Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10125 | 2 Linux, Netapp | 7 Linux Kernel, Active Iq Unified Manager, Cn1610 and 4 more | 2021-06-02 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. | |||||
| CVE-2020-36244 | 1 Genivi | 1 Diagnostic Log And Trace | 2021-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). | |||||
| CVE-2021-27850 | 1 Apache | 1 Tapestry | 2021-06-02 | 10.0 HIGH | 9.8 CRITICAL |
| A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later. | |||||
| CVE-2021-21201 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-06-02 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-1870 | 3 Apple, Fedoraproject, Webkitgtk | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2020-35314 | 1 Wondercms | 1 Wondercms | 2021-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | |||||
| CVE-2021-21223 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-06-01 | 6.8 MEDIUM | 9.6 CRITICAL |
| Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-32055 | 2 Mutt, Neomutt | 2 Mutt, Neomutt | 2021-06-01 | 5.8 MEDIUM | 9.1 CRITICAL |
| Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. | |||||
| CVE-2021-33575 | 1 Pixar | 1 Ruby-jss | 2021-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing. | |||||
| CVE-2021-21658 | 1 Jenkins | 1 Nuget | 2021-06-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2021-20231 | 4 Fedoraproject, Gnu, Netapp and 1 more | 5 Fedora, Gnutls, Active Iq Unified Manager and 2 more | 2021-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. | |||||
| CVE-2020-12460 | 1 Trusteddomain | 1 Opendmarc | 2021-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. | |||||
| CVE-2019-20790 | 2 Pypolicyd-spf Project, Trusteddomain | 2 Pypolicyd-spf, Opendmarc | 2021-05-31 | 6.8 MEDIUM | 9.8 CRITICAL |
| OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field. | |||||
| CVE-2020-28904 | 1 Nagios | 1 Fusion | 2021-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code. | |||||
| CVE-2020-28902 | 1 Nagios | 1 Fusion | 2021-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | |||||
| CVE-2020-28901 | 1 Nagios | 1 Fusion | 2021-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | |||||
| CVE-2020-28900 | 1 Nagios | 2 Fusion, Nagios Xi | 2021-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | |||||
| CVE-2020-10064 | 1 Zephyrproject | 1 Zephyr | 2021-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 | |||||
| CVE-2021-27459 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2021-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code. | |||||
| CVE-2021-30108 | 1 Feehi | 1 Feehi Cms | 2021-05-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it. | |||||
| CVE-2021-32075 | 1 Re-logic | 1 Terraria | 2021-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. | |||||
| CVE-2021-29300 | 1 Ronomon | 1 Opened | 2021-05-27 | 10.0 HIGH | 9.8 CRITICAL |
| The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input. | |||||
| CVE-2019-12348 | 1 Zzcms | 1 Zzcms | 2021-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. | |||||
| CVE-2018-6641 | 1 Wiris | 1 Mathtype | 2021-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d. | |||||
| CVE-2018-6640 | 1 Wiris | 1 Mathtype | 2021-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d. | |||||
| CVE-2018-6639 | 1 Wiris | 1 Mathtype | 2021-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d. | |||||
| CVE-2018-6638 | 1 Wiris | 1 Mathtype | 2021-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d. | |||||
| CVE-2021-33497 | 1 Dutchcoders | 1 Transfer.sh | 2021-05-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | |||||
| CVE-2020-25409 | 1 College Management System Project | 1 College Management System | 2021-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. | |||||
| CVE-2020-13601 | 1 Zephyrproject | 1 Zephyr | 2021-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44 | |||||
| CVE-2020-28018 | 1 Exim | 1 Exim | 2021-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. | |||||
| CVE-2021-31800 | 2 Fedoraproject, Secureauth | 2 Fedora, Impacket | 2021-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. | |||||
| CVE-2021-2177 | 1 Oracle | 1 Secure Global Desktop | 2021-05-26 | 7.5 HIGH | 10.0 CRITICAL |
| Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. | |||||
| CVE-2021-30188 | 1 Codesys | 1 V2 Runtime System Sp | 2021-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. | |||||
| CVE-2021-30189 | 1 Codesys | 1 V2 Web Server | 2021-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. | |||||
| CVE-2021-30193 | 1 Codesys | 1 V2 Web Server | 2021-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. | |||||
| CVE-2021-32089 | 1 Zebra | 2 Fx9500, Fx9500 Firmware | 2021-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-29508 | 1 Asynkron | 1 Wire | 2021-05-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any type on the deserializing end. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300?view=vs-2019. This also applies to the fork of Wire. | |||||
| CVE-2021-30194 | 1 Codesys | 1 V2 Web Server | 2021-05-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. | |||||
| CVE-2021-20720 | 1 Kujirahand | 1 Konawiki | 2021-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 allows remote attackers to execute arbitrary SQL commands and to obtain/alter the information stored in the database via unspecified vectors. | |||||
| CVE-2021-20721 | 1 Kujirahand | 1 Konawiki | 2021-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via unspecified vectors. If the file contains PHP scripts, arbitrary code may be executed. | |||||
| CVE-2020-36364 | 1 Smartstore | 1 Smartstorenet | 2021-05-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field. | |||||
| CVE-2021-23910 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2021-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp. | |||||
| CVE-2021-23909 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2021-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution. | |||||
| CVE-2017-17674 | 1 Bmc | 1 Remedy Mid-tier | 2021-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). | |||||
| CVE-2021-20426 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313. | |||||
| CVE-2021-31324 | 1 Centos-webpanel | 1 Centos Web Panel | 2021-05-24 | 10.0 HIGH | 9.8 CRITICAL |
| The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. | |||||
| CVE-2021-31316 | 1 Centos-webpanel | 1 Centos Web Panel | 2021-05-24 | 10.0 HIGH | 9.8 CRITICAL |
| The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. | |||||
| CVE-2021-22668 | 1 Deltaww | 1 Cncsoft Screeneditor | 2021-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-24314 | 1 Boostifythemes | 1 Goto | 2021-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue | |||||