Weekly Vulnerabilities Reports > December 20 to 26, 2021
Overview
585 new vulnerabilities reported during this period, including 71 critical vulnerabilities and 122 high severity vulnerabilities. This weekly summary report vulnerabilities in 441 products from 134 vendors including Netgear, Fedoraproject, Debian, Google, and Advantech. Vulnerabilities are notably categorized as "Command Injection", "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", and "Use After Free".
- 453 reported vulnerabilities are remotely exploitables.
- 262 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 382 reported vulnerabilities are exploitable by an anonymous user.
- Netgear has the most reported vulnerabilities, with 187 reported vulnerabilities.
- Netgear has the most reported critical vulnerabilities, with 19 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
71 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-12-26 | CVE-2021-45495 | Netgear | Unspecified vulnerability in Netgear D7000 Firmware NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass. | 10.0 |
2021-12-26 | CVE-2021-45496 | Netgear | Unspecified vulnerability in Netgear D7000 Firmware NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | 10.0 |
2021-12-26 | CVE-2021-45497 | Netgear | Unspecified vulnerability in Netgear D7000 Firmware NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. | 10.0 |
2021-12-26 | CVE-2021-45498 | Netgear | Unspecified vulnerability in Netgear R6700V2 Firmware NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass. | 10.0 |
2021-12-26 | CVE-2021-45501 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 10.0 |
2021-12-26 | CVE-2021-45511 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 10.0 |
2021-12-26 | CVE-2021-45610 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45612 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45613 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45614 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45616 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45617 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45618 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45619 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45620 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45621 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-26 | CVE-2021-45622 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 10.0 |
2021-12-23 | CVE-2021-44453 | Myscada | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. | 10.0 |
2021-12-22 | CVE-2021-21903 | Garrett | Out-of-bounds Write vulnerability in Garrett IC Module CMA 5.0 A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. | 10.0 |
2021-12-21 | CVE-2021-45090 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2/2.1.0 Stormshield Endpoint Security before 2.1.2 allows remote code execution. | 10.0 |
2021-12-21 | CVE-2021-45255 | Video Sharing Website Project | SQL Injection vulnerability in Video Sharing Website Project Video Sharing Website 1.0 The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. | 10.0 |
2021-12-20 | CVE-2021-44159 | 4Mosan | Unrestricted Upload of File with Dangerous Type vulnerability in 4Mosan GCB Doctor 20210811 4MOSAn GCB Doctor’s file upload function has improper user privilege control. | 10.0 |
2021-12-22 | CVE-2021-21872 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 9.9 |
2021-12-26 | CVE-2021-45512 | Netgear | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Netgear products Certain NETGEAR devices are affected by weak cryptography. | 9.8 |
2021-12-22 | CVE-2021-40393 | Gerbv Project Debian | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). | 9.8 |
2021-12-22 | CVE-2021-40394 | Gerbv Project Debian | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). | 9.8 |
2021-12-22 | CVE-2021-37706 | Teluu Asterisk Sangoma Debian | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
2021-12-22 | CVE-2021-44659 | Thoughtworks | Server-Side Request Forgery (SSRF) vulnerability in Thoughtworks Gocd 21.3.0 Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). | 9.8 |
2021-12-21 | CVE-2021-45252 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Simple Forum/Discussion System 1.0 Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. | 9.8 |
2021-12-20 | CVE-2021-43439 | Iresturant Project | Cross-site Scripting vulnerability in Iresturant Project Iresturant 1.0 RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely | 9.8 |
2021-12-20 | CVE-2021-44525 | Zohocorp | Improper Authentication vulnerability in Zohocorp Manageengine Pam360 Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | 9.8 |
2021-12-20 | CVE-2021-44676 | Zohocorp | Improper Authentication vulnerability in Zohocorp Manageengine Access Manager Plus 4.1/4.2 Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | 9.8 |
2021-12-20 | CVE-2021-44790 | Apache Fedoraproject Debian Tenable Netapp Oracle Apple | Out-of-bounds Write vulnerability in multiple products A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). | 9.8 |
2021-12-20 | CVE-2021-44732 | ARM Debian | Double Free vulnerability in multiple products Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | 9.8 |
2021-12-23 | CVE-2021-38013 | Google Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-12-26 | CVE-2021-35055 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. | 9.3 |
2021-12-26 | CVE-2021-37560 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. | 9.3 |
2021-12-26 | CVE-2021-37561 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. | 9.3 |
2021-12-26 | CVE-2021-37563 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. | 9.3 |
2021-12-26 | CVE-2021-37566 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 9.3 |
2021-12-26 | CVE-2021-37568 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 9.3 |
2021-12-26 | CVE-2021-37569 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 9.3 |
2021-12-26 | CVE-2021-37583 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 9.3 |
2021-12-26 | CVE-2021-37584 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. | 9.3 |
2021-12-23 | CVE-2017-13880 | Apple | Unspecified vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved memory handling. | 9.3 |
2021-12-23 | CVE-2020-3886 | Apple | Use After Free vulnerability in Apple mac OS X A use after free issue was addressed with improved memory management. | 9.3 |
2021-12-22 | CVE-2021-21902 | Garrett | Improper Authentication vulnerability in Garrett IC Module CMA 5.0 An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. | 9.3 |
2021-12-20 | CVE-2021-43844 | Msedgeredirect Project | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Msedgeredirect Project Msedgeredirect MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. | 9.3 |
2021-12-20 | CVE-2021-43021 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution in the context of the current user. | 9.3 |
2021-12-20 | CVE-2021-43022 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PNG file, potentially resulting in arbitrary code execution in the context of the current user. | 9.3 |
2021-12-20 | CVE-2021-43024 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. | 9.3 |
2021-12-20 | CVE-2021-43026 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. | 9.3 |
2021-12-20 | CVE-2021-43028 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. | 9.3 |
2021-12-20 | CVE-2021-43029 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. | 9.3 |
2021-12-20 | CVE-2021-43747 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. | 9.3 |
2021-12-22 | CVE-2021-21873 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. | 9.1 |
2021-12-22 | CVE-2021-21874 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. | 9.1 |
2021-12-22 | CVE-2021-21875 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. | 9.1 |
2021-12-22 | CVE-2021-21876 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. | 9.1 |
2021-12-22 | CVE-2021-21877 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. | 9.1 |
2021-12-26 | CVE-2021-45524 | Netgear | Classic Buffer Overflow vulnerability in Netgear R8000 Firmware NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflow by an authenticated user. | 9.0 |
2021-12-23 | CVE-2021-3584 | Theforeman Redhat | OS Command Injection vulnerability in multiple products A server side remote code execution vulnerability was found in Foreman project. | 9.0 |
2021-12-22 | CVE-2021-21879 | Lantronix | Path Traversal vulnerability in Lantronix Premierwave 2050 8.9.0.0 A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 9.0 |
2021-12-22 | CVE-2021-21881 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 9.0 |
2021-12-22 | CVE-2021-21882 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 9.0 |
2021-12-22 | CVE-2021-21883 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 9.0 |
2021-12-22 | CVE-2021-21884 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 9.0 |
2021-12-22 | CVE-2021-21888 | Lantronix | OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). | 9.0 |
