IS Security CERT Global

    • CVE-2021-0433
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to ... read more
    • CVE-2021-0428
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. ... read more
    • CVE-2021-0400
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to ... read more
    • CVE-2021-0432
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to ... read more
    • CVE-2021-0426
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could ... read more
    • CVE-2021-0427
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could ... read more
    • CVE-2021-0431
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could ... read more
    • CVE-2021-0429
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local ... read more
    • CVE-2020-28590
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A ... read more
    • CVE-2021-0430
      Gravedad: NonePublicado: 13/04/2021Last revised: 13/04/2021Descripción: *** Pendiente de traducción *** In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could ... read more
    • CVE-2021-3463
      A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. ... read more
    • CVE-2020-8412
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8399
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8410
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8413
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8415
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2021-3473
      An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator ... read more
    • CVE-2020-8406
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8401
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8395
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2021-3460
      The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible ... read more
    • CVE-2020-8409
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8402
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8393
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8411
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2021-3471
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8397
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8414
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2020-8407
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
    • CVE-2021-3462
      A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. ... read more
    • CVE-2021-28166 (mosquitto)
      In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would ... read more
    • CVE-2021-24199 (wpdatatables)
      The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on ... read more
    • CVE-2021-30177 (php-nuke)
      There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be ... read more
    • CVE-2021-24197 (wpdatatables)
      The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published ... read more
    • CVE-2021-24200 (wpdatatables)
      The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on ... read more
    • CVE-2021-24198 (wpdatatables)
      The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published ... read more
    • SAP Releases April 2021 Security Updates
      Original release date: April 13, 2021SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected ... read more
    • CVE-2021-21492
      SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when ... read more
    • CVE-2021-27598
      SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing ... read more
    • CVE-2021-22717
      A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing ... read more
    • CVE-2021-22716
      A CWE-269: Improper Privilege Management vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when an unprivileged user modifies a file. ... read more
    • CVE-2021-23277
      Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation ... read more
    • CVE-2021-27601
      SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this ... read more
    • CVE-2021-27605
      SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in ... read more
    • CVE-2021-27600
      SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP ... read more
    • CVE-2021-23276
      Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of ... read more
    • CVE-2021-27603
      An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker ... read more
    • CVE-2021-22720
      A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring ... read more
    • CVE-2021-23281
      Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. ... read more
    • CVE-2021-27609
      SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for ... read more
    Older posts
Title Category Tag

Chemical Industry – Parsons Report – Cybersecurity

 CybersecurityICSIIOT cybersecurity epcm ICS