Security Vulnerabilities - CVEs Published In February 2021
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-09
CVE-2021-21148
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Known exploited
CVSS Score
8.8
EPSS Score
0.199
Published
2021-02-09
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-02-09
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-02-09
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-02-09
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.012
Published
2021-02-09
IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-02-09
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379.
CVSS Score
6.9
EPSS Score
0.001
Published
2021-02-09
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-02-09
IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912.
CVSS Score
4.0
EPSS Score
0.001
Published
2021-02-09