2021-12-22 | CVE-2021-21901 | Garrett | Out-of-bounds Write vulnerability in Garrett IC Module CMA 5.0 A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. | 9.0 |
2021-12-22 | CVE-2021-21904 | Garrett | Path Traversal vulnerability in Garrett IC Module CMA 5.0 A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. | 9.0 |
2021-12-22 | CVE-2021-21906 | Garrett | Out-of-bounds Write vulnerability in Garrett IC Module CMA 5.0 Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. | 9.0 |
122 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-12-26 | CVE-2021-37571 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 8.8 |
2021-12-23 | CVE-2021-3621 | Fedoraproject Redhat | OS Command Injection vulnerability in multiple products A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. | 8.8 |
2021-12-23 | CVE-2021-38005 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-38006 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-38007 | Google Fedoraproject Debian | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-38008 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-38011 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-38012 | Google Fedoraproject Debian | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-38014 | Google Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-38015 | Google Fedoraproject Debian | Improper Input Validation vulnerability in multiple products Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 8.8 |
2021-12-23 | CVE-2021-38016 | Google Fedoraproject Debian | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-38017 | Google Fedoraproject Debian | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4052 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 |
2021-12-23 | CVE-2021-4053 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4055 | Google Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 |
2021-12-23 | CVE-2021-4056 | Google Fedoraproject Debian | Type Confusion vulnerability in multiple products Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4057 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4058 | Google Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4061 | Google Fedoraproject Debian | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4062 | Google Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4063 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4064 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4065 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4066 | Google Fedoraproject Debian | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-23 | CVE-2021-4067 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-12-22 | CVE-2021-21936 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 8.8 |
2021-12-22 | CVE-2021-36886 | Ciphercoin | Cross-Site Request Forgery (CSRF) vulnerability in Ciphercoin Contact Form 7 Database Addon Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). | 8.8 |
2021-12-22 | CVE-2021-45419 | Starcharge | Insufficient Verification of Data Authenticity vulnerability in Starcharge products Certain Starcharge products are affected by Improper Input Validation. | 8.8 |
2021-12-20 | CVE-2021-3860 | Jfrog | SQL Injection vulnerability in Jfrog Artifactory JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | 8.8 |
2021-12-20 | CVE-2021-22057 | Vmware | Exposure of Resource to Wrong Sphere vulnerability in VMWare Workspace ONE Access VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. | 8.8 |
2021-12-20 | CVE-2021-35234 | Solarwinds | SQL Injection vulnerability in Solarwinds Orion Platform Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. | 8.8 |
2021-12-20 | CVE-2021-43437 | Engineers Online Portal Project | Injection vulnerability in Engineers Online Portal Project Engineers Online Portal 1.0 In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. | 8.8 |
2021-12-22 | CVE-2021-21905 | Garrett | Out-of-bounds Write vulnerability in Garrett IC Module CMA 5.0 Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. | 8.5 |
2021-12-20 | CVE-2021-35244 | Solarwinds | Unrestricted Upload of File with Dangerous Type vulnerability in Solarwinds Orion Platform The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. | 8.5 |
2021-12-20 | CVE-2021-44224 | Apache Fedoraproject Debian Tenable Oracle Apple | NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). | 8.2 |
2021-12-21 | CVE-2021-24739 | Shapedplugin | Authorization Bypass Through User-Controlled Key vulnerability in Shapedplugin Logo Carousel The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature | 8.1 |
2021-12-26 | CVE-2021-41788 | Mediatek | Improper Input Validation vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding. | 7.8 |
2021-12-23 | CVE-2021-40161 | Autodesk | Out-of-bounds Write vulnerability in Autodesk products A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. | 7.8 |
2021-12-23 | CVE-2021-45469 | Linux Fedoraproject Debian Netapp | Out-of-bounds Read vulnerability in multiple products In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. | 7.8 |
2021-12-23 | CVE-2021-45463 | Gegl Gimp Redhat Fedoraproject | load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. | 7.8 |
2021-12-22 | CVE-2021-21912 | Advantech | Incorrect Default Permissions vulnerability in Advantech R-Seenet 2.4.15 A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). | 7.8 |
2021-12-20 | CVE-2021-43025 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere Rush 1.5.12/1.5.16/1.5.8 Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. | 7.8 |
2021-12-26 | CVE-2021-45504 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 7.5 |
2021-12-26 | CVE-2021-45507 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 7.5 |
2021-12-26 | CVE-2021-45508 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 7.5 |
2021-12-26 | CVE-2021-45509 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 7.5 |
2021-12-26 | CVE-2021-45522 | Netgear | Use of Hard-coded Credentials vulnerability in Netgear Xr1000 Firmware 1.0.0.44/1.0.0.50/1.0.0.52 NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password. | 7.5 |
2021-12-26 | CVE-2021-45608 | Netgear | Integer Overflow or Wraparound vulnerability in Netgear D7800 Firmware, R6400V2 Firmware and R6700V3 Firmware Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45609 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45611 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45623 | Netgear | Command Injection vulnerability in Netgear R7800 Firmware, R9000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45624 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45625 | Netgear | Command Injection vulnerability in Netgear R6900P Firmware, R7000P Firmware and Xr300 Firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45627 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45630 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45637 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45638 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 7.5 |
2021-12-26 | CVE-2021-45642 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.5 |
2021-12-26 | CVE-2021-45644 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.5 |
2021-12-26 | CVE-2021-45645 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.5 |
2021-12-26 | CVE-2021-45658 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by server-side injection. | 7.5 |
2021-12-26 | CVE-2021-45678 | Netgear | Unspecified vulnerability in Netgear Rax200 Firmware NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. | 7.5 |
2021-12-25 | CVE-2021-45484 | Netbsd | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. | 7.5 |
2021-12-25 | CVE-2021-45485 | Linux Netapp Oracle | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | 7.5 |
2021-12-25 | CVE-2021-45487 | Netbsd | Use of Insufficiently Random Values vulnerability in Netbsd In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. | 7.5 |
2021-12-25 | CVE-2021-45488 | Netbsd | Use of Insufficiently Random Values vulnerability in Netbsd In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. | 7.5 |
2021-12-24 | CVE-2021-23490 | Parse Link Header Project | Unspecified vulnerability in Parse-Link-Header Project Parse-Link-Header The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function. | 7.5 |
2021-12-24 | CVE-2021-23574 | JS Data | Unspecified vulnerability in Js-Data All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. | 7.5 |
2021-12-23 | CVE-2021-45470 | Circl | Unspecified vulnerability in Circl Cve-Search lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. | 7.5 |
2021-12-23 | CVE-2019-8643 | Apple | Unspecified vulnerability in Apple mac OS X CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. | 7.5 |
2021-12-23 | CVE-2019-8703 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved entitlements. | 7.5 |
2021-12-23 | CVE-2021-22657 | Myscada | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 7.5 |
2021-12-23 | CVE-2021-23198 | Myscada | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 7.5 |
2021-12-23 | CVE-2021-27007 | Netapp | Unspecified vulnerability in Netapp Virtual Desktop Service NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session. | 7.5 |
