Security Vulnerabilities - CVEs Published In March 2021
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-03-22
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-03-22
A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-03-22
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-03-22
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-03-22
IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-03-22
When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-03-22
When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-03-22
When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-03-22
When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-03-22