Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15256 | 1 Object-path Project | 1 Object-path | 2021-11-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0. | |||||
| CVE-2017-18017 | 1 Linux | 1 Linux Kernel | 2021-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | |||||
| CVE-2017-14491 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | |||||
| CVE-2015-7705 | 4 Citrix, Netapp, Ntp and 1 more | 10 Xenserver, Clustered Data Ontap, Data Ontap and 7 more | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |||||
| CVE-2016-2182 | 3 Hp, Openssl, Oracle | 6 Icewall Federation Agent, Icewall Mcrp, Icewall Sso and 3 more | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-2177 | 3 Hp, Openssl, Oracle | 6 Icewall Mcrp, Icewall Sso, Icewall Sso Agent Option and 3 more | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | |||||
| CVE-2014-6271 | 1 Gnu | 1 Bash | 2021-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | |||||
| CVE-2021-37580 | 1 Apache | 1 Shenyu | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0 | |||||
| CVE-2021-3958 | 1 Ipack | 1 Scada Automation | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Due to improper sanitization iPack SCADA Automation software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. | |||||
| CVE-2021-43361 | 1 Meddata | 1 Hbys | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. | |||||
| CVE-2021-43362 | 1 Meddata | 1 Hbys | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. | |||||
| CVE-2021-41950 | 1 Montala | 1 Resourcespace | 2021-11-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users. | |||||
| CVE-2021-41765 | 1 Montala | 1 Resourcespace | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server. | |||||
| CVE-2021-41259 | 1 Nim-lang | 1 Nim | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri("http://localhost\0hello").hostname is set to "localhost\0hello". Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent("http://localhost\0hello") makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack. | |||||
| CVE-2021-41653 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2021-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||||
| CVE-2020-12506 | 1 Wago | 14 750-362, 750-362 Firmware, 750-363 and 11 more | 2021-11-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions. | |||||
| CVE-2020-12505 | 1 Wago | 14 750-831, 750-831 Firmware, 750-852 and 11 more | 2021-11-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO 750-889 in versions FW07 and below. | |||||
| CVE-2021-41170 | 1 Neoan | 1 Neoan3-template | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. Version 1.1.1 has addressed this vulnerability. Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade. | |||||
| CVE-2021-42670 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | |||||
| CVE-2021-43140 | 1 Simple Subscription Website Project | 1 Simple Subscription Website | 2021-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login. | |||||
| CVE-2021-43130 | 1 Customer Relationship Management System Project | 1 Customer Relationship Management System | 2021-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php. | |||||
| CVE-2021-34422 | 1 Keybase | 1 Keybase | 2021-11-16 | 6.0 MEDIUM | 9.0 CRITICAL |
| The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution. | |||||
| CVE-2021-30321 | 1 Qualcomm | 46 Aqt1000, Aqt1000 Firmware, Qca1062 and 43 more | 2021-11-16 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity | |||||
| CVE-2021-1981 | 1 Qualcomm | 180 Apq8017, Apq8017 Firmware, Ar8035 and 177 more | 2021-11-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-1975 | 1 Qualcomm | 360 Apq8009, Apq8009 Firmware, Apq8009w and 357 more | 2021-11-16 | 10.0 HIGH | 9.8 CRITICAL |
| Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-42774 | 1 Broadcom | 1 Emulex Hba Manager | 2021-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated. | |||||
| CVE-2021-42775 | 1 Broadcom | 1 Emulex Hba Manager | 2021-11-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In non-secure mode, the user is unauthenticated. | |||||
| CVE-2021-41833 | 1 Zohocorp | 1 Manageengine Patch Connect Plus | 2021-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. | |||||
| CVE-2021-3064 | 1 Paloaltonetworks | 1 Pan-os | 2021-11-15 | 10.0 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue. | |||||
| CVE-2019-16240 | 1 Hp | 88 Officejet Pro 8210 D9l63a, Officejet Pro 8210 D9l63a Firmware, Officejet Pro 8210 D9l64a and 85 more | 2021-11-15 | 5.8 MEDIUM | 9.1 CRITICAL |
| A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device. | |||||
| CVE-2021-41264 | 1 Openzeppelin | 1 Contracts | 2021-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301). | |||||
| CVE-2021-43523 | 2 Uclibc, Uclibc-ng Project | 2 Uclibc, Uclibc-ng | 2021-11-15 | 6.8 MEDIUM | 9.6 CRITICAL |
| In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur. | |||||
| CVE-2021-40519 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2021-11-12 | 6.4 MEDIUM | 10.0 CRITICAL |
| Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. | |||||
| CVE-2020-23877 | 1 Science-miner | 1 Pdf2xml | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream. | |||||
| CVE-2020-23878 | 1 Flowpaper | 1 Pdf2json | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch. | |||||
| CVE-2021-40521 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2021-11-12 | 10.0 HIGH | 9.8 CRITICAL |
| Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. | |||||
| CVE-2021-33816 | 1 Dolibarr | 1 Dolibarr | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. | |||||
| CVE-2021-43569 | 1 Starkbank | 1 Ecdsa-dotnet | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-43568 | 1 Starkbank | 1 Elixir Ecdsa | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-43571 | 1 Starkbank | 1 Ecdsa-node | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-43570 | 1 Starkbank | 1 Ecdsa-java | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-40119 | 1 Cisco | 1 Policy Suite | 2021-11-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. | |||||
| CVE-2021-42772 | 1 Broadcom | 2 Emulex Hba Manager, One Command Manager | 2021-11-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated | |||||
| CVE-2021-43185 | 1 Jetbrains | 1 Youtrack | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. | |||||
| CVE-2021-24693 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2021-11-10 | 6.0 MEDIUM | 9.0 CRITICAL |
| The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin | |||||
| CVE-2021-24731 | 1 Genetechsolutions | 1 Pie Register | 2021-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection. | |||||
| CVE-2021-24827 | 1 Asgaros | 1 Asgaros Forum | 2021-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue | |||||
| CVE-2021-43193 | 1 Jetbrains | 1 Teamcity | 2021-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. | |||||
| CVE-2021-42371 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2021-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. | |||||
| CVE-2021-43200 | 1 Jetbrains | 1 Teamcity | 2021-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. | |||||