2021-12-23 | CVE-2021-43981 | Myscada | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 7.5 |
2021-12-23 | CVE-2021-43984 | Myscada | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 7.5 |
2021-12-23 | CVE-2021-43985 | Myscada | Authentication Bypass Using an Alternate Path or Channel vulnerability in Myscada Mypro 7/7.0.26 An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. | 7.5 |
2021-12-23 | CVE-2021-43987 | Myscada | Hidden Functionality vulnerability in Myscada Mypro 7/7.0.26 An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. | 7.5 |
2021-12-23 | CVE-2021-43989 | Myscada | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. | 7.5 |
2021-12-23 | CVE-2021-44540 | Privoxy | Memory Leak vulnerability in Privoxy A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | 7.5 |
2021-12-23 | CVE-2021-44541 | Privoxy | Memory Leak vulnerability in Privoxy A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. | 7.5 |
2021-12-23 | CVE-2021-44542 | Privoxy | Memory Leak vulnerability in Privoxy A memory leak vulnerability was found in Privoxy when handling errors. | 7.5 |
2021-12-23 | CVE-2021-45462 | Open5Gs | Improper Validation of Specified Quantity in Input vulnerability in Open5Gs 2.4.0 In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. | 7.5 |
2021-12-23 | CVE-2021-20050 | Sonicwall | Unspecified vulnerability in Sonicwall products An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. | 7.5 |
2021-12-22 | CVE-2020-20601 | Thinkcmf | Code Injection vulnerability in Thinkcmf An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. | 7.5 |
2021-12-22 | CVE-2021-21952 | Anker | Improper Authentication vulnerability in Anker Eufy Homebase 2 Firmware 2.1.6.9H An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. | 7.5 |
2021-12-22 | CVE-2021-39306 | Realtek | Out-of-bounds Write vulnerability in Realtek Rtl8195Am Firmware 2.0.10/2.0.6 A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security. | 7.5 |
2021-12-22 | CVE-2021-40417 | Blackmagicdesign | Integer Overflow or Wraparound vulnerability in Blackmagicdesign Davinci Resolve 17.3.1.0005 When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. | 7.5 |
2021-12-22 | CVE-2021-40418 | Blackmagicdesign | Use of Uninitialized Resource vulnerability in Blackmagicdesign Davinci Resolve 17.3.1.0005 When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. | 7.5 |
2021-12-22 | CVE-2021-45461 | Sangoma | Unspecified vulnerability in Sangoma Restapps FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. | 7.5 |
2021-12-22 | CVE-2021-43155 | Projectworlds | SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. | 7.5 |
2021-12-22 | CVE-2021-43157 | Projectworlds | SQL Injection vulnerability in Projectworlds Online Shopping System in PHP 1.0 Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. | 7.5 |
2021-12-22 | CVE-2021-43628 | Projectworlds | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. | 7.5 |
2021-12-22 | CVE-2021-43629 | Projectworlds | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | 7.5 |
2021-12-22 | CVE-2021-43631 | Projectworlds | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. | 7.5 |
2021-12-22 | CVE-2021-40612 | Opmantek | Unspecified vulnerability in Opmantek Open-Audit An issue was discovered in Opmantek Open-AudIT after 3.5.0. | 7.5 |
2021-12-22 | CVE-2021-44029 | Quest | Deserialization of Untrusted Data vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. | 7.5 |
2021-12-22 | CVE-2021-44031 | Quest | Unrestricted Upload of File with Dangerous Type vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. | 7.5 |
2021-12-22 | CVE-2021-45459 | Node Windows Project | Command Injection vulnerability in Node-Windows Project Node-Windows lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. | 7.5 |
2021-12-21 | CVE-2021-27447 | Mesalabs | Command Injection vulnerability in Mesalabs Amegaview Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code. | 7.5 |
2021-12-21 | CVE-2021-27451 | Mesalabs | Improper Authentication vulnerability in Mesalabs Amegaview Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device. | 7.5 |
2021-12-21 | CVE-2021-27453 | Mesalabs | Authentication Bypass Using an Alternate Path or Channel vulnerability in Mesalabs Amegaview Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access. | 7.5 |
2021-12-21 | CVE-2021-45290 | Webassembly Fedoraproject | Reachable Assertion vulnerability in multiple products A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. | 7.5 |
2021-12-21 | CVE-2021-36336 | Dell | Deserialization of Untrusted Data vulnerability in Dell Wyse Management Suite Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. | 7.5 |
2021-12-21 | CVE-2021-45253 | Simple Cold Storage Management System Project | SQL Injection vulnerability in Simple Cold Storage Management System Project Simple Cold Storage Managment System 1.0 The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. | 7.5 |
2021-12-21 | CVE-2021-24849 | Wclovers | SQL Injection vulnerability in Wclovers Frontend Manager for Woocommerce Along With Bookings Subscription Listings Compatible The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections | 7.5 |
2021-12-21 | CVE-2021-45450 | ARM Fedoraproject | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | 7.5 |
2021-12-21 | CVE-2021-45451 | ARM Fedoraproject | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | 7.5 |
2021-12-20 | CVE-2021-44675 | Zohocorp | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5 Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | 7.5 |
2021-12-20 | CVE-2021-42913 | Samsung | Insufficiently Protected Credentials vulnerability in Samsung Syncthru web Service The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. | 7.5 |
2021-12-20 | CVE-2021-44858 | Mediawiki | Incorrect Default Permissions vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 7.5 |
2021-12-20 | CVE-2021-44164 | Chinasea | Unrestricted Upload of File with Dangerous Type vulnerability in Chinasea QB Smart Service Robot Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service. | 7.5 |
2021-12-23 | CVE-2021-44273 | E2Bn | Improper Certificate Validation vulnerability in E2Bn E2Guardian e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. | 7.4 |
2021-12-22 | CVE-2021-43804 | Teluu Debian | Out-of-bounds Read vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 7.3 |
2021-12-23 | CVE-2018-4478 | Apple | Improper Privilege Management vulnerability in Apple mac OS X A validation issue was addressed with improved logic. | 7.2 |
2021-12-22 | CVE-2021-21910 | Advantech | Incorrect Default Permissions vulnerability in Advantech R-Seenet 2.4.15 A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). | 7.2 |
2021-12-22 | CVE-2021-21911 | Advantech | Improper Privilege Management vulnerability in Advantech R-Seenet 2.4.15 A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). | 7.2 |
2021-12-21 | CVE-2021-43587 | Dell | Use of Hard-coded Cryptographic Key vulnerability in Dell Powerpath Management Appliance Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. | 7.2 |
2021-12-20 | CVE-2021-42808 | Thalesgroup | Unspecified vulnerability in Thalesgroup Sentinel Protection Installer 7.7.0 Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. | 7.2 |
2021-12-20 | CVE-2020-8105 | Goabode | OS Command Injection vulnerability in Goabode Iota All-In-One Security KIT Firmware OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. | 7.2 |
2021-12-25 | CVE-2021-4166 | VIM Redhat Suse Opensuse Debian Fedoraproject Apple | Out-of-bounds Read vulnerability in multiple products vim is vulnerable to Out-of-bounds Read | 7.1 |
2021-12-22 | CVE-2021-44733 | Linux Redhat Fedoraproject Debian Netapp | Race Condition vulnerability in multiple products A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. | 7.0 |
344 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-12-26 | CVE-2021-44078 | Unicorn Engine | Incorrect Comparison vulnerability in Unicorn-Engine Unicorn Engine An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. | 6.9 |
2021-12-20 | CVE-2021-42809 | Thalesgroup | Improper Control of Dynamically-Managed Code Resources vulnerability in Thalesgroup Sentinel Protection Installer 7.7.0 Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. | 6.9 |
2021-12-26 | CVE-2021-4168 | Showdoc | Cross-Site Request Forgery (CSRF) vulnerability in Showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | 6.8 |
2021-12-26 | CVE-2021-45523 | Netgear | Classic Buffer Overflow vulnerability in Netgear R7000 Firmware NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user. | 6.8 |
2021-12-24 | CVE-2021-23772 | Iris GO | Link Following vulnerability in Iris-Go Iris This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. | 6.8 |
2021-12-23 | CVE-2017-13835 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 6.8 |
2021-12-23 | CVE-2017-13905 | Apple | Race Condition vulnerability in Apple products A race condition was addressed with additional validation. | 6.8 |
