Security Vulnerabilities - CVEs Published In March 2021
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.
CVSS Score
7.7
EPSS Score
0.002
Published
2021-03-09
SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
6.8
EPSS Score
0.001
Published
2021-03-09
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
CVSS Score
7.5
EPSS Score
0.028
Published
2021-03-09
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-03-09
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-03-09
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
CVSS Score
7.5
EPSS Score
0.028
Published
2021-03-09
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-03-09
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-03-09
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. The problem has been fixed in version 2.1.1. Depending on how you have installed Products.GenericSetup, you should change the buildout version pin to 2.1.1 and re-run the buildout, or if you used pip simply do pip install `"Products.GenericSetup>=2.1.1"`.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-03-09
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-03-09