Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2021
Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-03-25
Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-03-25
Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-03-25
Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-03-25
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-03-25
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-03-25
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-03-25
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
CVSS Score
7.5
EPSS Score
0.011
Published
2021-03-25
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
CVSS Score
7.5
EPSS Score
0.011
Published
2021-03-25
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
CVSS Score
7.5
EPSS Score
0.017
Published
2021-03-25


Contact Us

Shodan ® - All rights reserved