Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1677 | 1 Juniper | 1 Mist Cloud Ui | 2021-10-19 | 4.3 MEDIUM | 7.2 HIGH |
| When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | |||||
| CVE-2020-1777 | 1 Otrs | 1 Otrs | 2021-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions. | |||||
| CVE-2020-26869 | 1 Pcvuesolutions | 1 Pcvue | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit. | |||||
| CVE-2021-41546 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2021-10-19 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service. | |||||
| CVE-2021-37199 | 1 Siemens | 4 Sinumerik 808d, Sinumerik 808d Firmware, Sinumerik 828d and 1 more | 2021-10-19 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | |||||
| CVE-2021-41117 | 1 Keypair Project | 1 Keypair | 2021-10-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical P, Q (and thus N) values which, in practical terms, is impossible with RSA-2048 keys. Generating identical values, repeatedly, usually indicates an issue with poor random number generation, or, poor handling of CSPRNG output. Issue 1: Poor random number generation (`GHSL-2021-1012`). The library does not rely entirely on a platform provided CSPRNG, rather, it uses it's own counter-based CMAC approach. Where things go wrong is seeding the CMAC implementation with "true" random data in the function `defaultSeedFile`. In order to seed the AES-CMAC generator, the library will take two different approaches depending on the JavaScript execution environment. In a browser, the library will use [`window.crypto.getRandomValues()`](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L971). However, in a nodeJS execution environment, the `window` object is not defined, so it goes down a much less secure solution, also of which has a bug in it. It does look like the library tries to use node's CSPRNG when possible unfortunately, it looks like the `crypto` object is null because a variable was declared with the same name, and set to `null`. So the node CSPRNG path is never taken. However, when `window.crypto.getRandomValues()` is not available, a Lehmer LCG random number generator is used to seed the CMAC counter, and the LCG is seeded with `Math.random`. While this is poor and would likely qualify in a security bug in itself, it does not explain the extreme frequency in which duplicate keys occur. The main flaw: The output from the Lehmer LCG is encoded incorrectly. The specific [line][https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L1008] with the flaw is: `b.putByte(String.fromCharCode(next & 0xFF))` The [definition](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L350-L352) of `putByte` is `util.ByteBuffer.prototype.putByte = function(b) {this.data += String.fromCharCode(b);};`. Simplified, this is `String.fromCharCode(String.fromCharCode(next & 0xFF))`. The double `String.fromCharCode` is almost certainly unintentional and the source of weak seeding. Unfortunately, this does not result in an error. Rather, it results most of the buffer containing zeros. Since we are masking with 0xFF, we can determine that 97% of the output from the LCG are converted to zeros. The only outputs that result in meaningful values are outputs 48 through 57, inclusive. The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9. In summary, there are three immediate concerns: 1. The library has an insecure random number fallback path. Ideally the library would require a strong CSPRNG instead of attempting to use a LCG and `Math.random`. 2. The library does not correctly use a strong random number generator when run in NodeJS, even though a strong CSPRNG is available. 3. The fallback path has an issue in the implementation where a majority of the seed data is going to effectively be zero. Due to the poor random number generation, keypair generates RSA keys that are relatively easy to guess. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. | |||||
| CVE-2021-40239 | 1 Miniftpd Project | 1 Miniftpd | 2021-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c | |||||
| CVE-2021-40617 | 1 Os4ed | 1 Opensis | 2021-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. | |||||
| CVE-2021-23448 | 1 Config-handler Project | 1 Config-handler | 2021-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package config-handler are vulnerable to Prototype Pollution when loading config files. | |||||
| CVE-2021-42009 | 1 Apache | 1 Traffic Control | 2021-10-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3. | |||||
| CVE-2021-27395 | 1 Siemens | 4 Simatic Process Historian 2013, Simatic Process Historian 2014, Simatic Process Historian 2019 and 1 more | 2021-10-19 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data. | |||||
| CVE-2021-40189 | 1 Php-fusion | 1 Phpfusion | 2021-10-19 | 6.5 MEDIUM | 7.2 HIGH |
| PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code. | |||||
| CVE-2021-38180 | 1 Sap | 1 Business One | 2021-10-19 | 9.3 HIGH | 9.8 CRITICAL |
| SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution. | |||||
| CVE-2021-38181 | 1 Sap | 2 Netweaver Abap, Netweaver As Abap | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2021-38183 | 1 Sap | 1 Netweaver | 2021-10-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2021-40495 | 1 Sap | 2 Netweaver Abap, Netweaver As Abap | 2021-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform. | |||||
