Total
23744 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38145 | 1 Formtools | 1 Core | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_results=all&export_type_id=1. | |||||
CVE-2020-19112 | 1 Projectworlds | 1 Online Book Store Project In Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | |||||
CVE-2021-30190 | 1 Codesys | 1 V2 Web Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. | |||||
CVE-2021-31838 | 1 Mcafee | 1 Mvision Edr | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | |||||
CVE-2020-18544 | 1 Wms Project | 1 Wms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". | |||||
CVE-2021-2355 | 1 Oracle | 1 Marketing | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
CVE-2021-22519 | 1 Microfocus | 1 Sitescope | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). The vulnerability could allow remote attackers to execute arbitrary code on affected installations of SiteScope. | |||||
CVE-2021-1870 | 3 Apple, Fedoraproject, Webkitgtk | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
CVE-2021-32605 | 1 Zzzcms | 1 Zzzphp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | |||||
CVE-2021-1910 | 1 Qualcomm | 746 Apq8009, Apq8009 Firmware, Apq8009w and 743 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2020-23302 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0 | |||||
CVE-2019-20467 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root and default) exist that can be used on this interface. The usernames and passwords of the backdoor accounts are the same on all devices. Attackers can use these backdoor accounts to obtain access and execute code as root within the device. | |||||
CVE-2021-39167 | 1 Openzeppelin | 1 Contracts | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. | |||||
CVE-2021-38302 | 1 Newsletter Project | 1 Newsletter | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. | |||||
CVE-2021-2397 | 1 Oracle | 1 Weblogic Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
CVE-2021-23417 | 1 Deepmergefn Project | 1 Deepmergefn | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function. | |||||
CVE-2021-32827 | 2 Mock-server, Oracle | 2 Mockserver, Communications Cloud Native Core Policy | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on the MockServer machine. With an overly broad default CORS configuration MockServer allows any site to send cross-site requests. Additionally, MockServer allows you to create dynamic expectations using Javascript or Velocity templates. Both engines may allow an attacker to execute arbitrary code on-behalf of MockServer. By combining these two issues (Overly broad CORS configuration + Script injection), an attacker could serve a malicious page so that if a developer running MockServer visits it, they will get compromised. For more details including a PoC see the referenced GHSL-2021-059. | |||||
CVE-2021-29971 | 1 Mozilla | 1 Firefox | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90. | |||||
CVE-2021-2447 | 1 Oracle | 1 Secure Global Desktop | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
CVE-2021-33806 | 1 Bdew | 1 Bdlib | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization. |