Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1711 | 1 Microsoft | 2 365 Apps, Office | 2021-01-19 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-1666 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-01-19 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701. | |||||
| CVE-2021-23900 | 1 Owasp | 1 Json-sanitizer | 2021-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations. | |||||
| CVE-2020-14097 | 1 Mi | 2 Redmi Ax6, Redmi Ax6 Firmware | 2021-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18. | |||||
| CVE-2021-1718 | 1 Microsoft | 1 Sharepoint Foundation | 2021-01-19 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server Tampering Vulnerability | |||||
| CVE-2020-14101 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2021-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | |||||
| CVE-2021-1656 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-01-19 | 2.1 LOW | 5.5 MEDIUM |
| TPM Device Driver Information Disclosure Vulnerability | |||||
| CVE-2020-35909 | 1 Protocol | 1 Multihash | 2021-01-14 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server. | |||||
| CVE-2021-1716 | 1 Microsoft | 8 365 Apps, Office, Office Online Server and 5 more | 2021-01-14 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715. | |||||
| CVE-2021-1714 | 1 Microsoft | 7 365 Apps, Excel, Excel Services and 4 more | 2021-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1713. | |||||
| CVE-2021-1643 | 1 Microsoft | 1 Hevc Video Extensions | 2021-01-14 | 9.3 HIGH | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1644. | |||||
| CVE-2020-24003 | 1 Microsoft | 1 Skype | 2021-01-14 | 2.1 LOW | 3.3 LOW |
| Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access. | |||||
| CVE-2020-14005 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2021-01-14 | 9.0 HIGH | 8.8 HIGH |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | |||||
| CVE-2021-1637 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2021-01-14 | 2.1 LOW | 5.5 MEDIUM |
| Windows DNS Query Information Disclosure Vulnerability | |||||
| CVE-2019-25002 | 1 Sodiumoxide Project | 1 Sodiumoxide | 2021-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties. | |||||
| CVE-2021-3116 | 1 Proxy.py Project | 1 Proxy.py | 2021-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or). | |||||
| CVE-2020-14275 | 1 Hcltechsw | 1 Hcl Commerce | 2021-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | |||||
| CVE-2021-1644 | 1 Microsoft | 1 Hevc Video Extensions | 2021-01-13 | 9.3 HIGH | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1643. | |||||
| CVE-2020-29041 | 1 Sesame-system | 1 Web-sesame | 2021-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to generate the bundle, configuration settings (e.g., API keys), and developers' comments. | |||||
| CVE-2019-18642 | 1 Sparkdevnetwork | 1 Rock Rms | 2021-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account. | |||||