Total
23887 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-33055 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Adselfservice Plus | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. | |||||
CVE-2020-36452 | 1 Array-tools Project | 1 Array-tools | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | |||||
CVE-2021-30648 | 1 Broadcom | 15 Symantec Advanced Secure Gateway 500-10, Symantec Advanced Secure Gateway 500-10 Firmware, Symantec Advanced Secure Gateway S200-30 and 12 more | 2023-12-10 | 9.0 HIGH | 9.8 CRITICAL |
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance. | |||||
CVE-2021-0248 | 1 Juniper | 4 Junos, Nfx150, Nfx250 and 1 more | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This issue affects: Juniper Networks Junos OS versions prior to 19.1R1 on NFX Series. No other platforms besides NFX Series devices are affected. | |||||
CVE-2021-2446 | 1 Oracle | 1 Secure Global Desktop | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
CVE-2021-25944 | 1 Deep-defaults Project | 1 Deep-defaults | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
CVE-2021-22367 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass. | |||||
CVE-2021-37161 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote code execution. | |||||
CVE-2020-28902 | 1 Nagios | 1 Fusion | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | |||||
CVE-2020-24148 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | |||||
CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | |||||
CVE-2020-22937 | 1 Phome | 1 Empirecms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | |||||
CVE-2021-31474 | 1 Solarwinds | 1 Network Performance Monitor | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213. | |||||
CVE-2021-25384 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
CVE-2021-32534 | 1 Qsan | 1 Sanos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0. | |||||
CVE-2021-3757 | 1 Immer Project | 1 Immer | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |||||
CVE-2020-21784 | 1 Phpwcms | 1 Phpwcms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | |||||
CVE-2021-27389 | 1 Siemens | 2 Opcenter Quality, Qms Automotive | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection. | |||||
CVE-2021-28797 | 1 Qnap | 2 Nas, Surveillance Station | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) | |||||
CVE-2021-20538 | 1 Ibm | 1 Cloud Pak For Security | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919. |