2021-12-23 | CVE-2017-13906 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 6.8 |
2021-12-23 | CVE-2018-4302 | Apple | NULL Pointer Dereference vulnerability in Apple products A null pointer dereference was addressed with improved validation. | 6.8 |
2021-12-23 | CVE-2021-40160 | Autodesk | Out-of-bounds Read vulnerability in Autodesk products PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. | 6.8 |
2021-12-23 | CVE-2021-4118 | Pytorchlightning | Deserialization of Untrusted Data vulnerability in Pytorchlightning Pytorch Lightning pytorch-lightning is vulnerable to Deserialization of Untrusted Data | 6.8 |
2021-12-23 | CVE-2021-44526 | Zohocorp | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | 6.8 |
2021-12-23 | CVE-2021-44548 | Apache | Path Traversal vulnerability in Apache Solr An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. | 6.8 |
2021-12-23 | CVE-2021-4078 | Google Debian | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.8 |
2021-12-23 | CVE-2021-4079 | Google Debian | Out-of-bounds Write vulnerability in multiple products Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. | 6.8 |
2021-12-22 | CVE-2021-21878 | Lantronix | Exposure of Resource to Wrong Sphere vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 6.8 |
2021-12-22 | CVE-2021-21953 | Anker | Unspecified vulnerability in Anker Eufy Homebase 2 Firmware 2.1.6.9H An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. | 6.8 |
2021-12-21 | CVE-2021-44422 | Opendesign | Out-of-bounds Write vulnerability in Opendesign Drawings SDK An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. | 6.8 |
2021-12-21 | CVE-2021-44423 | Opendesign | Out-of-bounds Read vulnerability in Opendesign Drawings Explorer An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. | 6.8 |
2021-12-21 | CVE-2021-44859 | Opendesign | Out-of-bounds Read vulnerability in Opendesign Drawings SDK An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. | 6.8 |
2021-12-21 | CVE-2021-44860 | Opendesign | Out-of-bounds Read vulnerability in Opendesign Drawings SDK An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. | 6.8 |
2021-12-21 | CVE-2021-44207 | Acclaimsystems | Use of Hard-coded Credentials vulnerability in Acclaimsystems Usaherds Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. | 6.8 |
2021-12-20 | CVE-2021-36887 | Tarteaucitron JS Cookies Legislation Gdpr Project | Cross-Site Request Forgery (CSRF) vulnerability in Tarteaucitron.Js - Cookies Legislation & Gdpr Project Tarteaucitron.Js - Cookies Legislation & Gdpr Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass". | 6.8 |
2021-12-20 | CVE-2021-38401 | Fujielectric | Untrusted Pointer Dereference vulnerability in Fujielectric V-Server and V-Simulator Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash. | 6.8 |
2021-12-20 | CVE-2021-38409 | Fujielectric | Access of Uninitialized Pointer vulnerability in Fujielectric V-Server and V-Simulator Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service. | 6.8 |
2021-12-20 | CVE-2021-38413 | Fujielectric | Stack-based Buffer Overflow vulnerability in Fujielectric V-Server and V-Simulator Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution. | 6.8 |
2021-12-20 | CVE-2021-38415 | Fujielectric | Heap-based Buffer Overflow vulnerability in Fujielectric V-Server and V-Simulator Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code. | 6.8 |
2021-12-20 | CVE-2021-38419 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Server and V-Simulator Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution. | 6.8 |
2021-12-20 | CVE-2020-19316 | Laravel | OS Command Injection vulnerability in Laravel Framework OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17. | 6.8 |
2021-12-21 | CVE-2021-36317 | Dell | Insufficiently Protected Credentials vulnerability in Dell products Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. | 6.7 |
2021-12-21 | CVE-2021-36318 | Dell | Insufficiently Protected Credentials vulnerability in Dell EMC Avamar Server Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. | 6.7 |
2021-12-26 | CVE-2021-45499 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 6.5 |
2021-12-26 | CVE-2021-45525 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45526 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45527 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45528 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45529 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45530 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45531 | Netgear | Command Injection vulnerability in Netgear D6220 Firmware NETGEAR D6220 devices before 1.0.0.76 are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45534 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45541 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45544 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45546 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45547 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45548 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45551 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45552 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45553 | Netgear | Command Injection vulnerability in Netgear R6900P Firmware, R7000 Firmware and R7000P Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45555 | Netgear | Command Injection vulnerability in Netgear R7900P Firmware, R7960P Firmware and R8000P Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45556 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45557 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45595 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45596 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45597 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45598 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45599 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45600 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45601 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45605 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45606 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45607 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.5 |
2021-12-26 | CVE-2021-45640 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.5 |
2021-12-26 | CVE-2021-45641 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.5 |
2021-12-26 | CVE-2021-45679 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by privilege escalation. | 6.5 |
2021-12-23 | CVE-2021-20318 | Redhat | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 7.3.9/7.4.0 The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. | 6.5 |
2021-12-23 | CVE-2021-4024 | Podman Project Fedoraproject Redhat | Origin Validation Error vulnerability in multiple products A flaw was found in podman. | 6.5 |
2021-12-23 | CVE-2021-4144 | TP Link | OS Command Injection vulnerability in Tp-Link Tl-Wr802N Firmware TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | 6.5 |
2021-12-23 | CVE-2021-38009 | Google Fedoraproject Debian | Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2021-12-23 | CVE-2021-38010 | Google Fedoraproject Debian | Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | 6.5 |
2021-12-23 | CVE-2021-38018 | Google Fedoraproject Debian | Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
2021-12-23 | CVE-2021-38019 | Google Fedoraproject Debian | Always-Incorrect Control Flow Implementation vulnerability in multiple products Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2021-12-23 | CVE-2021-38021 | Google Fedoraproject Debian | Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |
2021-12-23 | CVE-2021-38022 | Google Fedoraproject Debian | Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2021-12-23 | CVE-2021-4054 | Google Fedoraproject Debian | Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
2021-12-23 | CVE-2021-4059 | Google Fedoraproject Debian | Improper Input Validation vulnerability in multiple products Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2021-12-23 | CVE-2021-4068 | Google Fedoraproject Debian | Improper Encoding or Escaping of Output vulnerability in multiple products Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2021-12-22 | CVE-2021-21880 | Lantronix | Path Traversal vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 6.5 |
2021-12-22 | CVE-2021-21885 | Lantronix | Path Traversal vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 6.5 |
2021-12-22 | CVE-2021-21887 | Lantronix | Out-of-bounds Write vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). | 6.5 |
2021-12-22 | CVE-2021-21889 | Lantronix | Out-of-bounds Write vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). | 6.5 |
2021-12-22 | CVE-2021-21890 | Lantronix | Out-of-bounds Write vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). | 6.5 |
2021-12-22 | CVE-2021-21891 | Lantronix | Out-of-bounds Write vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). | 6.5 |
2021-12-22 | CVE-2021-21892 | Lantronix | Out-of-bounds Write vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). | 6.5 |
