Total
1442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21318 | 1 Apereo | 1 Opencast | 2021-02-26 | 5.4 Medium |
| Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2. | ||||
| CVE-2021-20188 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux, Openshift Container Platform | 2021-02-17 | 7.0 High |
| A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-27177 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-12 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server. | ||||
| CVE-2020-8806 | 1 Electriccoin | 1 Zcashd | 2021-02-08 | 7.5 High |
| Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced. | ||||
| CVE-2020-27873 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2021-02-08 | 6.5 Medium |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559. | ||||
| CVE-2021-21286 | 1 Wwbn | 1 Avideo | 2021-02-05 | 8.8 High |
| AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash. | ||||
| CVE-2021-25774 | 1 Jetbrains | 1 Teamcity | 2021-02-05 | 4.3 Medium |
| In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. | ||||
| CVE-2021-25777 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 5.3 Medium |
| In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. | ||||
| CVE-2021-3337 | 1 Hide Thread Content Project | 1 Hide Thread Content | 2021-02-04 | 7.5 High |
| The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit. | ||||
| CVE-2021-26026 | 1 Acdsee | 1 Photo Studio 2021 | 2021-02-03 | 7.8 High |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image. | ||||
| CVE-2021-26025 | 1 Acdsee | 1 Photo Studio 2021 | 2021-02-03 | 7.8 High |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image. | ||||
| CVE-2020-29605 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2021-01-30 | 4.3 Medium |
| An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.) | ||||
| CVE-2020-17448 | 1 Telegram | 1 Telegram Desktop | 2021-01-28 | 7.8 High |
| Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. | ||||
| CVE-2021-1054 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2021-01-14 | 5.5 Medium |
| NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service. | ||||
| CVE-2021-0319 | 1 Google | 1 Android | 2021-01-13 | 7.3 High |
| In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818. | ||||
| CVE-2018-8044 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2021-01-13 | 7.8 High |
| K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys. | ||||
| CVE-2018-8724 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2021-01-13 | 7.8 High |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. | ||||
| CVE-2016-20001 | 1 Rest\/json Project | 1 Rest\/json | 2021-01-07 | 9.8 Critical |
| The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2016-20005 | 1 Rest\/json Project | 1 Rest\/json | 2021-01-07 | 9.8 Critical |
| The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2016-20004 | 1 Rest\/json Project | 1 Rest\/json | 2021-01-07 | 9.8 Critical |
| The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||