Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43471 | 1 Canon | 2 Lbp223dw, Lbp223dw Firmware | 2021-12-07 | 7.8 HIGH | 7.5 HIGH |
| In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. | |||||
| CVE-2021-4075 | 1 Snipeitapp | 1 Snipe-it | 2021-12-07 | 6.5 MEDIUM | 7.2 HIGH |
| snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2021-40333 | 1 Hitachienergy | 4 Fox615, Fox615 Firmware, Xcm20 and 1 more | 2021-12-07 | 5.5 MEDIUM | 7.1 HIGH |
| Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. | |||||
| CVE-2021-36198 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2021-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | |||||
| CVE-2021-31631 | 1 B2evolution | 1 B2evolution Cms | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. | |||||
| CVE-2021-44048 | 1 Opendesign | 1 Drawings Explorer | 2021-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-44047 | 1 Opendesign | 1 Drawings Sdk | 2021-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-44046 | 1 Opendesign | 1 Prc Sdk | 2021-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-40313 | 1 Piwigo | 1 Piwigo | 2021-12-07 | 6.5 MEDIUM | 8.8 HIGH |
| Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | |||||
| CVE-2021-44045 | 1 Opendesign | 1 Drawings Sdk | 2021-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-44044 | 1 Opendesign | 1 Drawings Sdk | 2021-12-07 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-35242 | 1 Solarwinds | 1 Serv-u | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| Serv-U server responds with valid CSRFToken when the request contains only Session. | |||||
| CVE-2021-23562 | 1 Tiny | 1 Plupload | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. | |||||
| CVE-2021-24914 | 1 Tawk | 1 Tawk.to Live Chat | 2021-12-06 | 6.0 MEDIUM | 8.0 HIGH |
| The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the 'tawkto-embed-widget-page-id' and 'tawkto-embed-widget-widget-id' parameters. Any authenticated user can thus link the vulnerable website to their own Tawk.to instance. Consequently, they will be able to monitor the vulnerable website and interact with its visitors (receive contact messages, answer, ...). They will also be able to display an arbitrary Knowledge Base. The second one will remove the live chat widget from pages. | |||||
| CVE-2021-43469 | 1 Vinga | 2 Wr-n300u, Wr-n300u Firmware | 2021-12-06 | 6.5 MEDIUM | 8.8 HIGH |
| VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. | |||||
| CVE-2021-44020 | 1 Trendmicro | 1 Worry-free Business Security | 2021-12-06 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021. | |||||
| CVE-2021-44019 | 1 Trendmicro | 1 Worry-free Business Security | 2021-12-06 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021. | |||||
| CVE-2021-44021 | 1 Trendmicro | 1 Worry-free Business Security | 2021-12-06 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020. | |||||
| CVE-2019-15115 | 1 Profilepress | 1 Loginwp | 2021-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. | |||||
| CVE-2021-28236 | 1 Gnu | 1 Libredwg | 2021-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. | |||||
| CVE-2021-43795 | 1 Linecorp | 1 Armeria | 2021-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path. | |||||
| CVE-2021-43041 | 1 Kaseya | 1 Unitrends Backup | 2021-12-06 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. | |||||
| CVE-2021-35039 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2021-12-06 | 6.9 MEDIUM | 7.8 HIGH |
| kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument. | |||||
| CVE-2020-0110 | 2 Google, Intel | 279 Android, Core I3-1000g1, Core I3-1000g1 Firmware and 276 more | 2021-12-06 | 4.6 MEDIUM | 7.8 HIGH |
| In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel | |||||
| CVE-2021-43037 | 1 Kaseya | 1 Unitrends Backup | 2021-12-06 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM. | |||||
| CVE-2020-15589 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Remote Access Plus | 2021-12-06 | 6.8 MEDIUM | 8.1 HIGH |
| A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution. | |||||
| CVE-2021-3980 | 1 Elgg | 1 Elgg | 2021-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | |||||
| CVE-2021-41746 | 1 Yonyou | 1 Turbocrm | 2021-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information. | |||||
| CVE-2017-12479 | 1 Kaseya | 1 Unitrends Backup | 2021-12-06 | 9.0 HIGH | 8.8 HIGH |
| It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges. | |||||
| CVE-2021-32743 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2021-12-06 | 6.5 MEDIUM | 8.8 HIGH |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule. | |||||
| CVE-2021-20305 | 5 Debian, Fedoraproject, Netapp and 2 more | 6 Debian Linux, Fedora, Active Iq Unified Manager and 3 more | 2021-12-06 | 6.8 MEDIUM | 8.1 HIGH |
| A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-29176 | 1 Zblogcn | 1 Z-blogphp | 2021-12-06 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. | |||||
| CVE-2021-40348 | 2 Spacewalk Project, Uyuni Project | 2 Spacewalk, Uyuni | 2021-12-04 | 9.3 HIGH | 8.8 HIGH |
| Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1. | |||||
| CVE-2021-25784 | 1 Taogogo | 1 Taocms | 2021-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | |||||
| CVE-2021-25783 | 1 Taogogo | 1 Taocms | 2021-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. | |||||
| CVE-2021-23263 | 1 Craftercms | 1 Crafter Cms | 2021-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). | |||||
| CVE-2020-10627 | 1 Omnipod | 2 Insulin Management System, Insulin Management System Firmware | 2021-12-04 | 4.8 MEDIUM | 8.1 HIGH |
| Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. | |||||
| CVE-2019-25037 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. | |||||
| CVE-2019-25036 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. | |||||
| CVE-2019-25041 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. | |||||
| CVE-2019-25040 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. | |||||
| CVE-2021-31540 | 1 Wowza | 1 Streaming Engine | 2021-12-03 | 3.6 LOW | 7.1 HIGH |
| Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration. | |||||
| CVE-2020-28010 | 1 Exim | 1 Exim | 2021-12-03 | 7.2 HIGH | 7.8 HIGH |
| Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). | |||||
| CVE-2021-23343 | 1 Path-parse Project | 1 Path-parse | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity. | |||||
| CVE-2020-25242 | 1 Siemens | 6 Simatic Net Cp 343-1 Advanced, Simatic Net Cp 343-1 Advanced Firmware, Simatic Net Cp 343-1 Lean and 3 more | 2021-12-03 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover. | |||||
| CVE-2021-29491 | 1 Mixme Project | 1 Mixme | 2021-12-03 | 5.5 MEDIUM | 7.1 HIGH |
| Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS). The problem is corrected starting with version 0.5.1; no workarounds are known to exist. | |||||
| CVE-2021-20313 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-20312 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-12-03 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20309 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-12-03 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-24174 | 1 Database-backups Project | 1 Database-backups | 2021-12-03 | 5.8 MEDIUM | 8.1 HIGH |
| The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups. | |||||