Total
117 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-1904 | 1 Qualcomm | 350 Apq8009, Apq8009 Firmware, Apq8009w and 347 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2021-0295 | 1 Juniper | 5 Junos, Qfx10000, Qfx10002 and 2 more | 2024-02-28 | 2.9 LOW | 6.1 MEDIUM |
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). The issue is caused by DVMRP packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. DVMRP packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. This issue only affects QFX10K Series switches, including the QFX10002, QFX10008, and QFX10016. Other products and platforms are unaffected by this vulnerability. This issue affects Juniper Networks Junos OS on QFX10K Series: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 version 18.2R1 and later versions; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. | |||||
CVE-2020-13559 | 1 Freyrscada | 1 Iec-60879-5-104 Server Simulator | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2020-23359 | 1 Webidsupport | 1 Webid | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. | |||||
CVE-2020-23360 | 1 Oscommerce | 1 Oscommerce | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | |||||
CVE-2021-20219 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability. | |||||
CVE-2021-3116 | 1 Proxy.py Project | 1 Proxy.py | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or). | |||||
CVE-2020-11072 | 1 Simpleledger | 1 Slp-validate | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071. | |||||
CVE-2020-15130 | 1 Simpleledger | 1 Slpjs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 0.27.4. | |||||
CVE-2020-13485 | 1 Verbb | 1 Knock Knock | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. | |||||
CVE-2020-10024 | 1 Zephyrproject | 1 Zephyr | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | |||||
CVE-2020-5849 | 1 Unraid | 1 Unraid | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Unraid 6.8.0 allows authentication bypass. | |||||
CVE-2020-11071 | 1 Simpleledger | 1 Slpjs | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2. | |||||
CVE-2020-10027 | 1 Zephyrproject | 1 Zephyr | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | |||||
CVE-2020-8864 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471. | |||||
CVE-2020-15131 | 1 Simpleledger | 1 Slp-validate | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the NFT1 Group token type as is required by the NFT1 specification. This is fixed in version 1.2.2. | |||||
CVE-2020-15811 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. |