVE-2021-25777 | 2021-02-03 | In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. |
| CVE-2020-2507 | 2021-02-03 | command injection vulnerability in Helpdesk |
| CVE-2020-35667 | 2021-02-03 | JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. |
| CVE-2020-2506 | 2021-02-03 | improper access control vulnerability in Helpdesk |
| CVE-2020-27994 | 2021-02-03 | SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. |
| CVE-2020-28001 | 2021-02-03 | SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. |
| CVE-2020-28653 | 2021-02-03 | Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. |
| CVE-2020-17516 | 2021-02-03 | Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections.... |
| CVE-2020-8294 | 2021-02-03 | A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. |
| CVE-2020-25857 | 2021-02-03 | The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy()... |
| CVE-2020-25856 | 2021-02-03 | The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy()... |
| CVE-2020-25855 | 2021-02-03 | The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy()... |
| CVE-2020-25854 | 2021-02-03 | The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal... |
| CVE-2021-25275 | 2021-02-03 | SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable... |
| CVE-2020-25853 | 2021-02-03 | The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal... |
| CVE-2021-25274 | 2021-02-03 | The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send... |
| CVE-2020-17523 | 2021-02-03 | Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. |
| CVE-2021-25276 | 2021-02-03 | In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user... |
| CVE-2020-18723 | 2021-02-03 | Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially... |
| CVE-2020-18724 | 2021-02-03 | Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while... |
| CVE-2020-8588 | 2021-02-03 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual... |
| CVE-2020-8589 | 2021-02-03 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs)... |
| CVE-2019-16268 | 2021-02-03 | Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen. |
| CVE-2021-23331 | 2021-02-03 | Insecure Temporary File |
| CVE-2020-9389 | 2021-02-03 | A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due... |
| CVE-2021-20016 | 2021-02-03 | A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts... |
| CVE-2021-26023 | 2021-02-03 | The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. |
| CVE-2021-26024 | 2021-02-03 | The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. |
| CVE-2021-3401 | 2021-02-04 | Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler... |
| CVE-2021-26689 | 2021-02-04 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February... |
| CVE-2021-26688 | 2021-02-04 | An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021). |
| CVE-2021-26687 | 2021-02-04 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029... |
| CVE-2020-13580 | 2021-02-04 | An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly... |
| CVE-2020-13579 | 2021-02-04 | An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that... |
| CVE-2020-27247 | 2021-02-04 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size... |
| CVE-2020-27248 | 2021-02-04 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size... |
| CVE-2020-27249 | 2021-02-04 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size... |
| CVE-2020-6088 | 2021-02-04 | An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss... |
| CVE-2020-14245 | 2021-02-04 | HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources. |
| CVE-2020-13586 | 2021-02-04 | A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead... |
| CVE-2020-14247 | 2021-02-04 | HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. |
| CVE-2020-14246 | 2021-02-04 | HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials. |
| CVE-2020-16194 | 2021-02-04 | An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an... |
| CVE-2020-28450 | 2021-02-04 | Prototype Pollution |
| CVE-2020-28449 | 2021-02-04 | Prototype Pollution |
| CVE-2021-1289 | 2021-02-04 | Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities |
| CVE-2021-1288 | 2021-02-04 | Cisco IOS XR Software Enf Broker Denial of Service Vulnerability |
| CVE-2021-1268 | 2021-02-04 | Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability |
| CVE-2021-1266 | 2021-02-04 | Cisco Managed Services Accelerator Denial of Service Vulnerability |
| CVE-2021-1244 | 2021-02-04 | Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities |
| CVE-2021-1243 | 2021-02-04 | Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability |
| CVE-2021-1221 | 2021-02-04 | Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability |
| CVE-2021-1136 | 2021-02-04 | Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities |
| CVE-2021-1128 | 2021-02-04 | Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability |
| CVE-2021-1389 | 2021-02-04 | Cisco IOS XR and Cisco NX-OS Software IPv6 Access Control List Bypass Vulnerability |
| CVE-2021-1370 | 2021-02-04 | Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Privilege Escalation Vulnerability |
| CVE-2021-1354 | 2021-02-04 | Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability |
| CVE-2021-1348 | 2021-02-04 | Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1347 | 2021-02-04 | Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1346 | 2021-02-04 | Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1345 | 2021-02-04 | Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1344 | 2021-02-04 | Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1343 | 2021-02-04 | Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |
| CVE-2021-1342 | 2021-02-04 | Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities |