Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20603 | 1 Mitsubishielectric | 20 Got2000 Gt2103-pmbd, Got2000 Gt2103-pmbd Firmware, Got2000 Gt2104-pmbd and 17 more | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | |||||
| CVE-2021-20604 | 1 Mitsubishielectric | 20 Got2000 Gt2103-pmbd, Got2000 Gt2103-pmbd Firmware, Got2000 Gt2104-pmbd and 17 more | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | |||||
| CVE-2021-20605 | 1 Mitsubishielectric | 20 Got2000 Gt2103-pmbd, Got2000 Gt2103-pmbd Firmware, Got2000 Gt2104-pmbd and 17 more | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in GOT2000 series GT21 model GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, GT2103-PMBD all versions, GOT SIMPLE series GS21 model GS2110-WTBD all versions, GS2107-WTBD all versions, GS2110-WTBD-N all versions, GS2107-WTBD-N all versions and LE7-40GU-L all versions allows a remote unauthenticated attacker to cause DoS condition of the products by sending specially crafted packets. | |||||
| CVE-2021-41129 | 1 Pterodactyl | 1 Panel | 2021-10-18 | 6.8 MEDIUM | 8.1 HIGH |
| Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. This authentication flaw is present in the `LoginCheckpointController@__invoke` method which handles two-factor authentication for a user. This controller looks for a request input parameter called `confirmation_token` which is expected to be a 64 character random alpha-numeric string that references a value within the Panel's cache containing a `user_id` value. This value is then used to fetch the user that attempted to login, and lookup their two-factor authentication token. Due to the design of this system, any element in the cache that contains only digits could be referenced by a malicious user, and whatever value is stored at that position would be used as the `user_id`. There are a few different areas of the Panel that store values into the cache that are integers, and a user who determines what those cache keys are could pass one of those keys which would cause this code pathway to reference an arbitrary user. At its heart this is a high-risk login bypass vulnerability. However, there are a few additional conditions that must be met in order for this to be successfully executed, notably: 1.) The account referenced by the malicious cache key must have two-factor authentication enabled. An account without two-factor authentication would cause an exception to be triggered by the authentication logic, thusly exiting this authentication flow. 2.) Even if the malicious user is able to reference a valid cache key that references a valid user account with two-factor authentication, they must provide a valid two-factor authentication token. However, due to the design of this endpoint once a valid user account is found with two-factor authentication enabled there is no rate-limiting present, thusly allowing an attacker to brute force combinations until successful. This leads to a third condition that must be met: 3.) For the duration of this attack sequence the cache key being referenced must continue to exist with a valid `user_id` value. Depending on the specific key being used for this attack, this value may disappear quickly, or be changed by other random user interactions on the Panel, outside the control of the attacker. In order to mitigate this vulnerability the underlying authentication logic was changed to use an encrypted session store that the user is therefore unable to control the value of. This completely removed the use of a user-controlled value being used. In addition, the code was audited to ensure this type of vulnerability is not present elsewhere. | |||||
| CVE-2020-22678 | 1 Gpac | 1 Gpac | 2021-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | |||||
| CVE-2020-22677 | 1 Gpac | 1 Gpac | 2021-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | |||||
| CVE-2020-22675 | 1 Gpac | 1 Gpac | 2021-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | |||||
| CVE-2020-22674 | 1 Gpac | 1 Gpac | 2021-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input. | |||||
| CVE-2021-33734 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-35067 | 1 Meross | 2 Msg100, Msg100 Firmware | 2021-10-18 | 5.5 MEDIUM | 8.1 HIGH |
| Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). | |||||
| CVE-2021-33733 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33732 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33731 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33730 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | |||||
| CVE-2021-33729 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database. | |||||
| CVE-2021-33728 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | |||||
| CVE-2021-33727 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system. | |||||
| CVE-2021-33726 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | |||||
| CVE-2021-3755 | 2021-10-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-33725 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 5.0 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | |||||
| CVE-2021-0583 | 1 Google | 1 Android | 2021-10-18 | 4.4 MEDIUM | 7.3 HIGH |
| In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956 | |||||
| CVE-2021-33724 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 5.0 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. | |||||
| CVE-2021-40191 | 1 Dzzoffice | 1 Dzzoffice | 2021-10-18 | 3.5 LOW | 5.4 MEDIUM |
| Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php. | |||||
| CVE-2021-33723 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system. | |||||
| CVE-2021-33722 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system. | |||||
| CVE-2021-28966 | 2 Microsoft, Ruby-lang | 2 Windows, Ruby | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. | |||||
| CVE-2021-29657 | 1 Linux | 1 Linux Kernel | 2021-10-18 | 6.9 MEDIUM | 7.4 HIGH |
| arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun. | |||||
| CVE-2021-40543 | 1 Os4ed | 1 Opensis | 2021-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file. | |||||
| CVE-2021-32760 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Containerd | 2021-10-18 | 6.8 MEDIUM | 6.3 MEDIUM |
| containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. | |||||
| CVE-2012-2666 | 1 Golang | 1 Go | 2021-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. | |||||
| CVE-2020-27874 | 1 Tencent | 1 Wechat | 2021-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM Decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11580. | |||||
| CVE-2020-27006 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-10-18 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182) | |||||
| CVE-2020-27000 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-10-18 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018) | |||||
| CVE-2021-40542 | 1 Os4ed | 1 Opensis | 2021-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. | |||||
| CVE-2020-5811 | 1 Umbraco | 1 Umbraco Cms | 2021-10-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | |||||
| CVE-2020-5138 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-7587 | 1 Siemens | 13 Opcenter Execution Discrete, Opcenter Execution Foundation, Opcenter Execution Process and 10 more | 2021-10-18 | 6.4 MEDIUM | 8.2 HIGH |
| A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. | |||||
| CVE-2020-10061 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 5.8 MEDIUM | 8.8 HIGH |
| Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | |||||
| CVE-2020-10060 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 5.5 MEDIUM | 6.5 MEDIUM |
| In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. | |||||
| CVE-2021-27002 | 1 Netapp | 1 Cloud Manager | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. | |||||
| CVE-2021-29005 | 1 Rconfig | 1 Rconfig | 2021-10-18 | 9.0 HIGH | 8.8 HIGH |
| Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. | |||||
| CVE-2021-38699 | 1 Tastyigniter | 1 Tastyigniter | 2021-10-18 | 3.5 LOW | 5.4 MEDIUM |
| TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs. | |||||
| CVE-2021-38207 | 1 Linux | 1 Linux Kernel | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes. | |||||
| CVE-2021-3682 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2021-10-18 | 6.0 MEDIUM | 8.5 HIGH |
| A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. | |||||
| CVE-2021-36159 | 1 Freebsd | 1 Libfetch | 2021-10-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late. | |||||
| CVE-2021-33195 | 2 Golang, Netapp | 2 Go, Cloud Insights Telegraf Agent | 2021-10-18 | 7.5 HIGH | 7.3 HIGH |
| Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | |||||
| CVE-2021-22148 | 1 Elastic | 1 Enterprise Search | 2021-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines. | |||||
| CVE-2021-3035 | 1 Paloaltonetworks | 1 Bridgecrew Checkov | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted. | |||||
| CVE-2021-24400 | 1 Wp-display-users Project | 1 Wp-display-users | 2021-10-18 | 6.5 MEDIUM | 7.2 HIGH |
| The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||
| CVE-2021-20825 | 2 Ec-cube, Shiro8 | 2 Ec-cube, List \(order Management\) Item Change | 2021-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||