CVE-2021-20200

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2021-20200

CVE-2020-35454

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.

Source: CVE-2020-35454

CVE-2021-28660

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.

Source: CVE-2021-28660

CVE-2021-27292

ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

Source: CVE-2021-27292

CVE-2020-8111

** REJECT ** Unused CVE for 2020.

Source: CVE-2020-8111

CVE-2021-27291

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

Source: CVE-2021-27291

CVE-2020-15763

** REJECT ** Unused CVE for 2020.

Source: CVE-2020-15763

CVE-2020-15755

** REJECT ** Unused CVE for 2020.

Source: CVE-2020-15755

CVE-2020-15756

** REJECT ** Unused CVE for 2020.

Source: CVE-2020-15756

CVE-2020-8106

** REJECT ** Unused CVE for 2020.

Source: CVE-2020-8106