| CVE-2016-2853 | 1 Linux | 1 Linux Kernel | 2021-10-18 | 4.4 MEDIUM | 7.8 HIGH |
| The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | |||||
| CVE-2016-1576 | 2 Canonical, Linux | 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more | 2021-10-18 | 7.2 HIGH | 7.8 HIGH |
| The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | |||||
| CVE-2016-1575 | 2 Canonical, Linux | 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more | 2021-10-18 | 7.2 HIGH | 7.8 HIGH |
| The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | |||||
| CVE-2021-40497 | 1 Sap | 1 Businessobjects Analysis | 2021-10-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version. | |||||
| CVE-2021-40498 | 1 Sap | 1 Successfactors Mobile | 2021-10-18 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing once the user accesses their profile on the mobile application. While executing, it can also pick up the activities from other Android applications that are running in the background of the users device and are using the same types of methods in the application. Such vulnerability can also lead to phishing attacks that can be used for staging other types of attacks. | |||||
| CVE-2020-22673 | 1 Gpac | 1 Gpac | 2021-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. | |||||
| CVE-2020-22679 | 1 Gpac | 1 Gpac | 2021-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. | |||||
| CVE-2021-38915 | 1 Ibm | 1 Data Risk Manager | 2021-10-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947. | |||||
| CVE-2021-38862 | 1 Ibm | 1 Data Risk Manager | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980. | |||||
| CVE-2021-27003 | 1 Netapp | 1 Clustered Data Ontap | 2021-10-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. | |||||
| CVE-2020-28145 | 1 Wuzhicms | 1 Wuzhicms | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | |||||
| CVE-2021-25738 | 1 Kubernetes | 1 Java | 2021-10-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. | |||||
| CVE-2020-27372 | 1 Brandy Project | 1 Brandy | 2021-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function. | |||||
| CVE-2021-22263 | 1 Gitlab | 1 Gitlab | 2021-10-18 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects. | |||||
| CVE-2021-25634 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | |||||
| CVE-2021-41130 | 1 Google | 1 Extensible Service Proxy | 2021-10-18 | 4.9 MEDIUM | 5.4 MEDIUM |
| Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two "X-Endpoint-API-UserInfo" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the "X-Endpoint-API-UserInfo" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag ":1", needs to re-start the container to pick up the new version. The tag ":1" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. ":1.57". You need to update it to ":1.58" and re-start the container. There are no workaround for this issue. | |||||
| CVE-2021-27664 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2021-10-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | |||||
| CVE-2021-20121 | 1 Telus | 2 Prv65b444a-s-ts, Prv65b444a-s-ts Firmware | 2021-10-18 | 1.9 LOW | 4.0 MEDIUM |
| The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface. | |||||
| CVE-2021-42134 | 1 Django-unicorn | 1 Unicorn | 2021-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. | |||||
| CVE-2021-20122 | 1 Telus | 2 Prv65b444a-s-ts, Prv65b444a-s-ts Firmware | 2021-10-18 | 9.0 HIGH | 7.2 HIGH |
| The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device. | |||||
| CVE-2021-40499 | 1 Sap | 1 Netweaver Application Server Abap | 2021-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2021-40500 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server. | |||||
| CVE-2021-40188 | 1 Php-fusion | 1 Phpfusion | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server. | |||||
| CVE-2021-35214 | 1 Solarwinds | 1 Pingdom | 2021-10-18 | 1.9 LOW | 4.7 MEDIUM |
| The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021. | |||||
| CVE-2021-3330 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 5.8 MEDIUM | 8.8 HIGH |
| RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456 | |||||
| CVE-2021-25633 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | |||||
| CVE-2021-37123 | 1 Huawei | 2 Hero-ct060, Hero-ct060 Firmware | 2021-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do. | |||||
| CVE-2021-3323 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc | |||||
| CVE-2021-3322 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 3.3 LOW | 6.5 MEDIUM |
| Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr. Zephyr versions >= >=2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p86r-gc4r-4mq3 | |||||
| CVE-2021-24576 | 1 Techearty | 1 Easy Accordion | 2021-10-18 | 3.5 LOW | 5.4 MEDIUM |
| The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion. | |||||
| CVE-2021-33736 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-3321 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 5.8 MEDIUM | 8.8 HIGH |
| Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | |||||
| CVE-2021-33735 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-26588 | 1 Hpe | 19 3par Os, 3par Storeserv 10400, 3par Storeserv 10800 and 16 more | 2021-10-18 | 10.0 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware. | |||||