Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3401PUBLISHED: 2021-02-04
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer sta...
CVE-2021-26024PUBLISHED: 2021-02-03The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
CVE-2021-26023PUBLISHED: 2021-02-03The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.
CVE-2020-9388PUBLISHED: 2021-02-03CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.
CVE-2020-9389PUBLISHED: 2021-02-03A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.