Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35654 | 1 Oracle | 1 Essbase Administration Services | 2022-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase Administration Services. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2021-35655 | 1 Oracle | 1 Essbase Administration Services | 2022-01-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Essbase Administration Services accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2021-35653 | 1 Oracle | 1 Essbase Administration Services | 2022-01-20 | 6.8 MEDIUM | 7.7 HIGH |
| Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Essbase Administration Services accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2021-30826 | 1 Apple | 2 Ipados, Iphone Os | 2022-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection. | |||||
| CVE-2021-35500 | 1 Tibco | 2 Data Virtualization, Data Virtualization For Aws Marketplace | 2022-01-19 | 2.1 LOW | 5.5 MEDIUM |
| The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below. | |||||
| CVE-2021-43054 | 1 Tibco | 1 Eftl | 2022-01-19 | 6.5 MEDIUM | 8.8 HIGH |
| The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below. | |||||
| CVE-2021-43053 | 1 Tibco | 1 Ftl | 2022-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below. | |||||
| CVE-2020-14756 | 1 Oracle | 1 Coherence | 2022-01-19 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-2934 | 1 Oracle | 1 Mysql Connector\/j | 2022-01-19 | 5.1 MEDIUM | 5.0 MEDIUM |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). | |||||
| CVE-2022-22847 | 1 Formpipe | 1 Lasernet | 2022-01-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication). | |||||
| CVE-2022-22846 | 1 Dnslib Project | 1 Dnslib | 2022-01-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query. | |||||
| CVE-2021-23425 | 1 Trim-off-newlines Project | 1 Trim-off-newlines | 2022-01-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. | |||||
| CVE-2020-9061 | 4 Aeotec, Samsung, Silabs and 1 more | 6 Zw090-a, Sth-eth-200, 500 Series Firmware and 3 more | 2022-01-18 | 3.3 LOW | 6.5 MEDIUM |
| Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | |||||
| CVE-2021-31215 | 2 Fedoraproject, Schedmd | 2 Fedora, Slurm | 2022-01-17 | 6.5 MEDIUM | 8.8 HIGH |
| SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | |||||
| CVE-2021-44564 | 1 Kalkitech | 40 Sync2000-m1, Sync2000-m1 Firmware, Sync2000-m2 and 37 more | 2022-01-14 | 6.8 MEDIUM | 8.1 HIGH |
| A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products). | |||||
| CVE-2021-40567 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service. | |||||
| CVE-2021-43850 | 1 Discourse | 1 Discourse | 2022-01-14 | 4.0 MEDIUM | 6.8 MEDIUM |
| Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist. | |||||
| CVE-2021-46165 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-01-14 | 4.6 MEDIUM | 7.8 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined. | |||||
| CVE-2021-46164 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-01-14 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module. | |||||
| CVE-2021-38990 | 1 Ibm | 2 Aix, Vios | 2022-01-13 | 4.6 MEDIUM | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952. | |||||
| CVE-2021-39981 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 4.3 MEDIUM | 5.3 MEDIUM |
| Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call. | |||||
| CVE-2021-39983 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | |||||
| CVE-2021-39968 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class. | |||||
| CVE-2021-38576 | 1 Tianocore | 1 Edk2 | 2022-01-13 | 7.8 HIGH | 7.5 HIGH |
| A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. | |||||
| CVE-2021-39975 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks. | |||||
| CVE-2021-40032 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-46045 | 1 Gpac | 1 Gpac | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). | |||||
| CVE-2021-46067 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. | |||||
| CVE-2021-40022 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-39998 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 7.8 HIGH | 7.5 HIGH |
| There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | |||||
| CVE-2017-13892 | 1 Apple | 2 Mac Os X, Macos | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing. | |||||
| CVE-2021-43947 | 1 Atlassian | 2 Data Center, Jira | 2022-01-12 | 9.0 HIGH | 7.2 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | |||||
| CVE-2021-38918 | 1 Ibm | 1 Powervm Hypervisor | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019. | |||||
| CVE-2021-46041 | 1 Gpac | 1 Gpac | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. | |||||
| CVE-2020-22061 | 1 Superantispyware | 1 Superantispyware | 2022-01-12 | 4.6 MEDIUM | 7.8 HIGH |
| SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140. | |||||
| CVE-2020-22057 | 1 Evga | 1 Precision Xoc | 2022-01-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data. | |||||
| CVE-2021-45640 | 1 Netgear | 101 D3600, D3600 Firmware, D6000 and 98 more | 2022-01-12 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56. | |||||
| CVE-2021-45641 | 1 Netgear | 97 D3600, D3600 Firmware, D6000 and 94 more | 2022-01-12 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56. | |||||
| CVE-2021-45642 | 1 Netgear | 57 D7800, D7800 Firmware, Ex6250 and 54 more | 2022-01-12 | 7.5 HIGH | 7.2 HIGH |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22. | |||||
| CVE-2021-45980 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2022-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API. | |||||
| CVE-2021-37119 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. | |||||
| CVE-2021-37117 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. | |||||
| CVE-2021-37110 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-37098 | 1 Huawei | 1 Harmonyos | 2022-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash. | |||||
| CVE-2021-45644 | 1 Netgear | 32 Ac2100, Ac2100 Firmware, Ac2400 and 29 more | 2022-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. | |||||
| CVE-2021-20157 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-01-10 | 7.8 HIGH | 7.5 HIGH |
| It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command. | |||||
| CVE-2018-17875 | 1 Poly | 2 Trio 8800, Trio 8800 Firmware | 2022-01-10 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. | |||||
| CVE-2021-45697 | 1 Nervos | 1 Molecule | 2022-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result. | |||||
| CVE-2021-43857 | 1 Gerapy | 1 Gerapy | 2022-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8. | |||||
| CVE-2021-45645 | 1 Netgear | 16 Rbs50y, Rbs50y Firmware, Src60 and 13 more | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK30 before 3.2.33.108, SXR30 before 3.2.33.108, SXS30 before 3.2.33.108, and SRC60 before 2.7.0.122. | |||||