Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14398 | 2 Libvncserver Project, Opensuse | 2 Libvncserver, Leap | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. | |||||
| CVE-2020-14397 | 3 Debian, Libvncserver Project, Opensuse | 3 Debian Linux, Libvncserver, Leap | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | |||||
| CVE-2020-14396 | 1 Libvncserver Project | 1 Libvncserver | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | |||||
| CVE-2019-20840 | 3 Debian, Libvncserver Project, Opensuse | 3 Debian Linux, Libvncserver, Leap | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. | |||||
| CVE-2019-20839 | 4 Debian, Fedoraproject, Libvncserver Project and 1 more | 4 Debian Linux, Fedora, Libvncserver and 1 more | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |||||
| CVE-2018-21247 | 3 Fedoraproject, Libvncserver Project, Opensuse | 3 Fedora, Libvncserver, Leap | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | |||||
| CVE-2019-15681 | 4 Canonical, Debian, Libvncserver Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. | |||||
| CVE-2021-27984 | 1 Pluck-cms | 1 Pluck | 2021-12-14 | 7.5 HIGH | 8.1 HIGH |
| In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files. | |||||
| CVE-2021-41246 | 1 Auth0 | 1 Express Openid Connect | 2021-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue. | |||||
| CVE-2021-37941 | 1 Elastic | 1 Apm Agent | 2021-12-14 | 4.4 MEDIUM | 7.8 HIGH |
| A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher cli 3, the attach API 2, as well as users that have enabled the profiling_inferred_spans_enabled option | |||||
| CVE-2021-41450 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | |||||
| CVE-2021-40282 | 1 Zzcms | 1 Zzcms | 2021-12-13 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. | |||||
| CVE-2021-40281 | 1 Zzcms | 1 Zzcms | 2021-12-13 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | |||||
| CVE-2021-40280 | 1 Zzcms | 1 Zzcms | 2021-12-13 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | |||||
| CVE-2021-40279 | 1 Zzcms | 1 Zzcms | 2021-12-13 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. | |||||
| CVE-2020-13448 | 1 Quickbox | 1 Quickbox | 2021-12-13 | 9.0 HIGH | 8.8 HIGH |
| QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. | |||||
| CVE-2021-36719 | 1 Cybonet | 1 Mail Secure | 2021-12-13 | 9.0 HIGH | 8.8 HIGH |
| PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code. | |||||
| CVE-2020-19682 | 1 Zzzcms | 1 Zzzcms | 2021-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | |||||
| CVE-2020-13787 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | |||||
| CVE-2020-13784 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | |||||
| CVE-2020-13783 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | |||||
| CVE-2021-43811 | 1 Amazon | 1 Sockeye | 2021-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24. | |||||
| CVE-2020-3956 | 2 Linux, Vmware | 3 Linux Kernel, Photon Os, Vcloud Director | 2021-12-13 | 6.5 MEDIUM | 8.8 HIGH |
| VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access. | |||||
| CVE-2021-28680 | 1 Devise Masquerade Project | 1 Devise Masquerade | 2021-12-13 | 6.8 MEDIUM | 8.1 HIGH |
| The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicly known (for instance if it is committed to a public repository by mistake), there are still other protections in place that prevent an attacker from impersonating any user on the site. When masquerading is not used in a plain Devise application, one must know the password salt of the target user if one wants to encrypt and sign a valid session cookie. When devise_masquerade is used, however, an attacker can decide which user the "back" action will go back to without knowing that user's password salt and simply knowing the user ID, by manipulating the session cookie and pretending that a user is already masqueraded by an administrator. | |||||
| CVE-2021-20145 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network. | |||||
| CVE-2021-20144 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20143 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20142 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20141 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20140 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20139 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-41289 | 1 Asus | 2 P453uj, P453uj Bios | 2021-12-13 | 3.6 LOW | 7.1 HIGH |
| ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot. | |||||
| CVE-2021-41449 | 1 Netgear | 6 Rax35, Rax35 Firmware, Rax38 and 3 more | 2021-12-13 | 3.6 LOW | 7.1 HIGH |
| A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. | |||||
| CVE-2021-25516 | 1 Google | 1 Android | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. | |||||
| CVE-2021-20138 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the web interface. | |||||
| CVE-2021-43978 | 1 Allegro | 1 Allegro | 2021-12-13 | 5.5 MEDIUM | 8.1 HIGH |
| Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. | |||||
| CVE-2021-42835 | 2 Microsoft, Plex | 2 Windows, Media Server | 2021-12-13 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM). | |||||
| CVE-2019-20406 | 2 Atlassian, Microsoft | 3 Confluence, Confluence Server, Windows | 2021-12-13 | 4.4 MEDIUM | 7.8 HIGH |
| The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. | |||||
| CVE-2019-3394 | 1 Atlassian | 2 Confluence, Confluence Server | 2021-12-13 | 4.0 MEDIUM | 8.8 HIGH |
| There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability. | |||||
| CVE-2019-3398 | 1 Atlassian | 2 Confluence, Confluence Server | 2021-12-13 | 9.0 HIGH | 8.8 HIGH |
| Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability. | |||||
| CVE-2017-7415 | 1 Atlassian | 1 Confluence Server | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. | |||||
| CVE-2021-40860 | 1 Genesys | 1 Intelligent Workload Distribution Manager | 2021-12-13 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. | |||||
| CVE-2021-40861 | 1 Genesys | 1 Intelligent Workload Distribution Manager | 2021-12-13 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. | |||||
| CVE-2021-37861 | 1 Mattermost | 1 Mattermost | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. | |||||
| CVE-2021-43982 | 1 Deltaww | 1 Cncsoft | 2021-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-22222 | 2 Oracle, Wireshark | 4 Enterprise Manager Ops Center, Instantis Enterprisetrack, Zfs Storage Appliance Kit and 1 more | 2021-12-11 | 5.0 MEDIUM | 7.5 HIGH |
| Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-25510 | 1 Google | 1 Android | 2021-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. | |||||
| CVE-2021-42758 | 1 Fortinet | 1 Fortiwlc | 2021-12-10 | 9.0 HIGH | 8.8 HIGH |
| An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. | |||||
| CVE-2021-20040 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2021-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
| CVE-2021-20041 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2021-12-10 | 7.8 HIGH | 7.5 HIGH |
| An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||