Total
23789 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30149 | 1 Ocproducts | 1 Composr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Composr 10.0.36 allows upload and execution of PHP files. | |||||
CVE-2021-23402 | 1 Record-like-deep-assign Project | 1 Record-like-deep-assign | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. | |||||
CVE-2021-32797 | 1 Jupyter | 1 Jupyterlab | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook. | |||||
CVE-2021-3352 | 1 Mitel | 1 Micontact Center Business | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. | |||||
CVE-2021-29145 | 1 Arubanetworks | 1 Clearpass | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2020-17564 | 1 Feifeicms | 1 Feifeicms | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component. | |||||
CVE-2021-25387 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
CVE-2020-19778 | 1 Shopxo | 1 Shopxo | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request. | |||||
CVE-2021-32513 | 1 Qsan | 1 Storage Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
CVE-2020-10064 | 1 Zephyrproject | 1 Zephyr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 | |||||
CVE-2021-24037 | 1 Facebook | 1 Hermes | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
CVE-2021-22986 | 1 F5 | 15 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 12 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
CVE-2021-23921 | 1 Devolutions | 1 Devolutions Server | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. | |||||
CVE-2021-27903 | 1 Craftcms | 1 Craft Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session). | |||||
CVE-2021-36128 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. | |||||
CVE-2021-35971 | 1 Veeam | 1 Veeam Backup \& Replication | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. | |||||
CVE-2020-35427 | 1 Phpgurukul | 1 Employee Record Management System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
CVE-2021-36623 | 1 Phone Shop Sales Management System Project | 1 Phone Shop Sales Management System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE. | |||||
CVE-2021-33055 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Adselfservice Plus | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. | |||||
CVE-2020-36452 | 1 Array-tools Project | 1 Array-tools | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. |