CVEs Published in January 2021

CVE-2021-23329

7.5 HIGH

The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.
28 days ago

CVE-2020-15690

9.8 CRITICAL

In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
29 days ago

CVE-2020-17380

6.3 MEDIUM

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the...
29 days ago

CVE-2020-15568

9.8 CRITICAL

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in...
29 days ago

CVE-2021-21254

6.5 MEDIUM

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a...
30 days ago

CVE-2021-25646

8.8 HIGH

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments,...
30 days ago

CVE-2020-29557

9.8 CRITICAL

An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote...
30 days ago

CVE-2020-24665

6.5 MEDIUM

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a...
30 days ago

CVE-2020-24666

5.4 MEDIUM

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute...
30 days ago

CVE-2020-24669

5.4 MEDIUM

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute...
30 days ago