2021-12-22 | CVE-2021-21894 | Lantronix | Path Traversal vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). | 6.5 |
2021-12-22 | CVE-2021-21895 | Lantronix | Path Traversal vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). | 6.5 |
2021-12-22 | CVE-2021-21915 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). | 6.5 |
2021-12-22 | CVE-2021-21916 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). | 6.5 |
2021-12-22 | CVE-2021-21917 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). | 6.5 |
2021-12-22 | CVE-2021-43630 | Projectworlds | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. | 6.5 |
2021-12-22 | CVE-2021-45418 | Starcharge | Path Traversal vulnerability in Starcharge products Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. | 6.5 |
2021-12-22 | CVE-2021-43851 | Anuko | SQL Injection vulnerability in Anuko Time Tracker Anuko Time Tracker is an open source, web-based time tracking application written in PHP. | 6.5 |
2021-12-21 | CVE-2021-27449 | Mesalabs | Command Injection vulnerability in Mesalabs Amegaview Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server. | 6.5 |
2021-12-21 | CVE-2021-36316 | Dell | Improper Privilege Management vulnerability in Dell EMC Avamar Server Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. | 6.5 |
2021-12-21 | CVE-2021-44874 | Dalmark | SQL Injection vulnerability in Dalmark Systeam Enterprise Resource Planning 2.22.8 Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. | 6.5 |
2021-12-21 | CVE-2021-24750 | WP Visitor Statistics Real Time Traffic Project | SQL Injection vulnerability in WP Visitor Statistics (Real Time Traffic) Project WP Visitor Statistics (Real Time Traffic) The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks | 6.5 |
2021-12-21 | CVE-2021-24846 | NI Woocommerce Custom Order Status Project | SQL Injection vulnerability in NI Woocommerce Custom Order Status Project NI Woocommerce Custom Order Status The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber | 6.5 |
2021-12-26 | CVE-2021-45517 | Netgear | Unspecified vulnerability in Netgear Xr1000 Firmware 1.0.0.44/1.0.0.50/1.0.0.52 NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. | 6.1 |
2021-12-26 | CVE-2021-45518 | Netgear | Unspecified vulnerability in Netgear Xr1000 Firmware 1.0.0.44/1.0.0.50/1.0.0.52 NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. | 6.1 |
2021-12-26 | CVE-2021-45519 | Netgear | Unspecified vulnerability in Netgear Xr1000 Firmware 1.0.0.44/1.0.0.50/1.0.0.52 NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. | 6.1 |
2021-12-24 | CVE-2021-45472 | Mediawiki Fedoraproject | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | 6.1 |
2021-12-24 | CVE-2021-45473 | Mediawiki Fedoraproject | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). | 6.1 |
2021-12-24 | CVE-2021-45474 | Mediawiki Fedoraproject | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | 6.1 |
2021-12-23 | CVE-2021-44543 | Privoxy | Cross-site Scripting vulnerability in Privoxy An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. | 6.1 |
2021-12-22 | CVE-2021-36885 | Ciphercoin | Cross-site Scripting vulnerability in Ciphercoin Contact Form 7 Database Addon Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1). | 6.1 |
2021-12-20 | CVE-2021-43440 | Iorder Project | Cross-site Scripting vulnerability in Iorder Project Iorder 1.0 Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field. | 6.1 |
2021-12-22 | CVE-2020-20593 | Rockoa | Cross-Site Request Forgery (CSRF) vulnerability in Rockoa 1.9.8 A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. | 6.0 |
2021-12-21 | CVE-2021-4139 | Pimcore | Cross-site Scripting vulnerability in Pimcore pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.0 |
2021-12-26 | CVE-2021-45500 | Netgear | Unspecified vulnerability in Netgear R7000P Firmware and R8000 Firmware Certain NETGEAR devices are affected by authentication bypass. | 5.8 |
2021-12-26 | CVE-2021-45502 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 5.8 |
2021-12-26 | CVE-2021-45503 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 5.8 |
2021-12-26 | CVE-2021-45505 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 5.8 |
2021-12-26 | CVE-2021-45506 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 5.8 |
2021-12-26 | CVE-2021-45510 | Netgear | Unspecified vulnerability in Netgear Xr1000 Firmware 1.0.0.44/1.0.0.50/1.0.0.52 NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. | 5.8 |
2021-12-26 | CVE-2021-45513 | Netgear | Command Injection vulnerability in Netgear Xr1000 Firmware 1.0.0.44/1.0.0.50/1.0.0.52 NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45514 | Netgear | Command Injection vulnerability in Netgear Xr1000 Firmware 1.0.0.44/1.0.0.50/1.0.0.52 NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45520 | Netgear | Use of Hard-coded Credentials vulnerability in Netgear Rbk352 Firmware, Rbr350 Firmware and Rbs350 Firmware Certain NETGEAR devices are affected by a hardcoded password. | 5.8 |
2021-12-26 | CVE-2021-45573 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45615 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45626 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45628 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45629 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45631 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45632 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45633 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45634 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45635 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2021-12-26 | CVE-2021-45636 | Netgear | Out-of-bounds Write vulnerability in Netgear D7000 Firmware NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based buffer overflow by an unauthenticated attacker. | 5.8 |
2021-12-24 | CVE-2021-20875 | Groupsession | Open Redirect vulnerability in Groupsession Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL. | 5.8 |
2021-12-21 | CVE-2021-36337 | Dell | Inadequate Encryption Strength vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | 5.8 |
2021-12-20 | CVE-2021-38421 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric V-Server and V-Simulator Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash. | 5.8 |
2021-12-22 | CVE-2021-21896 | Lantronix | Path Traversal vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). | 5.5 |
2021-12-22 | CVE-2021-21908 | Garrett | Path Traversal vulnerability in Garrett IC Module Firmware 5.0 Specially-crafted command line arguments can lead to arbitrary file deletion. | 5.5 |
2021-12-22 | CVE-2021-21909 | Garrett | Path Traversal vulnerability in Garrett IC Module Firmware 5.0 Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. | 5.5 |
2021-12-22 | CVE-2021-45262 | Gpac | Use After Free vulnerability in Gpac 1.1.0 An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash. | 5.5 |
2021-12-22 | CVE-2021-45263 | Gpac | Use After Free vulnerability in Gpac 1.1.0 An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash. | 5.5 |
2021-12-22 | CVE-2021-45267 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash. | 5.5 |
2021-12-22 | CVE-2021-36750 | Zendesk Sandisk | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names). | 5.5 |
2021-12-21 | CVE-2021-45297 | Gpac | Infinite Loop vulnerability in Gpac 1.1.0 An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size. | 5.5 |
2021-12-21 | CVE-2021-45289 | Gpac | Unspecified vulnerability in Gpac 1.0.1 A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. | 5.5 |
2021-12-21 | CVE-2021-45291 | Gpac | Use After Free vulnerability in Gpac 1.0.1 The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. | 5.5 |
2021-12-21 | CVE-2021-45292 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.0.1 The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. | 5.5 |
2021-12-21 | CVE-2021-45293 | Webassembly Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. | 5.5 |
2021-12-20 | CVE-2021-43438 | Iresturant Project | Cross-site Scripting vulnerability in Iresturant Project Iresturant 1.0 Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field | 5.4 |
2021-12-24 | CVE-2021-45471 | Mediawiki Fedoraproject | In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | 5.3 |
2021-12-20 | CVE-2021-43441 | Iorder Project | Cross-site Scripting vulnerability in Iorder Project Iorder 1.0 An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form | 5.3 |
2021-12-26 | CVE-2021-45533 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45535 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45536 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45537 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user . | 5.2 |
