Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24877 | 1 Zzzcms | 1 Zzzphp | 2021-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. | |||||
| CVE-2020-11972 | 2 Apache, Oracle | 4 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 1 more | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | |||||
| CVE-2021-0396 | 1 Google | 1 Android | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106 | |||||
| CVE-2021-0397 | 1 Google | 1 Android | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148 | |||||
| CVE-2021-25830 | 1 Onlyoffice | 1 Document Server | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer. | |||||
| CVE-2021-25831 | 1 Onlyoffice | 1 Document Server | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer. | |||||
| CVE-2021-25832 | 1 Onlyoffice | 1 Document Server | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer. | |||||
| CVE-2021-25833 | 1 Onlyoffice | 1 Document Server | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code execution on DocumentServer. | |||||
| CVE-2020-13160 | 3 Anydesk, Freebsd, Linux | 3 Anydesk, Freebsd, Linux Kernel | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | |||||
| CVE-2020-25787 | 1 Tt-rss | 1 Tiny Tiny Rss | 2021-03-15 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them. | |||||
| CVE-2021-3311 | 1 Octobercms | 1 October | 2021-03-15 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker. | |||||
| CVE-2021-27581 | 1 Kentico | 1 Kentico Cms | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. | |||||
| CVE-2021-26705 | 1 Squarebox | 1 Catdv | 2021-03-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the application, such as disclosing password hashes. | |||||
| CVE-2021-23352 | 1 Madge Project | 1 Madge | 2021-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function. | |||||
| CVE-2020-6522 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-03-12 | 6.8 MEDIUM | 9.6 CRITICAL |
| Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-24791 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |||||
| CVE-2021-21335 | 1 Spnego Http Authentication Module Project | 1 Spnego Http Authentication Module | 2021-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module) before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of spnego-http-auth-nginx-module. As a workaround, one may disable basic authentication. | |||||
| CVE-2021-21329 | 1 Ratcf | 1 Ratcf | 2021-03-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b. | |||||
| CVE-2020-13702 | 1 The Rolling Proximity Identifier Project | 1 The Rolling Proximity Identifier | 2021-03-12 | 6.4 MEDIUM | 10.0 CRITICAL |
| The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism. | |||||
| CVE-2020-29060 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account. | |||||
| CVE-2020-29059 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware. | |||||
| CVE-2020-29054 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials. | |||||
| CVE-2020-29062 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account. | |||||
| CVE-2020-29061 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2021-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account. | |||||
| CVE-2020-16011 | 4 Debian, Google, Microsoft and 1 more | 5 Debian Linux, Chrome, Windows and 2 more | 2021-03-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-26293 | 1 Afterlogic | 2 Aurora, Webmail Pro | 2021-03-11 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x. | |||||
| CVE-2021-27931 | 1 Lumis | 1 Lumis Experience Platform | 2021-03-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. | |||||
| CVE-2020-29047 | 1 Thimpress | 1 Wp Hotel Booking | 2021-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php. | |||||
| CVE-2021-28032 | 1 Nano Arena Project | 1 Nano Arena | 2021-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free. | |||||
| CVE-2021-21352 | 1 Anuko | 1 Time Tracker | 2021-03-09 | 5.0 MEDIUM | 9.1 CRITICAL |
| Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator. This vulnerability is pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing). | |||||
| CVE-2021-21353 | 1 Pugjs | 2 Pug, Pug-code-gen | 2021-03-09 | 6.8 MEDIUM | 9.0 CRITICAL |
| Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade. | |||||
| CVE-2020-8298 | 1 Fs-path Project | 1 Fs-path | 2021-03-09 | 10.0 HIGH | 9.8 CRITICAL |
| fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods. | |||||
| CVE-2021-21321 | 1 Fastify-reply-from Project | 1 Fastify-reply-from | 2021-03-09 | 7.5 HIGH | 10.0 CRITICAL |
| fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2. | |||||
| CVE-2020-11272 | 1 Qualcomm | 696 Apq8009, Apq8009 Firmware, Apq8009w and 693 more | 2021-03-08 | 10.0 HIGH | 9.8 CRITICAL |
| Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-11275 | 1 Qualcomm | 942 Apq8009, Apq8009 Firmware, Apq8017 and 939 more | 2021-03-08 | 9.4 HIGH | 9.1 CRITICAL |
| Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-21132 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2021-21124 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21121 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-27877 | 1 Veritas | 1 Backup Exec | 2021-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands. | |||||
| CVE-2021-21322 | 1 Fastify-http-proxy Project | 1 Fastify-http-proxy | 2021-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1. | |||||
| CVE-2021-23127 | 1 Joomla | 1 Joomla\! | 2021-03-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes. | |||||
| CVE-2021-23128 | 1 Joomla | 1 Joomla\! | 2021-03-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat. | |||||
| CVE-2021-27314 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. | |||||
| CVE-2021-27730 | 1 Accellion | 1 Fta | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. | |||||
| CVE-2021-28034 | 1 Stack Dst Project | 1 Stack Dst | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic. | |||||
| CVE-2021-27132 | 1 Sercomm | 2 Agcombo Vd625, Agcombo Vd625 Firmware | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. | |||||
| CVE-2021-28031 | 1 Scratchpad Project | 1 Scratchpad | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function. | |||||
| CVE-2021-28037 | 1 Internment Project | 1 Internment | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>. | |||||
| CVE-2021-28027 | 1 Bam Project | 1 Bam | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. | |||||
| CVE-2021-28028 | 1 Toodee Project | 1 Toodee | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic. | |||||