Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7719 | 1 Locutus | 1 Locutus | 2021-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. | |||||
| CVE-2021-44557 | 1 Kb | 1 Multiner | 2021-12-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. | |||||
| CVE-2021-44556 | 1 Kb | 1 Digger | 2021-12-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. | |||||
| CVE-2020-13693 | 1 Bbpress | 1 Bbpress | 2021-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. | |||||
| CVE-2021-20146 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 10.0 HIGH | 9.8 CRITICAL |
| An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services. | |||||
| CVE-2021-43936 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2021-12-13 | 10.0 HIGH | 9.8 CRITICAL |
| The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution. | |||||
| CVE-2020-27416 | 1 Mahadiscom | 1 Mahavitaran | 2021-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account. | |||||
| CVE-2019-3396 | 1 Atlassian | 2 Confluence, Confluence Server | 2021-12-13 | 10.0 HIGH | 9.8 CRITICAL |
| The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. | |||||
| CVE-2019-3395 | 1 Atlassian | 2 Confluence, Confluence Server | 2021-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. | |||||
| CVE-2012-2926 | 1 Atlassian | 7 Bamboo, Confluence, Confluence Server and 4 more | 2021-12-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | |||||
| CVE-2021-20042 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
| CVE-2021-44352 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. | |||||
| CVE-2021-43674 | 1 Thinkup | 1 Thinkup | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-21155 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21154 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21151 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21150 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-40859 | 1 Auerswald | 2 Compact 5500r, Compact 5500r Firmware | 2021-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. | |||||
| CVE-2021-30571 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-28860 | 1 Adaltas | 1 Mixme | 2021-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS). | |||||
| CVE-2021-3815 | 1 Utils.js Project | 1 Utils.js | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |||||
| CVE-2021-44529 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | |||||
| CVE-2020-27160 | 1 Westerndigital | 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). | |||||
| CVE-2020-11998 | 2 Apache, Oracle | 7 Activemq, Communications Diameter Signaling Router, Communications Element Manager and 4 more | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13 | |||||
| CVE-2021-23908 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution. | |||||
| CVE-2021-20045 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2021-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
| CVE-2021-41030 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2021-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages. | |||||
| CVE-2021-26109 | 1 Fortinet | 1 Fortios | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution. | |||||
| CVE-2021-37088 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file. | |||||
| CVE-2021-37049 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects. | |||||
| CVE-2021-22333 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 10.0 HIGH | 9.8 CRITICAL |
| There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute, thus obtaining system permissions. | |||||
| CVE-2020-9144 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer. | |||||
| CVE-2021-37064 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created. | |||||
| CVE-2021-22444 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection. | |||||
| CVE-2021-22438 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2021-22435 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Configuration Defect Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability. | |||||
| CVE-2021-22390 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. | |||||
| CVE-2021-22389 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. | |||||
| CVE-2021-22388 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. | |||||
| CVE-2021-22387 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands. | |||||
| CVE-2021-37051 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2021-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||||
| CVE-2021-37011 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 9.4 HIGH | 9.1 CRITICAL |
| There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. | |||||
| CVE-2021-37059 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Weaknesses Introduced During Design | |||||
| CVE-2021-37065 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality or Availability impacted. | |||||
| CVE-2021-37063 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Cryptographic Issues vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to read and delete images of Harmony devices. | |||||
| CVE-2021-37062 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage. | |||||
| CVE-2021-37095 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution. | |||||
| CVE-2021-37087 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file. | |||||
| CVE-2021-37099 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. | |||||
| CVE-2021-37084 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through text messages. | |||||