Search
Total
1566 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35652 | 1 Oracle | 1 Essbase Administration Services | 2022-01-20 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Essbase Administration Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-14756 | 1 Oracle | 1 Coherence | 2022-01-19 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-22847 | 1 Formpipe | 1 Lasernet | 2022-01-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication). | |||||
| CVE-2021-46067 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. | |||||
| CVE-2020-22057 | 1 Evga | 1 Precision Xoc | 2022-01-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data. | |||||
| CVE-2021-45644 | 1 Netgear | 32 Ac2100, Ac2100 Firmware, Ac2400 and 29 more | 2022-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. | |||||
| CVE-2021-45697 | 1 Nervos | 1 Molecule | 2022-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result. | |||||
| CVE-2021-45645 | 1 Netgear | 16 Rbs50y, Rbs50y Firmware, Src60 and 13 more | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK30 before 3.2.33.108, SXR30 before 3.2.33.108, SXS30 before 3.2.33.108, and SRC60 before 2.7.0.122. | |||||
| CVE-2021-45698 | 1 Nervos | 1 Ckb | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction. | |||||
| CVE-2021-45695 | 1 Mopa Project | 1 Mopa | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass. | |||||
| CVE-2021-27007 | 1 Netapp | 1 Virtual Desktop Service | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session. | |||||
| CVE-2021-45705 | 1 Nanorand Project | 1 Nanorand | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer. | |||||
| CVE-2021-45090 | 1 Stormshield | 1 Endpoint Security | 2022-01-05 | 10.0 HIGH | 9.8 CRITICAL |
| Stormshield Endpoint Security before 2.1.2 allows remote code execution. | |||||
| CVE-2021-45461 | 1 Sangoma | 3 Freepbx, Pbxact, Restapps | 2022-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19. | |||||
| CVE-2021-45678 | 1 Netgear | 2 Rax200, Rax200 Firmware | 2022-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. | |||||
| CVE-2019-8643 | 1 Apple | 1 Mac Os X | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management.. | |||||
| CVE-2019-8703 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges. | |||||
| CVE-2021-27135 | 3 Debian, Fedoraproject, Invisible-island | 3 Debian Linux, Fedora, Xterm | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | |||||
| CVE-2020-35872 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type. | |||||
| CVE-2020-35866 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor. | |||||
| CVE-2020-35867 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module. | |||||
| CVE-2020-35868 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification. | |||||
| CVE-2021-40612 | 1 Opmantek | 1 Open-audit | 2022-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes. | |||||
| CVE-2020-7209 | 1 Hp | 1 Linuxki | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. | |||||
| CVE-2020-9355 | 2 Debian, Networkmanager-ssh Project | 2 Debian Linux, Networkmanager-ssh | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. | |||||
| CVE-2020-11800 | 3 Debian, Opensuse, Zabbix | 4 Debian Linux, Backports Sle, Leap and 1 more | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2021-43907 | 1 Microsoft | 1 Windows Subsystem For Linux | 2022-01-01 | 10.0 HIGH | 9.8 CRITICAL |
| Visual Studio Code WSL Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-43905 | 1 Microsoft | 1 Office | 2022-01-01 | 6.8 MEDIUM | 9.6 CRITICAL |
| Microsoft Office app Remote Code Execution Vulnerability | |||||
| CVE-2020-18078 | 1 Sem-cms | 1 Semcms | 2021-12-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password. | |||||
| CVE-2021-0889 | 1 Google | 1 Android | 2021-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296 | |||||
| CVE-2021-23639 | 1 Markdown To Pdf Project | 1 Markdown To Pdf | 2021-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. | |||||
| CVE-2021-27983 | 1 Max-3000 | 1 Maxsite Cms | 2021-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. | |||||
| CVE-2021-38917 | 1 Ibm | 1 Powervm Hypervisor | 2021-12-14 | 9.4 HIGH | 9.1 CRITICAL |
| IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018. | |||||
| CVE-2020-13693 | 1 Bbpress | 1 Bbpress | 2021-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. | |||||
| CVE-2012-2926 | 1 Atlassian | 7 Bamboo, Confluence, Confluence Server and 4 more | 2021-12-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | |||||
| CVE-2020-11998 | 2 Apache, Oracle | 7 Activemq, Communications Diameter Signaling Router, Communications Element Manager and 4 more | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13 | |||||
| CVE-2021-22435 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Configuration Defect Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability. | |||||
| CVE-2021-37059 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Weaknesses Introduced During Design | |||||
| CVE-2021-37063 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Cryptographic Issues vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to read and delete images of Harmony devices. | |||||
| CVE-2021-2135 | 1 Oracle | 1 Weblogic Server | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-2248 | 1 Oracle | 1 Secure Global Desktop | 2021-12-03 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. | |||||
| CVE-2021-2244 | 1 Oracle | 2 Essbase Analytic Provider Services, Hyperion Analytic Provider Services | 2021-12-03 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Supported versions that are affected are Hyperion Analytic Provider Services 11.1.2.4 and 12.2.1.4, and Essbase Analytic Provider Services 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2021-2221 | 1 Oracle | 1 Secure Global Desktop | 2021-12-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. | |||||
| CVE-2020-13909 | 1 Facade | 1 Ignition | 2021-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix. | |||||
| CVE-2021-43202 | 1 Jetbrains | 1 Teamcity | 2021-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. | |||||
| CVE-2021-44219 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| Gin-Vue-Admin before 2.4.6 mishandles a SQL database. | |||||
| CVE-2021-37334 | 1 Umbraco | 1 Forms | 2021-11-28 | 9.3 HIGH | 9.8 CRITICAL |
| Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server. | |||||
| CVE-2021-36314 | 1 Dell | 1 Emc Cloud Link | 2021-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system. | |||||
| CVE-2021-26614 | 1 Iptime | 2 C200, C200 Firmware | 2021-11-26 | 10.0 HIGH | 9.8 CRITICAL |
| ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command. | |||||
| CVE-2016-4171 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-26 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. | |||||