2021-12-26 | CVE-2021-45538 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45539 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45540 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45542 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45543 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45545 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45549 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45550 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45554 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45558 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45559 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45560 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45561 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45562 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45563 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45564 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45565 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45566 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45567 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45568 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45569 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45570 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45571 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45572 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45574 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45575 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45576 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45577 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45578 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45579 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45580 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45581 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45582 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45583 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45584 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45585 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45586 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45587 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45588 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45589 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45590 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45591 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45592 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45593 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45594 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2021-12-26 | CVE-2021-45655 | Netgear | Injection vulnerability in Netgear R6400 Firmware NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection. | 5.2 |
2021-12-21 | CVE-2021-24981 | Wpwax | Unrestricted Upload of File with Dangerous Type vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. | 5.1 |
2021-12-26 | CVE-2021-45712 | Rust Embed Project | Path Traversal vulnerability in Rust-Embed Project Rust-Embed An issue was discovered in the rust-embed crate before 6.3.0 for Rust. | 5.0 |
2021-12-26 | CVE-2021-45713 | Rusqlite Project | Use After Free vulnerability in Rusqlite Project Rusqlite An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. | 5.0 |
2021-12-26 | CVE-2021-45714 | Rusqlite Project | Use After Free vulnerability in Rusqlite Project Rusqlite An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. | 5.0 |
2021-12-26 | CVE-2021-45715 | Rusqlite Project | Use After Free vulnerability in Rusqlite Project Rusqlite An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. | 5.0 |
2021-12-26 | CVE-2021-45716 | Rusqlite Project | Use After Free vulnerability in Rusqlite Project Rusqlite An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. | 5.0 |
2021-12-26 | CVE-2021-45717 | Rusqlite Project | Use After Free vulnerability in Rusqlite Project Rusqlite An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. | 5.0 |
2021-12-26 | CVE-2021-45718 | Rusqlite Project | Use After Free vulnerability in Rusqlite Project Rusqlite An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. | 5.0 |
2021-12-26 | CVE-2021-45719 | Rusqlite Project | Use After Free vulnerability in Rusqlite Project Rusqlite An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. | 5.0 |
2021-12-26 | CVE-2021-45720 | LRU Project | Use After Free vulnerability in LRU Project LRU An issue was discovered in the lru crate before 0.7.1 for Rust. | 5.0 |
2021-12-26 | CVE-2021-45493 | Netgear | Information Exposure vulnerability in Netgear Rax35 Firmware, Rax38 Firmware and Rax40 Firmware Certain NETGEAR devices are affected by disclosure of administrative credentials. | 5.0 |
2021-12-26 | CVE-2021-45646 | Netgear | Information Exposure vulnerability in Netgear R7000 Firmware NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information. | 5.0 |
2021-12-26 | CVE-2021-45647 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 5.0 |
2021-12-26 | CVE-2021-45648 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 5.0 |
2021-12-26 | CVE-2021-45650 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 5.0 |
2021-12-26 | CVE-2021-45651 | Netgear | Information Exposure vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by disclosure of sensitive information. | 5.0 |
2021-12-26 | CVE-2021-45652 | Netgear | Information Exposure vulnerability in Netgear Rbk352 Firmware, Rbr350 Firmware and Rbs350 Firmware Certain NETGEAR devices are affected by disclosure of sensitive information. | 5.0 |
2021-12-26 | CVE-2021-45653 | Netgear | Information Exposure vulnerability in Netgear Rbk352 Firmware, Rbr350 Firmware and Rbs350 Firmware Certain NETGEAR devices are affected by disclosure of sensitive information. | 5.0 |
2021-12-26 | CVE-2021-45654 | Netgear | Information Exposure vulnerability in Netgear Xr1000 Firmware 1.0.0.44/1.0.0.50/1.0.0.52 NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information. | 5.0 |
2021-12-26 | CVE-2021-32467 | Mediatek | Out-of-bounds Read vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. | 5.0 |
2021-12-26 | CVE-2021-32468 | Mediatek | Out-of-bounds Read vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. | 5.0 |
2021-12-26 | CVE-2021-32469 | Mediatek | Out-of-bounds Read vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. | 5.0 |
2021-12-26 | CVE-2021-37562 | Mediatek | Out-of-bounds Read vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. | 5.0 |
2021-12-26 | CVE-2021-37564 | Mediatek | Out-of-bounds Read vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 5.0 |
2021-12-26 | CVE-2021-37565 | Mediatek | Out-of-bounds Read vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 5.0 |
2021-12-26 | CVE-2021-37567 | Mediatek | Out-of-bounds Read vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 5.0 |
2021-12-26 | CVE-2021-37570 | Mediatek | Out-of-bounds Read vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 5.0 |
2021-12-26 | CVE-2021-37572 | Mediatek | Missing Authorization vulnerability in Mediatek products MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. | 5.0 |
2021-12-25 | CVE-2021-45489 | Netbsd | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. | 5.0 |
2021-12-24 | CVE-2021-20827 | Idec | Cleartext Storage of Sensitive Information vulnerability in Idec products Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. | 5.0 |
2021-12-24 | CVE-2021-20874 | Groupsession | Incorrect Permission Assignment for Critical Resource vulnerability in Groupsession Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors. | 5.0 |
2021-12-23 | CVE-2020-35398 | Utimf | Information Exposure Through Discrepancy vulnerability in Utimf UTI Mutual Fund Invest Online An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted. | 5.0 |
2021-12-23 | CVE-2017-13892 | Apple | Unspecified vulnerability in Apple mac OS X and Macos An issue existed in the handling of Contact sharing. | 5.0 |
2021-12-23 | CVE-2017-2488 | Apple | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apple Remote Desktop A cryptographic weakness existed in the authentication protocol of Remote Desktop. | 5.0 |
2021-12-23 | CVE-2021-35243 | Solarwinds | Unspecified vulnerability in Solarwinds web Help Desk The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. | 5.0 |
2021-12-23 | CVE-2021-43854 | Nltk | Resource Exhaustion vulnerability in Nltk NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. | 5.0 |
2021-12-23 | CVE-2021-44600 | Online Mens Salon Management System Project | SQL Injection vulnerability in Online Mens Salon Management System Project Online Mens Salon Management System 1.0 The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. | 5.0 |
2021-12-23 | CVE-2021-44599 | Online Enrollment Management System Project | SQL Injection vulnerability in Online Enrollment Management System Project Online Enrollment Management System 1.0 The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. | 5.0 |
2021-12-23 | CVE-2021-20049 | Sonicwall | Information Exposure Through Discrepancy vulnerability in Sonicwall products A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. | 5.0 |
2021-12-22 | CVE-2021-45266 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash. | 5.0 |
2021-12-21 | CVE-2021-36350 | Dell | Improper Authentication vulnerability in Dell Powerscale Onefs 9.0/9.1 Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. | 5.0 |
