Total
23718 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32055 | 2 Mutt, Neomutt | 2 Mutt, Neomutt | 2023-12-10 | 5.8 MEDIUM | 9.1 CRITICAL |
| Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. | |||||
| CVE-2021-2200 | 1 Oracle | 1 Applications Framework | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Home page). The supported version that is affected is 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Framework accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2020-9493 | 2 Apache, Qos | 3 Chainsaw, Log4j, Reload4j | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
| A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. | |||||
| CVE-2021-38140 | 1 Set User Project | 1 Set User | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). | |||||
| CVE-2020-35758 | 1 Librewireless | 2 Ls9, Ls9 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access privileged functionality. As such, it's possible to directly access APIs that should not be exposed to an unauthenticated user. | |||||
| CVE-2020-21133 | 1 Metinfo | 1 Metinfo | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. | |||||
| CVE-2020-36432 | 1 Alg Ds Project | 1 Alg Ds | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). | |||||
| CVE-2021-22373 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. | |||||
| CVE-2021-28152 | 1 Hongdian | 2 H8922, H8922 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn. | |||||
| CVE-2021-35336 | 1 Tieline | 2 Ip Audtio Gateway, Ip Audtio Gateway Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account. | |||||
| CVE-2021-23379 | 1 Portkiller Project | 1 Portkiller | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-30072 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. | |||||
| CVE-2021-27459 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code. | |||||
| CVE-2021-36707 | 1 Prolink | 2 Prc2402m, Prc2402m Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system. | |||||
| CVE-2021-40177 | 1 Zohocorp | 1 Manageengine Log360 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | |||||
| CVE-2021-1498 | 1 Cisco | 8 Hyperflex Hx220c Af M5, Hyperflex Hx220c All Nvme M5, Hyperflex Hx220c Edge M5 and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-0515 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063 | |||||
| CVE-2021-2319 | 1 Oracle | 1 Cloud Infrastructure Storage Gateway | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
| Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from <a href=" https://www.oracle.com/downloads/cloud/oci-storage-gateway-downloads.html">here. Refer to Document <a href="https://support.oracle.com/rs?type=doc&id=2768897.1">2768897.1 for more details. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-19038 | 1 Halo | 1 Halo | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| File Deletion vulnerability in Halo 0.4.3 via delBackup. | |||||
| CVE-2021-38513 | 1 Netgear | 22 Cbr40, Cbr40 Firmware, Eax20 and 19 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10. | |||||