Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11058 | 2 Canonical, Freerdp | 2 Ubuntu Linux, Freerdp | 2021-10-07 | 3.5 LOW | 2.2 LOW |
| In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. | |||||
| CVE-2020-8151 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Active Resource | 2021-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. | |||||
| CVE-2020-11050 | 1 Java-websocket Project | 1 Java-websocket | 2021-10-07 | 6.8 MEDIUM | 8.1 HIGH |
| In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0. | |||||
| CVE-2020-18684 | 1 Atlassian | 1 Floodlight | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | |||||
| CVE-2020-15099 | 1 Typo3 | 1 Typo3 | 2021-10-07 | 6.8 MEDIUM | 8.1 HIGH |
| In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6. | |||||
| CVE-2020-15102 | 1 Prestashop | 1 Dashboard Products | 2021-10-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0. | |||||
| CVE-2020-15111 | 1 Gofiber | 1 Fiber | 2021-10-07 | 5.8 MEDIUM | 5.4 MEDIUM |
| In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to another site, change the authorization header, etc. A possible workaround is to serialize the input before passing it to ctx.Attachment(). | |||||
| CVE-2020-8186 | 1 Devcert Project | 1 Devcert | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function. | |||||
| CVE-2021-0226 | 1 Juniper | 1 Junos Os Evolved | 2021-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect IPv4 BGP sessions. This issue affects IBGP or EBGP peer sessions with IPv6. This issue affects: Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S3-EVO; 20.2 versions prior to 20.2R2-S1-EVO; 20.3 versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS releases. | |||||
| CVE-2020-8169 | 3 Debian, Haxx, Siemens | 4 Debian Linux, Curl, Simatic Tim 1531 Irc and 1 more | 2021-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |||||
| CVE-2020-8920 | 1 Google | 1 Gerrit | 2021-10-07 | 2.7 LOW | 3.5 LOW |
| An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts. | |||||
| CVE-2020-26256 | 1 C2fo | 1 Fast-csv | 2021-10-07 | 3.5 LOW | 6.5 MEDIUM |
| Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched in `v4.3.6` You will only be affected by this if you use the `ignoreEmpty` parsing option. If you do use this option it is recommended that you upgrade to the latest version `v4.3.6` This vulnerability was found using a CodeQL query which identified `EMPTY_ROW_REGEXP` regular expression as vulnerable. | |||||
| CVE-2020-10517 | 1 Github | 1 Github | 2021-10-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2021-25961 | 1 Salesagility | 1 Suitecrm | 2021-10-07 | 6.0 MEDIUM | 8.0 HIGH |
| In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id. | |||||
| CVE-2021-41295 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 6.8 MEDIUM | 8.8 HIGH |
| ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system. | |||||
| CVE-2021-25960 | 1 Salesagility | 1 Suitecrm | 2021-10-07 | 6.0 MEDIUM | 8.0 HIGH |
| In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure. | |||||
| CVE-2021-41294 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario. | |||||
| CVE-2021-41293 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information. | |||||
| CVE-2021-34413 | 1 Zoom | 1 Zoom Plugin For Microsoft Outlook | 2021-10-07 | 6.0 MEDIUM | 7.5 HIGH |
| All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context. | |||||
| CVE-2021-41296 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | |||||
| CVE-2021-41298 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 6.5 MEDIUM | 8.8 HIGH |
| ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities. | |||||
| CVE-2021-41297 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 4.0 MEDIUM | 8.8 HIGH |
| ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. | |||||
| CVE-2021-41106 | 1 Jwt Project | 1 Jwt | 2021-10-07 | 2.1 LOW | 3.3 LOW |
| JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms (HS256, HS384, and HS512) combined with `Lcobucci\JWT\Signer\Key\LocalFileReference` as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users can issue and validate tokens, users are lead to believe that everything works properly. Versions 3.4.6, 4.0.4, and 4.1.5 have been patched to always load the file contents, deprecated the `Lcobucci\JWT\Signer\Key\LocalFileReference`, and suggest `Lcobucci\JWT\Signer\Key\InMemory` as the alternative. As a workaround, use `Lcobucci\JWT\Signer\Key\InMemory` instead of `Lcobucci\JWT\Signer\Key\LocalFileReference` to create the instances of one's keys. | |||||
| CVE-2018-1288 | 2 Apache, Redhat | 2 Kafka, Jboss Middleware Text-only Advisories | 2021-10-07 | 5.5 MEDIUM | 5.4 MEDIUM |
| In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. | |||||
| CVE-2021-33923 | 1 Confluent | 1 Cp-ansible | 2021-10-07 | 2.1 LOW | 5.5 MEDIUM |
| Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). | |||||
| CVE-2020-21386 | 1 Maccms | 1 Maccms | 2021-10-07 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | |||||
| CVE-2021-33924 | 1 Confluent | 1 Ansible | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. | |||||
| CVE-2021-40651 | 1 Os4ed | 1 Opensis | 2021-10-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file. | |||||
| CVE-2021-34414 | 1 Zoom | 4 Meeting Connector, Recording Connector, Virtual Room Connector and 1 more | 2021-10-07 | 6.5 MEDIUM | 7.2 HIGH |
| The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator. | |||||
| CVE-2020-21434 | 1 Maccms | 1 Maccms | 2021-10-07 | 3.5 LOW | 5.4 MEDIUM |
| Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. | |||||
| CVE-2020-21387 | 1 Maccms | 1 Maccms | 2021-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | |||||
| CVE-2021-41123 | 1 Mysurvey | 1 Survey Solutions | 2021-10-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default. | |||||
| CVE-2021-38098 | 1 Corel | 1 Pdf Fusion | 2021-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | |||||
| CVE-2021-38100 | 1 Corel | 1 Photopaint 2020 | 2021-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. | |||||
| CVE-2021-38102 | 1 Corel | 1 Presentations 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38105. | |||||
| CVE-2021-38101 | 1 Corel | 1 Photopaint 2020 | 2021-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38099. | |||||
| CVE-2021-38105 | 1 Corel | 1 Presentations 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38102. | |||||
| CVE-2021-38110 | 1 Corel | 1 Wordperfect 2020 | 2021-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. | |||||
| CVE-2021-38106 | 1 Corel | 1 Presentations 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | |||||
| CVE-2021-41299 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 10.0 HIGH | 9.8 CRITICAL |
| ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. | |||||
| CVE-2021-38108 | 1 Corel | 1 Wordperfect 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. | |||||
| CVE-2021-38107 | 1 Corel | 1 Coreldraw 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. | |||||
| CVE-2021-34416 | 1 Zoom | 4 Meeting Connector, Recording Connector, Virtual Room Connector and 1 more | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. | |||||
| CVE-2021-38109 | 1 Corel | 1 Coreldraw 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. | |||||
| CVE-2021-41300 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. | |||||
| CVE-2021-41301 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 10.0 HIGH | 9.8 CRITICAL |
| ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access. | |||||
| CVE-2021-37786 | 1 Bag | 1 Covid Certificate | 2021-10-07 | 2.1 LOW | 4.6 MEDIUM |
| Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code. | |||||
| CVE-2021-41104 | 2 Esphome, Espressif | 3 Esphome Firmware, Esp32, Esp8266 | 2021-10-07 | 4.3 MEDIUM | 7.5 HIGH |
| ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround, one may disable or remove `web_server`. | |||||
| CVE-2021-25959 | 1 Opencrx | 1 Opencrx | 2021-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. | |||||
| CVE-2020-16630 | 1 Ti | 7 15.4-stack, Ble5-stack, Dynamic Multi-protocal Manager and 4 more | 2021-10-07 | 4.3 MEDIUM | 6.8 MEDIUM |
| TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission. | |||||