2021-12-21 | CVE-2021-43839 | Crypto | Always-Incorrect Control Flow Implementation vulnerability in Crypto Cronos, Ethermint and Evmos Cronos is a commercial implementation of a blockchain. | 5.0 |
2021-12-21 | CVE-2021-44875 | Dalmark | Information Exposure Through Discrepancy vulnerability in Dalmark Systeam Enterprise Resource Planning 2.22.8 Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. | 5.0 |
2021-12-21 | CVE-2021-44876 | Dalmark | Information Exposure Through Discrepancy vulnerability in Dalmark Systeam Enterprise Resource Planning 2.22.8 Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. | 5.0 |
2021-12-21 | CVE-2021-44877 | Dalmark | Unspecified vulnerability in Dalmark Systeam Enterprise Resource Planning 2.22.8 Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. | 5.0 |
2021-12-20 | CVE-2021-43843 | JSX Slack Project | Unspecified vulnerability in Jsx-Slack Project Jsx-Slack jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. | 5.0 |
2021-12-20 | CVE-2021-22056 | Vmware | Server-Side Request Forgery (SSRF) vulnerability in VMWare products VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. | 5.0 |
2021-12-20 | CVE-2021-41561 | Apache | Improper Input Validation vulnerability in Apache Parquet-Mr Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. | 5.0 |
2021-12-20 | CVE-2021-44554 | Cybelesoft | Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. | 5.0 |
2021-12-20 | CVE-2021-44162 | Chinasea | Path Traversal vulnerability in Chinasea QB Smart Service Robot Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. | 5.0 |
2021-12-24 | CVE-2021-45480 | Linux Debian | Memory Leak vulnerability in multiple products An issue was discovered in the Linux kernel before 5.15.11. | 4.7 |
2021-12-26 | CVE-2021-45532 | Netgear | Command Injection vulnerability in Netgear R8000 Firmware NETGEAR R8000 devices before 1.0.4.76 are affected by command injection by an authenticated user. | 4.6 |
2021-12-26 | CVE-2021-45602 | Netgear | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 4.6 |
2021-12-26 | CVE-2021-45656 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by server-side injection. | 4.6 |
2021-12-26 | CVE-2021-45657 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by server-side injection. | 4.6 |
2021-12-26 | CVE-2021-45659 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by server-side injection. | 4.6 |
2021-12-26 | CVE-2021-45660 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by server-side injection. | 4.6 |
2021-12-26 | CVE-2021-45661 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by server-side injection. | 4.6 |
2021-12-23 | CVE-2017-13907 | Apple | Unspecified vulnerability in Apple mac OS X A state management issue was addressed with improved state validation. | 4.6 |
2021-12-23 | CVE-2017-13908 | Apple | Unspecified vulnerability in Apple mac OS X An issue in handling file permissions was addressed with improved validation. | 4.6 |
2021-12-21 | CVE-2021-27445 | Mesalabs | Incorrect Permission Assignment for Critical Resource vulnerability in Mesalabs Amegaview Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device. | 4.6 |
2021-12-26 | CVE-2021-45494 | Netgear | Unspecified vulnerability in Netgear Rbk352 Firmware, Rbr350 Firmware and Rbs350 Firmware Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. | 4.5 |
2021-12-23 | CVE-2021-23175 | Nvidia | Incorrect Authorization vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream. | 4.4 |
2021-12-26 | CVE-2021-44598 | Attendance Management System Project | Cross-site Scripting vulnerability in Attendance Management System Project Attendance Management System 1.0 Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. | 4.3 |
2021-12-26 | CVE-2021-4169 | Livehelperchat | Cross-site Scripting vulnerability in Livehelperchat Live Helper Chat livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 4.3 |
2021-12-26 | CVE-2021-45639 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by reflected XSS. | 4.3 |
2021-12-26 | CVE-2021-45677 | Netgear | Cross-site Scripting vulnerability in Netgear Gs108T Firmware and Gs110Tp Firmware Certain NETGEAR devices are affected by stored XSS. | 4.3 |
2021-12-25 | CVE-2021-4162 | Archivy Project | Cross-Site Request Forgery (CSRF) vulnerability in Archivy Project Archivy archivy is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 |
2021-12-25 | CVE-2021-45481 | Webkitgtk | Memory Leak vulnerability in Webkitgtk In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. | 4.3 |
2021-12-25 | CVE-2021-45482 | Webkitgtk | Use After Free vulnerability in Webkitgtk In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. | 4.3 |
2021-12-25 | CVE-2021-45483 | Webkitgtk | Use After Free vulnerability in Webkitgtk In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. | 4.3 |
2021-12-23 | CVE-2021-3622 | Redhat Fedoraproject | Resource Exhaustion vulnerability in multiple products A flaw was found in the hivex library. | 4.3 |
2021-12-23 | CVE-2020-3896 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed by removing the vulnerable code. | 4.3 |
2021-12-23 | CVE-2021-38020 | Google Fedoraproject Debian | Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
2021-12-22 | CVE-2020-20425 | S CMS | Cross-site Scripting vulnerability in S-Cms 5.0 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. | 4.3 |
2021-12-22 | CVE-2020-20426 | S CMS | Cross-site Scripting vulnerability in S-Cms 5.0 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. | 4.3 |
2021-12-22 | CVE-2020-20595 | Opms Project | Cross-Site Request Forgery (CSRF) vulnerability in Opms Project Opms 1.3 A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. | 4.3 |
2021-12-22 | CVE-2020-20597 | Mossle | Cross-site Scripting vulnerability in Mossle Lemon 1.10.0 A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. | 4.3 |
2021-12-22 | CVE-2020-20598 | Mossle | Cross-site Scripting vulnerability in Mossle Lemon 1.10.0 A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. | 4.3 |
2021-12-22 | CVE-2020-20605 | Personal Blog CMS Project | Cross-site Scripting vulnerability in Personal Blog CMS Project Personal Blog CMS 1.0 Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component. | 4.3 |
2021-12-22 | CVE-2021-23228 | Deltaww | Cross-site Scripting vulnerability in Deltaww Diaenergie 1.7.5 DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. | 4.3 |
2021-12-22 | CVE-2021-31558 | Deltaww | Cross-site Scripting vulnerability in Deltaww Diaenergie 1.7.5 DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. | 4.3 |
2021-12-22 | CVE-2021-44471 | Deltaww | Cross-site Scripting vulnerability in Deltaww Diaenergie 1.7.5 DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | 4.3 |
2021-12-22 | CVE-2021-44544 | Deltaww | Cross-site Scripting vulnerability in Deltaww Diaenergie 1.7.5 DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | 4.3 |
2021-12-22 | CVE-2021-43156 | Projectworlds | Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Book Store Project in PHP 1.0 In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | 4.3 |
2021-12-22 | CVE-2021-43158 | Projectworlds | Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Shopping System in PHP 1.0 In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. | 4.3 |
2021-12-22 | CVE-2021-45260 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-22 | CVE-2021-45261 | GNU | Release of Invalid Pointer or Reference vulnerability in GNU Patch 2.7 An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. | 4.3 |
2021-12-22 | CVE-2021-45256 | Nasm | NULL Pointer Dereference vulnerability in Nasm Netwide Assembler 2.16 A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. | 4.3 |
2021-12-22 | CVE-2021-45257 | Nasm | Infinite Loop vulnerability in Nasm Netwide Assembler 2.16 An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. | 4.3 |
2021-12-22 | CVE-2021-45258 | Gpac | Out-of-bounds Write vulnerability in Gpac 1.1.0 A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-22 | CVE-2021-45259 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-22 | CVE-2021-40836 | F Secure | Unspecified vulnerability in F-Secure products A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. | 4.3 |
2021-12-22 | CVE-2021-44028 | Quest | XXE vulnerability in Quest Kace Desktop Authority XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. | 4.3 |
2021-12-22 | CVE-2021-44030 | Quest | Cross-site Scripting vulnerability in Quest Kace Desktop Authority Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. | 4.3 |
2021-12-21 | CVE-2021-44918 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash. | 4.3 |
2021-12-21 | CVE-2021-44919 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash. | 4.3 |
2021-12-21 | CVE-2021-44920 | Gpac | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gpac 1.1.0 An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-21 | CVE-2021-44921 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-21 | CVE-2021-44922 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-21 | CVE-2021-44923 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-21 | CVE-2021-44924 | Gpac | Infinite Loop vulnerability in Gpac 1.1.0 An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. | 4.3 |
