CVE-2021-20225
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Source: CVE-2021-20225
CVE-2021-3419
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Source: CVE-2021-3419
CVE-2021-27215
An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.
Source: CVE-2021-27215
CVE-2021-26813
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
Source: CVE-2021-26813
CVE-2021-25252
Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) – are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
Source: CVE-2021-25252
CVE-2020-15937
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.
Source: CVE-2020-15937
CVE-2020-35296
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.
Source: CVE-2020-35296
CVE-2021-25315
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.
Source: CVE-2021-25315
CVE-2021-23347
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
Source: CVE-2021-23347
CVE-2021-27923
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Source: CVE-2021-27923