Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41116 | 1 Getcomposer | 1 Composer | 2021-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue. | |||||
| CVE-2020-21012 | 1 Hotel And Lodge Booking Management System Project | 1 Hotel And Lodge Booking Management System | 2021-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | |||||
| CVE-2021-35296 | 1 Ptcl | 2 Hg150-ub, Hg150-ub Firmware | 2021-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. | |||||
| CVE-2021-41110 | 1 Commonwl | 1 Cwlviewer | 2021-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de (dated 2021-09-30) contains a patch. There are no available workarounds aside from installing the patch. The SnakeYaml constructor, by default, allows any data to be parsed. To fix the issue the object needs to be created with a `SafeConstructor` object, as seen in the patch. | |||||
| CVE-2021-41647 | 1 Online Food Ordering Web App Project | 1 Online Food Ordering Web App | 2021-10-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user. | |||||
| CVE-2021-22272 | 2 Abb, Busch-jaeger | 2 Mybuildings, Mybusch-jaeger | 2021-10-08 | 9.0 HIGH | 9.4 CRITICAL |
| The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch | |||||
| CVE-2021-41729 | 1 Baicloud-cms Project | 1 Baicloud-cms | 2021-10-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php. | |||||
| CVE-2021-36298 | 1 Dell | 2 Isilon Insightiq, Isilon Insightiq Firmware | 2021-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2021-41616 | 1 Apache | 1 Ddlutils | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used ObjectInputStream.readObject without validating that the input data was safe to deserialize. Please note that DdlUtils is no longer being actively developed. To address the insecurity of the BinaryObjectHelper class, the following changes to DdlUtils have been made: (1) BinaryObjectsHelper.java has been deleted from the DdlUtils source repository and the DdlUtils feature of propagating data of SQL binary types is therefore no longer present in DdlUtils; (2) The ddlutils-1.0 release has been removed from the Apache Release Distribution Infrastructure; (3) The DdlUtils web site has been updated to indicate that DdlUtils is now available only as source code, not as a packaged release. | |||||
| CVE-2020-24683 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application. | |||||
| CVE-2020-24679 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2021-10-07 | 10.0 HIGH | 9.8 CRITICAL |
| A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. | |||||
| CVE-2020-24675 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. | |||||
| CVE-2020-24673 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability. | |||||
| CVE-2021-40960 | 1 Galera | 1 Galera Webtemplate | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. | |||||
| CVE-2021-41290 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 10.0 HIGH | 9.8 CRITICAL |
| ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device. | |||||
| CVE-2021-39392 | 1 Mylittletools | 1 Mylittlebackup | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. | |||||
| CVE-2020-18684 | 1 Atlassian | 1 Floodlight | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | |||||
| CVE-2020-8186 | 1 Devcert Project | 1 Devcert | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function. | |||||
| CVE-2021-41294 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario. | |||||
| CVE-2021-41296 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | |||||
| CVE-2021-33924 | 1 Confluent | 1 Ansible | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. | |||||
| CVE-2021-41299 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 10.0 HIGH | 9.8 CRITICAL |
| ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. | |||||
| CVE-2021-34416 | 1 Zoom | 4 Meeting Connector, Recording Connector, Virtual Room Connector and 1 more | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. | |||||
| CVE-2021-41300 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. | |||||
| CVE-2021-41301 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 10.0 HIGH | 9.8 CRITICAL |
| ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access. | |||||
| CVE-2021-41288 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | |||||
| CVE-2021-33907 | 1 Zoom | 1 Meetings | 2021-10-06 | 10.0 HIGH | 9.8 CRITICAL |
| The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context. | |||||
| CVE-2020-20120 | 1 Thinkphp | 1 Thinkphp | 2021-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. | |||||
| CVE-2020-20122 | 1 Wuzhicms | 1 Wuzhi Cms | 2021-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | |||||
| CVE-2021-37270 | 1 S-cms | 1 Cms Enterprise Website Construction System | 2021-10-06 | 10.0 HIGH | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority. | |||||
| CVE-2021-22941 | 1 Citrix | 1 Sharefile Storagezones Controller | 2021-10-05 | 10.0 HIGH | 9.8 CRITICAL |
| Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. | |||||
| CVE-2021-24666 | 1 Podlove | 1 Podlove Podcast Publisher | 2021-10-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. | |||||
| CVE-2019-6288 | 1 Edge-core | 2 Ecs2020, Ecs2020 Firmware | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. | |||||
| CVE-2021-34351 | 1 Qnap | 1 Qvr | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | |||||
| CVE-2021-34348 | 1 Qnap | 1 Qvr | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | |||||
| CVE-2021-38613 | 1 Nascent | 1 Remkon Device Manager | 2021-10-05 | 10.0 HIGH | 9.8 CRITICAL |
| The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. | |||||
| CVE-2021-0869 | 1 Google | 1 Android | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A | |||||
| CVE-2020-9682 | 2 Adobe, Microsoft | 2 Creative Cloud Desktop Application, Windows | 2021-10-05 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. | |||||
| CVE-2020-9671 | 2 Adobe, Microsoft | 2 Creative Cloud Desktop Application, Windows | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2021-38412 | 1 Digi | 2 Portserver Ts 16, Portserver Ts 16 Firmware | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in. | |||||
| CVE-2021-34352 | 1 Qnap | 1 Qvr | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later | |||||
| CVE-2021-20578 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. | |||||
| CVE-2020-20796 | 1 Flamecms Project | 1 Flamecms | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter. | |||||
| CVE-2020-20797 | 1 Flamecms Project | 1 Flamecms | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php. | |||||
| CVE-2021-36366 | 1 Nagios | 1 Nagios Xi | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. | |||||
| CVE-2021-36364 | 1 Nagios | 1 Nagios Xi | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. | |||||
| CVE-2020-18683 | 1 Atlassian | 1 Floodlight | 2021-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | |||||
| CVE-2020-18685 | 1 Atlassian | 1 Floodlight | 2021-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | |||||
| CVE-2021-41558 | 1 Set User Project | 1 Set User | 2021-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config. | |||||
| CVE-2021-23444 | 1 Client | 1 Jointjs | 2021-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function. | |||||