Total
23745 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30189 | 1 Codesys | 1 V2 Web Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. | |||||
CVE-2021-3402 | 2 Fedoraproject, Virustotal | 2 Fedora, Yara | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4 | |||||
CVE-2021-32533 | 1 Qsan | 1 Sanos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0. | |||||
CVE-2021-2221 | 1 Oracle | 1 Secure Global Desktop | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. | |||||
CVE-2017-17674 | 1 Bmc | 1 Remedy Mid-tier | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). | |||||
CVE-2020-21786 | 1 Ibos | 1 Ibos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. | |||||
CVE-2020-19305 | 1 Metinfo | 1 Metinfo | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | |||||
CVE-2021-40532 | 1 Telegram | 1 Web K Alpha | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension. | |||||
CVE-2020-21994 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. | |||||
CVE-2021-31897 | 1 Jetbrains | 1 Webstorm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. | |||||
CVE-2020-18170 | 1 Abloy | 1 Key Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions. | |||||
CVE-2021-31757 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request. | |||||
CVE-2021-38383 | 1 Owntone Project | 1 Owntone | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. | |||||
CVE-2021-25947 | 1 Nestie Project | 1 Nestie | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
CVE-2021-30164 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. | |||||
CVE-2020-21787 | 1 Crmeb | 1 Crmeb | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | |||||
CVE-2021-23909 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution. | |||||
CVE-2021-3013 | 2 Microsoft, Ripgrep Project | 2 Windows, Ripgrep | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. | |||||
CVE-2021-38564 | 1 Foxitsoftware | 2 Pdf Editor, Pdf Reader | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand. | |||||
CVE-2021-22738 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack. |