Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41055 | 1 Gajim | 1 Gajim | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID. | |||||
| CVE-2021-20833 | 1 Soda-inc | 1 Snkrdunk | 2021-10-19 | 5.8 MEDIUM | 7.4 HIGH |
| The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communication via a crafted certificate. | |||||
| CVE-2019-10169 | 1 Redhat | 1 Keycloak | 2021-10-19 | 6.5 MEDIUM | 7.2 HIGH |
| A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application. | |||||
| CVE-2021-38460 | 1 Moxa | 1 Mxview | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | |||||
| CVE-2020-25644 | 2 Netapp, Redhat | 10 Oncommand Insight, Oncommand Workflow Automation, Service Level Manager and 7 more | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25643 | 5 Debian, Linux, Netapp and 2 more | 6 Debian Linux, Linux Kernel, H410c and 3 more | 2021-10-19 | 7.5 HIGH | 7.2 HIGH |
| A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-20831 | 1 Og Tags Project | 1 Og Tags | 2021-10-19 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in OG Tags versions prior to 2.0.2 allows a remote attacker to hijack the authentication of administrators and unintended operation may be performed via unspecified vectors. | |||||
| CVE-2020-1653 | 1 Juniper | 1 Junos | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1. However, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing]. The number of mbufs is platform dependent. The following command provides the number of mbufs counter that are currently in use and maximum number of mbufs that can be allocated on a platform: user@host> show system buffers 2437/3143/5580 mbufs in use (current/cache/total) Once the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart. This issue affects Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Versions of Junos OS prior to 17.4R1 are unaffected by this vulnerability. | |||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2021-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | |||||
| CVE-2020-7284 | 1 Mcafee | 1 Network Security Management | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI). | |||||
| CVE-2019-3585 | 1 Mcafee | 1 Virusscan Enterprise | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. | |||||
| CVE-2019-18945 | 1 Microfocus | 1 Solutions Business Manager | 2021-10-19 | 5.2 MEDIUM | 8.0 HIGH |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | |||||
| CVE-2020-2322 | 1 Netflix | 1 Chaos Monkey | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | |||||
| CVE-2020-7925 | 1 Mongodb | 1 Mongodb | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9. | |||||
| CVE-2020-25699 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | |||||
| CVE-2020-1677 | 1 Juniper | 1 Mist Cloud Ui | 2021-10-19 | 4.3 MEDIUM | 7.2 HIGH |
| When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | |||||
| CVE-2020-26869 | 1 Pcvuesolutions | 1 Pcvue | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit. | |||||
| CVE-2021-41546 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2021-10-19 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service. | |||||
| CVE-2021-37199 | 1 Siemens | 4 Sinumerik 808d, Sinumerik 808d Firmware, Sinumerik 828d and 1 more | 2021-10-19 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | |||||
| CVE-2021-27395 | 1 Siemens | 4 Simatic Process Historian 2013, Simatic Process Historian 2014, Simatic Process Historian 2019 and 1 more | 2021-10-19 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data. | |||||
| CVE-2021-40189 | 1 Php-fusion | 1 Phpfusion | 2021-10-19 | 6.5 MEDIUM | 7.2 HIGH |
| PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code. | |||||
| CVE-2021-38181 | 1 Sap | 2 Netweaver Abap, Netweaver As Abap | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2016-2853 | 1 Linux | 1 Linux Kernel | 2021-10-18 | 4.4 MEDIUM | 7.8 HIGH |
| The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | |||||
| CVE-2016-1576 | 2 Canonical, Linux | 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more | 2021-10-18 | 7.2 HIGH | 7.8 HIGH |
| The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | |||||
| CVE-2016-1575 | 2 Canonical, Linux | 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more | 2021-10-18 | 7.2 HIGH | 7.8 HIGH |
| The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | |||||
| CVE-2021-38862 | 1 Ibm | 1 Data Risk Manager | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980. | |||||
| CVE-2020-28145 | 1 Wuzhicms | 1 Wuzhicms | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | |||||
| CVE-2021-25634 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | |||||
| CVE-2021-20122 | 1 Telus | 2 Prv65b444a-s-ts, Prv65b444a-s-ts Firmware | 2021-10-18 | 9.0 HIGH | 7.2 HIGH |
| The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device. | |||||
| CVE-2021-40500 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server. | |||||
| CVE-2021-40188 | 1 Php-fusion | 1 Phpfusion | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server. | |||||
| CVE-2021-3330 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 5.8 MEDIUM | 8.8 HIGH |
| RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456 | |||||
| CVE-2021-25633 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | |||||
| CVE-2021-33736 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-3321 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 5.8 MEDIUM | 8.8 HIGH |
| Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | |||||
| CVE-2021-33735 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-20603 | 1 Mitsubishielectric | 20 Got2000 Gt2103-pmbd, Got2000 Gt2103-pmbd Firmware, Got2000 Gt2104-pmbd and 17 more | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | |||||
| CVE-2021-20604 | 1 Mitsubishielectric | 20 Got2000 Gt2103-pmbd, Got2000 Gt2103-pmbd Firmware, Got2000 Gt2104-pmbd and 17 more | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | |||||
| CVE-2021-20605 | 1 Mitsubishielectric | 20 Got2000 Gt2103-pmbd, Got2000 Gt2103-pmbd Firmware, Got2000 Gt2104-pmbd and 17 more | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | |||||
| CVE-2021-41129 | 1 Pterodactyl | 1 Panel | 2021-10-18 | 6.8 MEDIUM | 8.1 HIGH |
| Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `LoginCheckpointController@__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel's cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere. | |||||
| CVE-2021-33734 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-35067 | 1 Meross | 2 Msg100, Msg100 Firmware | 2021-10-18 | 5.5 MEDIUM | 8.1 HIGH |
| Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). | |||||
| CVE-2021-33733 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33732 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33731 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33730 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33729 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database. | |||||
| CVE-2021-33728 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | |||||
| CVE-2021-33726 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | |||||
| CVE-2021-0583 | 1 Google | 1 Android | 2021-10-18 | 4.4 MEDIUM | 7.3 HIGH |
| In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956 | |||||