Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-2135 | 1 Oracle | 1 Weblogic Server | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-31597 | 1 Xmlhttprequest-ssl Project | 1 Xmlhttprequest-ssl | 2021-12-08 | 7.5 HIGH | 9.4 CRITICAL |
| The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected. | |||||
| CVE-2021-31761 | 1 Webmin | 1 Webmin | 2021-12-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. | |||||
| CVE-2021-42128 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | |||||
| CVE-2021-42127 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | |||||
| CVE-2021-43789 | 1 Prestashop | 1 Prestashop | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2. | |||||
| CVE-2021-24041 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image. | |||||
| CVE-2021-41716 | 1 Mahadiscom | 1 Mahavitaran | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function | |||||
| CVE-2021-44684 | 1 Github-todos Project | 1 Github-todos | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function. | |||||
| CVE-2021-44685 | 1 Git-it Project | 1 Git-it | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution). | |||||
| CVE-2019-18413 | 1 Typestack Class-validator Project | 1 Typestack Class-validator | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | |||||
| CVE-2021-39890 | 1 Gitlab | 1 Gitlab | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. | |||||
| CVE-2021-24943 | 1 Roundupwp | 1 Registrations For The Events Calendar | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection. | |||||
| CVE-2021-37298 | 1 Laravel | 1 Laravel | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| Laravel v5.1 was discovered to contain a deserialization vulnerability via the component \Mockery\Generator\DefinedTargetClass. | |||||
| CVE-2021-40091 | 1 Squaredup | 1 Squaredup | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. | |||||
| CVE-2021-31632 | 1 B2evolution | 1 B2evolution Cms | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input. | |||||
| CVE-2021-24866 | 1 Wpdataaccess | 1 Wp Data Access | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion | |||||
| CVE-2021-36567 | 1 Thinkphp | 1 Thinkphp | 2021-12-07 | 10.0 HIGH | 9.8 CRITICAL |
| ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. | |||||
| CVE-2021-36564 | 1 Thinkphp | 1 Thinkphp | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. | |||||
| CVE-2021-43931 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. | |||||
| CVE-2021-35344 | 1 Tsmuxer Project | 1 Tsmuxer | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. | |||||
| CVE-2021-35346 | 1 Tsmuxer Project | 1 Tsmuxer | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. | |||||
| CVE-2021-44348 | 1 Yejiao | 1 Tuzicms | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. | |||||
| CVE-2021-35414 | 1 Chamilo | 1 Chamilo Lms | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. | |||||
| CVE-2021-44349 | 1 Yejiao | 1 Tuzicms | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. | |||||
| CVE-2021-28237 | 1 Gnu | 1 Libredwg | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | |||||
| CVE-2021-26777 | 1 Circutor | 2 Compact Dc-s Basic, Compact Dc-s Basic Firmware | 2021-12-06 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code. | |||||
| CVE-2021-42099 | 1 Zohocorp | 1 Manageengine M365 Manager Plus | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | |||||
| CVE-2019-17041 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. | |||||
| CVE-2019-17042 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. | |||||
| CVE-2020-10549 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2020-10548 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2021-43044 | 1 Kaseya | 1 Unitrends Backup | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. | |||||
| CVE-2021-43042 | 1 Kaseya | 1 Unitrends Backup | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker. | |||||
| CVE-2021-43035 | 1 Kaseya | 1 Unitrends Backup | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account. | |||||
| CVE-2020-10547 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2021-43676 | 1 Swoole | 1 Swoole Php Framework | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. | |||||
| CVE-2021-44278 | 1 Librenms | 1 Librenms | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. | |||||
| CVE-2021-44347 | 1 Yejiao | 1 Tuzicms | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. | |||||
| CVE-2020-27744 | 1 Westerndigital | 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Firmware and 3 more | 2021-12-06 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges. | |||||
| CVE-2018-6328 | 1 Kaseya | 1 Unitrends Backup | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. | |||||
| CVE-2021-43272 | 1 Opendesign | 1 Oda Viewer | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2020-10546 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2021-42545 | 1 Business-dnasolutions | 1 Topease | 2021-12-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | |||||
| CVE-2020-29177 | 1 Zblogcn | 1 Z-blogphp | 2021-12-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php. | |||||
| CVE-2021-23264 | 1 Craftercms | 1 Crafter Cms | 2021-12-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. | |||||
| CVE-2015-20105 | 1 Cbads | 1 Clickbank Affiliate Ads | 2021-12-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2021-42237 | 1 Sitecore | 1 Experience Platform | 2021-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. | |||||
| CVE-2021-29212 | 1 Hp | 1 Ilo Amplifier Pack | 2021-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance. | |||||
| CVE-2021-2248 | 1 Oracle | 1 Secure Global Desktop | 2021-12-03 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. | |||||