Total
107 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-0295 | 1 Juniper | 5 Junos, Qfx10000, Qfx10002 and 2 more | 2023-12-10 | 2.9 LOW | 6.1 MEDIUM |
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to a partial Denial of Service (DoS). The issue is caused by DVMRP packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. DVMRP packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. This issue only affects QFX10K Series switches, including the QFX10002, QFX10008, and QFX10016. Other products and platforms are unaffected by this vulnerability. This issue affects Juniper Networks Junos OS on QFX10K Series: 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 version 18.2R1 and later versions; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. | |||||
CVE-2021-32779 | 1 Envoyproxy | 1 Envoy | 2023-12-10 | 7.5 HIGH | 8.3 HIGH |
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final "/admin" path element, or is using a negative assertion with final path element of "/admin". The client sends request to "/app1/admin#foo". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as "/admin#foo" and mismatches with the configured "/admin" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending "#foo" fragment which violates RFC3986 or with the nonsensical "%23foo" text appended. A specifically constructed request with URI containing '#fragment' element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests. | |||||
CVE-2021-1904 | 1 Qualcomm | 350 Apq8009, Apq8009 Firmware, Apq8009w and 347 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2020-22784 | 1 Etherpad | 1 Ueberdb | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names. | |||||
CVE-2021-35973 | 1 Netgear | 2 Wac104, Wac104 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory). | |||||
CVE-2021-23999 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||||
CVE-2021-37550 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. | |||||
CVE-2020-25580 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. | |||||
CVE-2020-1920 | 1 Facebook | 1 React-native | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1. | |||||
CVE-2021-27293 | 1 Restsharp | 1 Restsharp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service. | |||||
CVE-2021-35970 | 1 Voxmedia | 1 Coral Talk | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type. | |||||
CVE-2020-23360 | 1 Oscommerce | 1 Oscommerce | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | |||||
CVE-2020-13559 | 1 Freyrscada | 1 Iec-60879-5-104 Server Simulator | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2020-23361 | 1 Phplist | 1 Phplist | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | |||||
CVE-2020-23359 | 1 Webidsupport | 1 Webid | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. | |||||
CVE-2021-20219 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability. | |||||
CVE-2020-13485 | 1 Verbb | 1 Knock Knock | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. | |||||
CVE-2020-10024 | 1 Zephyrproject | 1 Zephyr | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | |||||
CVE-2020-10027 | 1 Zephyrproject | 1 Zephyr | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | |||||
CVE-2019-20634 | 1 Proofpoint | 1 Email Protection | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails. |