Total
23848 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-31897 | 1 Jetbrains | 1 Webstorm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. | |||||
CVE-2020-18170 | 1 Abloy | 1 Key Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions. | |||||
CVE-2021-31757 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request. | |||||
CVE-2021-38383 | 1 Owntone Project | 1 Owntone | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. | |||||
CVE-2021-25947 | 1 Nestie Project | 1 Nestie | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
CVE-2021-30164 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. | |||||
CVE-2020-21787 | 1 Crmeb | 1 Crmeb | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | |||||
CVE-2021-23909 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution. | |||||
CVE-2021-3013 | 2 Microsoft, Ripgrep Project | 2 Windows, Ripgrep | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. | |||||
CVE-2021-38564 | 1 Foxitsoftware | 2 Pdf Editor, Pdf Reader | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand. | |||||
CVE-2021-22738 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack. | |||||
CVE-2021-30459 | 1 Jazzband | 1 Django Debug Toolbar | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form. | |||||
CVE-2021-34187 | 1 Chamilo | 1 Chamilo | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. | |||||
CVE-2021-37425 | 1 Altova | 1 Mobiletogether Server | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key. | |||||
CVE-2021-22505 | 1 Microfocus | 1 Operations Agent | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent. | |||||
CVE-2020-35441 | 1 Fangfa | 1 Fdcms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php. | |||||
CVE-2021-37163 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded. | |||||
CVE-2020-23323 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0. | |||||
CVE-2021-31726 | 1 Akuvox | 2 C315, C315 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0). | |||||
CVE-2021-27944 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload. |