Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38960 | 1 Ibm | 6 Power Hardware Management Console \(7063-cr2\), Power Hardware Management Console \(7063-cr2\) Firmware, Power System Ac922 \(8335-gth\) and 3 more | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. | |||||
| CVE-2022-23330 | 1 Jpress | 1 Jpress | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. | |||||
| CVE-2022-21730 | 1 Google | 1 Tensorflow | 2022-02-08 | 5.5 MEDIUM | 8.1 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-21728 | 1 Google | 1 Tensorflow | 2022-02-08 | 5.5 MEDIUM | 8.1 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-21727 | 1 Google | 1 Tensorflow | 2022-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-21726 | 1 Google | 1 Tensorflow | 2022-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2021-29395 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application. | |||||
| CVE-2018-25021 | 1 Toktok | 1 Toxcore | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS). | |||||
| CVE-2021-34853 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14013. | |||||
| CVE-2021-34852 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13929. | |||||
| CVE-2021-34851 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14016. | |||||
| CVE-2021-34850 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14529. | |||||
| CVE-2021-34849 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14531. | |||||
| CVE-2021-34848 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14532. | |||||
| CVE-2021-34847 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14270. | |||||
| CVE-2021-34846 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14120. | |||||
| CVE-2021-34845 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14034. | |||||
| CVE-2021-34844 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14033. | |||||
| CVE-2021-34843 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14025. | |||||
| CVE-2021-34842 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14024. | |||||
| CVE-2021-34841 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14022. | |||||
| CVE-2021-34840 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14021. | |||||
| CVE-2021-34839 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14020. | |||||
| CVE-2021-34838 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14019. | |||||
| CVE-2021-34837 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14018. | |||||
| CVE-2021-34836 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14017. | |||||
| CVE-2021-34835 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14015. | |||||
| CVE-2021-34834 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14014. | |||||
| CVE-2021-34833 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14023. | |||||
| CVE-2021-34832 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13928. | |||||
| CVE-2021-34831 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Document objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13741. | |||||
| CVE-2018-3850 | 1 Foxit | 1 Pdf Reader | 2022-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2017-14458 | 1 Foxit | 1 Pdf Reader | 2022-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2021-44977 | 1 Idreamsoft | 1 Icms | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | |||||
| CVE-2021-29397 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. | |||||
| CVE-2021-45997 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | |||||
| CVE-2021-45992 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter. | |||||
| CVE-2021-45993 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters. | |||||
| CVE-2021-45996 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | |||||
| CVE-2021-45995 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters. | |||||
| CVE-2022-24166 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter. | |||||
| CVE-2022-24164 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter. | |||||
| CVE-2022-24169 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter. | |||||
| CVE-2022-24121 | 2 Centos, Unifiedoffice | 2 Centos, Total Connect Now | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter. | |||||
| CVE-2021-45994 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter. | |||||
| CVE-2022-24172 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter. | |||||
| CVE-2021-45991 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter. | |||||
| CVE-2021-45989 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters. | |||||
| CVE-2021-45988 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter. | |||||
| CVE-2020-27978 | 1 Shibboleth | 1 Identity Provider | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session. | |||||