Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3346 | 1 Nic | 1 Foris | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. | |||||
| CVE-2020-4682 | 1 Ibm | 3 Mq, Mq Appliance, Websphere Mq | 2021-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. | |||||
| CVE-2020-28188 | 1 Terra-master | 1 Tos | 2021-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. | |||||
| CVE-2021-25907 | 1 Containers Project | 1 Containers | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed. | |||||
| CVE-2020-35263 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution. | |||||
| CVE-2020-20296 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | |||||
| CVE-2020-20295 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | |||||
| CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | |||||
| CVE-2020-21180 | 1 Koa2-blog Project | 1 Koa2-blog | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. | |||||
| CVE-2020-21179 | 1 Koa2-blog Project | 1 Koa2-blog | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page. | |||||
| CVE-2020-23359 | 1 Webidsupport | 1 Webid | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. | |||||
| CVE-2020-23360 | 1 Oscommerce | 1 Oscommerce | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | |||||
| CVE-2020-25782 | 1 Accfly | 2 720p, 720p Firmware | 2021-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling. | |||||
| CVE-2020-25783 | 1 Accfly | 2 720p, 720p Firmware | 2021-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling. | |||||
| CVE-2020-25784 | 1 Accfly | 2 720p, 720p Firmware | 2021-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling. | |||||
| CVE-2020-25785 | 1 Accfly | 2 720p, 720p Firmware | 2021-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure. | |||||
| CVE-2020-35270 | 1 Student Result Management System Project | 1 Student Result Management System | 2021-02-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. | |||||
| CVE-2020-11213 | 1 Qualcomm | 555 Apq8009, Apq8009w, Apq8016 and 552 more | 2021-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2015-6435 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2021-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. | |||||
| CVE-2017-5611 | 3 Debian, Oracle, Wordpress | 3 Debian Linux, Data Integrator, Wordpress | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | |||||
| CVE-2018-7318 | 2 Belitsoft, Oracle | 2 Checklist, Data Integrator | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. | |||||
| CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | |||||
| CVE-2020-7961 | 1 Liferay | 1 Liferay Portal | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). | |||||
| CVE-2020-24881 | 1 Osticket | 1 Osticket | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. | |||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | |||||
| CVE-2020-3686 | 1 Qualcomm | 492 Apq8009, Apq8009w, Apq8017 and 489 more | 2021-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-20269 | 1 Caret | 1 Caret | 2021-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22. | |||||
| CVE-2020-23262 | 1 Mingsoft | 1 Mcms | 2021-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do. | |||||
| CVE-2020-3691 | 1 Qualcomm | 506 Apq8009, Apq8009w, Apq8017 and 503 more | 2021-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11225 | 1 Qualcomm | 405 Apq8064au, Apq8096au, Aqt1000 and 402 more | 2021-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11212 | 1 Qualcomm | 541 Apq8009, Apq8016, Apq8017 and 538 more | 2021-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11197 | 1 Qualcomm | 370 Apq8009, Apq8009w, Apq8017 and 367 more | 2021-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Possible integer overflow can occur when stream info update is called when total number of streams detected are zero while parsing TS clip with invalid data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-11215 | 1 Qualcomm | 384 Aqt1000, Ar8031, Ar8035 and 381 more | 2021-01-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out of bounds read can happen when processing VSA attribute due to improper minimum required length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11137 | 1 Qualcomm | 491 Apq8009, Apq8009w, Apq8017 and 488 more | 2021-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11136 | 1 Qualcomm | 506 Apq8009, Apq8009w, Apq8017 and 503 more | 2021-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-15963 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-29 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-15961 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-29 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2021-1140 | 1 Cisco | 1 Smart Software Manager Satellite | 2021-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1142 | 1 Cisco | 1 Smart Software Manager Satellite | 2021-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1138 | 1 Cisco | 1 Smart Software Manager Satellite | 2021-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-11140 | 1 Qualcomm | 449 Apq8017, Apq8037, Apq8052 and 446 more | 2021-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Out of bound memory access during music playback with ALAC modified content due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11143 | 1 Qualcomm | 494 Apq8009, Apq8017, Apq8030 and 491 more | 2021-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-35929 | 1 Kaspersky | 1 Tinycheck | 2021-01-29 | 5.0 MEDIUM | 9.8 CRITICAL |
| In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data. | |||||
| CVE-2021-21115 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-01-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21111 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-01-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2021-21110 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-01-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-11138 | 1 Qualcomm | 491 Apq8009, Apq8009w, Apq8017 and 488 more | 2021-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-21107 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-01-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21106 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-01-28 | 9.3 HIGH | 9.6 CRITICAL |
| Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21109 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-01-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||