Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25767 | 1 Hcc-embedded | 1 Nichestack Ipv4 | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence. | |||||
| CVE-2021-39245 | 1 Altus | 30 Hadron Xtorm Hx3040, Hadron Xtorm Hx3040 Firmware, Nexto Nx3003 and 27 more | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | |||||
| CVE-2021-24550 | 1 Broken Link Manager Project | 1 Broken Link Manager | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue | |||||
| CVE-2021-39244 | 1 Altus | 30 Hadron Xtorm Hx3040, Hadron Xtorm Hx3040 Firmware, Nexto Nx3003 and 27 more | 2021-08-26 | 9.0 HIGH | 8.8 HIGH |
| Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | |||||
| CVE-2021-24552 | 1 Simple Events Calendar Project | 1 Simple Events Calendar | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue | |||||
| CVE-2021-24553 | 1 Timeline Calendar Project | 1 Timeline Calendar | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin | |||||
| CVE-2021-24506 | 1 Quantumcloud | 1 Slider Hero | 2021-08-26 | 6.5 MEDIUM | 8.8 HIGH |
| The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection. | |||||
| CVE-2021-24554 | 1 Freelancetoindia | 1 Paytm-pay | 2021-08-26 | 6.5 MEDIUM | 7.2 HIGH |
| The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue | |||||
| CVE-2020-25927 | 1 Hcc-embedded | 1 Nichestack Tcp\/ip | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet. | |||||
| CVE-2020-35684 | 2 Hcc-embedded, Siemens | 5 Nichestack, Sentron 3wa Com190, Sentron 3wa Com190 Firmware and 2 more | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible). | |||||
| CVE-2021-31401 | 2 Hcc-embedded, Siemens | 5 Nichestack, Sentron 3wa Com190, Sentron 3wa Com190 Firmware and 2 more | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet. | |||||
| CVE-2021-31400 | 1 Hcc-embedded | 1 Nichestack | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset). | |||||
| CVE-2021-27565 | 1 Hcc-embedded | 1 Nichestack | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook. | |||||
| CVE-2021-31227 | 1 Hcc-embedded | 1 Nichestack | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy. | |||||
| CVE-2020-25926 | 1 Hcc-embedded | 1 Nichestack Tcp\/ip | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet. | |||||
| CVE-2021-34433 | 1 Eclipse | 1 Californium | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. | |||||
| CVE-2021-31338 | 1 Siemens | 1 Sinema Remote Connect | 2021-08-26 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. | |||||
| CVE-2021-39270 | 1 Pingidentity | 1 Rsa Securid Integration Kit | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur. | |||||
| CVE-2021-34645 | 1 Wpeasycart | 1 Shopping Cart \& Ecommerce Store | 2021-08-26 | 6.8 MEDIUM | 8.8 HIGH |
| The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0. | |||||
| CVE-2021-39273 | 1 Xerosecurity | 1 Sn1per | 2021-08-26 | 9.0 HIGH | 8.8 HIGH |
| In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges. | |||||
| CVE-2021-34745 | 1 Cisco | 1 Appdynamics .net Agent | 2021-08-26 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7. | |||||
| CVE-2021-33580 | 1 Apache | 1 Roller | 2021-08-26 | 4.3 MEDIUM | 7.5 HIGH |
| User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2. | |||||
| CVE-2021-37702 | 1 Pimcore | 1 Pimcore | 2021-08-26 | 6.5 MEDIUM | 8.8 HIGH |
| Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround. | |||||
| CVE-2015-5173 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2021-08-25 | 6.8 MEDIUM | 8.8 HIGH |
| Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage." | |||||
| CVE-2015-5170 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2021-08-25 | 6.8 MEDIUM | 8.8 HIGH |
| Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. | |||||
| CVE-2016-0780 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications. | |||||
| CVE-2015-3191 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2021-08-25 | 6.8 MEDIUM | 8.8 HIGH |
| With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. | |||||
| CVE-2016-6220 | 1 Trendmicro | 1 Control Manager | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. | |||||
| CVE-2017-7730 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 7.8 HIGH | 7.5 HIGH |
| iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. | |||||
| CVE-2017-7729 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext. | |||||
| CVE-2017-7726 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. | |||||
| CVE-2021-36015 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-08-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Media Encoder version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-35990 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-08-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-35989 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-08-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28624 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-08-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-34749 | 1 Cisco | 3 Firepower Management Center, Firepower Management Center Virtual Appliance Firmware, Ironport Web Security Appliance | 2021-08-25 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks. | |||||
| CVE-2020-22345 | 1 Centreon | 1 Centreon | 2021-08-25 | 9.0 HIGH | 8.8 HIGH |
| /graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter. | |||||
| CVE-2021-35392 | 1 Realtek | 1 Jungle Sdk | 2021-08-25 | 7.8 HIGH | 7.5 HIGH |
| Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header. | |||||
| CVE-2021-34716 | 1 Cisco | 2 Expressway, Telepresence Video Communication Server | 2021-08-25 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. | |||||
| CVE-2021-34715 | 1 Cisco | 2 Expressway, Telepresence Video Communication Server | 2021-08-25 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges (the _nobody account) on the underlying operating system. | |||||
| CVE-2020-23334 | 1 Axiosys | 1 Bento4 | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault. | |||||
| CVE-2021-31820 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. | |||||
| CVE-2021-28589 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-08-25 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-23333 | 1 Axiosys | 1 Bento4 | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS). | |||||
| CVE-2021-28590 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2021-08-25 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-23331 | 1 Axiosys | 1 Bento4 | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DescriptorListWriter::Action component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS). | |||||
| CVE-2020-23330 | 1 Axiosys | 1 Bento4 | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS). | |||||
| CVE-2021-28591 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-08-25 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28592 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-08-25 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-38366 | 1 Sitecore | 1 Sitecore | 2021-08-25 | 6.8 MEDIUM | 8.8 HIGH |
| Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL. | |||||