Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28421 | 1 Fluidsynth | 1 Fluidsynth | 2021-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library. | |||||
| CVE-2021-21998 | 1 Vmware | 1 Carbon Black App Control | 2021-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate. | |||||
| CVE-2021-27649 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2021-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-21382 | 1 Wire | 1 Restund | 2021-06-29 | 5.5 MEDIUM | 9.6 CRITICAL |
| Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, 'any' addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don't want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal. | |||||
| CVE-2017-10684 | 1 Gnu | 1 Ncurses | 2021-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||||
| CVE-2021-31873 | 1 Klibc Project | 1 Klibc | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow. | |||||
| CVE-2021-31872 | 1 Klibc Project | 1 Klibc | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact. | |||||
| CVE-2021-31870 | 1 Klibc Project | 1 Klibc | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow. | |||||
| CVE-2021-35066 | 1 Connectwise | 1 Automate | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. | |||||
| CVE-2020-18662 | 1 Gnuboard | 1 Gnuboard5 | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. | |||||
| CVE-2020-25753 | 1 Enphase | 2 Envoy, Envoy Firmware | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. | |||||
| CVE-2019-8280 | 1 Uvnc | 1 Ultravnc | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. | |||||
| CVE-2019-8275 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. | |||||
| CVE-2019-8260 | 1 Uvnc | 1 Ultravnc | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. | |||||
| CVE-2019-8265 | 1 Uvnc | 1 Ultravnc | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208. | |||||
| CVE-2019-8264 | 1 Uvnc | 1 Ultravnc | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. | |||||
| CVE-2019-8262 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204. | |||||
| CVE-2019-8261 | 1 Uvnc | 1 Ultravnc | 2021-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. | |||||
| CVE-2019-9670 | 1 Synacor | 1 Zimbra Collaboration Suite | 2021-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | |||||
| CVE-2010-1433 | 1 Joomla | 1 Joomla\! | 2021-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | |||||
| CVE-2020-20392 | 1 Txjia | 1 Imcat | 2021-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. | |||||
| CVE-2018-18472 | 1 Westerndigital | 2 My Book Live, My Book Live Firmware | 2021-06-25 | 10.0 HIGH | 9.8 CRITICAL |
| Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands, | |||||
| CVE-2018-25016 | 1 Greenbone | 2 Greenbone Os, Greenbone Security Assistant | 2021-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. | |||||
| CVE-2021-3604 | 1 Primion-digitek | 1 Secure 8 | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database. | |||||
| CVE-2021-24361 | 1 Ayecode | 1 Location Manager | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. | |||||
| CVE-2020-19510 | 2 Microsoft, Textpattern | 2 Windows, Textpattern | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | |||||
| CVE-2021-26461 | 1 Apache | 1 Nuttx | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | |||||
| CVE-2021-21410 | 1 Contiki-ng | 1 Contiki-ng | 2021-06-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not perform proper boundary checks when reading from the packet buffer. Hence, it is possible to construct a compressed 6LoWPAN packet that will read more bytes than what is available from the packet buffer. As of time of publication, there is not a release with a patch available. Users can apply the patch for this vulnerability out-of-band as a workaround. | |||||
| CVE-2021-21282 | 1 Contiki-ng | 1 Contiki-ng | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround. | |||||
| CVE-2021-21281 | 1 Contiki-ng | 1 Contiki-ng | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offset that is unvalidated. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround. | |||||
| CVE-2021-21777 | 1 Opener Project | 1 Opener | 2021-06-24 | 9.4 HIGH | 10.0 CRITICAL |
| An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read. | |||||
| CVE-2021-27410 | 1 Hillrom | 9 Connex Central Station, Connex Device Integration Suite Network Connectivity Engine, Connex Integrated Wall System and 6 more | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00). | |||||
| CVE-2021-28293 | 1 Seceon | 1 Aisiem | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user. | |||||
| CVE-2021-27388 | 1 Siemens | 6 Sinamics Sl150, Sinamics Sl150 Firmware, Sinamics Sm150 and 3 more | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). | |||||
| CVE-2021-32685 | 1 Togatech | 1 Tenvoy | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`. | |||||
| CVE-2021-24037 | 1 Facebook | 1 Hermes | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2020-20466 | 1 White Shark Systems Project | 1 White Shark Systems | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. | |||||
| CVE-2021-27610 | 1 Sap | 2 Netweaver Abap, Netweaver As Abap | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | |||||
| CVE-2020-28872 | 1 Monitorr Project | 1 Monitorr | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. | |||||
| CVE-2020-28871 | 1 Monitorr Project | 1 Monitorr | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | |||||
| CVE-2021-0516 | 1 Google | 1 Android | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448 | |||||
| CVE-2021-34170 | 1 Fromsoftware | 1 Dark Souls Iii | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code. | |||||
| CVE-2021-32930 | 1 Advantech | 1 Iview | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). | |||||
| CVE-2021-34813 | 1 Matrix | 1 Olm | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations. | |||||
| CVE-2018-10603 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process. | |||||
| CVE-2013-20002 | 1 Themify | 1 Framework | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | |||||
| CVE-2021-22763 | 1 Schneider-electric | 10 Powerlogic Pm5560, Powerlogic Pm5560 Firmware, Powerlogic Pm5561 and 7 more | 2021-06-23 | 10.0 HIGH | 9.8 CRITICAL |
| A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. | |||||
| CVE-2017-5941 | 1 Node-serialize Project | 1 Node-serialize | 2021-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). | |||||
| CVE-2018-11560 | 1 Insteon | 2 2864-222, 2864-222 Firmware | 2021-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. | |||||
| CVE-2018-12640 | 1 Insteon | 2 2864-222, 2864-222 Firmware | 2021-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100. | |||||