2021-12-21 | CVE-2021-44925 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-21 | CVE-2021-44926 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-21 | CVE-2021-44927 | Gpac | NULL Pointer Dereference vulnerability in Gpac 1.1.0 A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. | 4.3 |
2021-12-21 | CVE-2021-44917 | Gnuplot | Divide By Zero vulnerability in Gnuplot 5.4 A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. | 4.3 |
2021-12-21 | CVE-2021-45288 | Gpac | Double Free vulnerability in Gpac 1.0.1 A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. | 4.3 |
2021-12-21 | CVE-2012-20001 | Prestashop | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | 4.3 |
2021-12-21 | CVE-2021-24578 | Themeboy | Cross-site Scripting vulnerability in Themeboy Sportspress The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue | 4.3 |
2021-12-21 | CVE-2021-24907 | Wpeverest | Cross-site Scripting vulnerability in Wpeverest Everest Forms The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue | 4.3 |
2021-12-21 | CVE-2021-24941 | Icegram | Cross-site Scripting vulnerability in Icegram The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue | 4.3 |
2021-12-21 | CVE-2021-24956 | Adenion | Cross-site Scripting vulnerability in Adenion Blog2Social The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue | 4.3 |
2021-12-20 | CVE-2021-43846 | Nebulab | Cross-Site Request Forgery (CSRF) vulnerability in Nebulab Solidus `solidus_frontend` is the cart and storefront for the Solidus e-commerce project. | 4.3 |
2021-12-20 | CVE-2021-35248 | Solarwinds | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion Platform It has been reported that any Orion user, e.g. | 4.3 |
2021-12-20 | CVE-2021-43746 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. | 4.3 |
2021-12-20 | CVE-2021-43748 | Adobe | NULL Pointer Dereference vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. | 4.3 |
2021-12-20 | CVE-2021-43749 | Adobe | NULL Pointer Dereference vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. | 4.3 |
2021-12-20 | CVE-2021-43750 | Adobe | NULL Pointer Dereference vulnerability in Adobe Premiere Rush 1.5.12/1.5.8 Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. | 4.3 |
2021-12-20 | CVE-2021-44697 | Adobe | Out-of-bounds Read vulnerability in Adobe Audition 13.0.5/13.0.6/22.0 Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 4.3 |
2021-12-20 | CVE-2021-44698 | Adobe | Out-of-bounds Read vulnerability in Adobe Audition 13.0.5/13.0.6/22.0 Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 4.3 |
2021-12-20 | CVE-2021-44699 | Adobe | Out-of-bounds Read vulnerability in Adobe Audition 13.0.5/13.0.6/22.0 Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 4.3 |
2021-12-20 | CVE-2021-44916 | Opmantek | Cross-site Scripting vulnerability in Opmantek Open-Audit Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. | 4.3 |
2021-12-20 | CVE-2021-44163 | Chinasea | Cross-site Scripting vulnerability in Chinasea QB Smart Service Robot Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication. | 4.3 |
2021-12-24 | CVE-2021-20876 | Groupsession | Path Traversal vulnerability in Groupsession Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors. | 4.0 |
2021-12-22 | CVE-2021-21886 | Lantronix | Path Traversal vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0 A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. | 4.0 |
2021-12-22 | CVE-2021-21907 | Garrett | Path Traversal vulnerability in Garrett IC Module CMA 5.0 A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. | 4.0 |
2021-12-22 | CVE-2021-21918 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21919 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21920 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21921 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21922 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21923 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21924 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21925 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21926 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21927 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21928 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21929 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21930 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21931 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21932 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21933 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21934 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21935 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-21937 | Advantech | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
2021-12-22 | CVE-2021-39013 | IBM | Information Exposure vulnerability in IBM Cloud PAK for Security 1.7.0.0/1.7.1.0/1.7.2.0 IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. | 4.0 |
2021-12-21 | CVE-2021-38900 | IBM | Unspecified vulnerability in IBM products IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. | 4.0 |
2021-12-21 | CVE-2021-45091 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security 2.1.0/2.1.1 Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | 4.0 |
2021-12-20 | CVE-2021-43847 | Humhub | Missing Authorization vulnerability in Humhub HumHub is an open-source social network kit written in PHP. | 4.0 |
48 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-12-26 | CVE-2021-45662 | Netgear | Cross-site Scripting vulnerability in Netgear R7000 Firmware NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45663 | Netgear | Cross-site Scripting vulnerability in Netgear R7000 Firmware NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45664 | Netgear | Cross-site Scripting vulnerability in Netgear R7000 Firmware NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45665 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45666 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45667 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45668 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45669 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45670 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45671 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45672 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by Stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45673 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45674 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45675 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-26 | CVE-2021-45676 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 3.5 |
2021-12-25 | CVE-2021-45486 | Linux Oracle | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | 3.5 |
2021-12-24 | CVE-2021-3977 | Invoiceninja | Cross-site Scripting vulnerability in Invoiceninja Invoice Ninja invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
2021-12-24 | CVE-2021-4072 | Elgg | Cross-site Scripting vulnerability in Elgg elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
2021-12-22 | CVE-2020-20600 | Metinfo | Cross-site Scripting vulnerability in Metinfo 7.0.0 MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn. | 3.5 |
2021-12-22 | CVE-2021-43853 | Ajax NET Professional Project | Deserialization of Untrusted Data vulnerability in Ajax.Net Professional Project Ajax.Net Professional Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. | 3.5 |
2021-12-21 | CVE-2021-38893 | IBM | Cross-site Scripting vulnerability in IBM products IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. | 3.5 |
2021-12-21 | CVE-2021-38966 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Automation and Workflow Process Service IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. | 3.5 |
2021-12-21 | CVE-2020-19770 | Wuzhicms | Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 4.1.0 A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. | 3.5 |
2021-12-21 | CVE-2021-24738 | Shapedplugin | Cross-site Scripting vulnerability in Shapedplugin Logo Carousel The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | 3.5 |
2021-12-20 | CVE-2021-43842 | Requarks | Cross-site Scripting vulnerability in Requarks Wiki.Js Wiki.js is a wiki app built on Node.js. | 3.5 |
2021-12-20 | CVE-2021-36889 | Tarteaucitron JS Cookies Legislation Gdpr Project | Cross-site Scripting vulnerability in Tarteaucitron.Js - Cookies Legislation & Gdpr Project Tarteaucitron.Js - Cookies Legislation & Gdpr Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6). | 3.5 |
2021-12-20 | CVE-2021-42138 | Thalesgroup | Insufficient Entropy vulnerability in Thalesgroup Safenet Windows Logon Agent A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. | 3.5 |
2021-12-20 | CVE-2021-44263 | Gurock | Cross-site Scripting vulnerability in Gurock Testrail Gurock TestRail before 7.2.4 mishandles HTML escaping. | 3.5 |
2021-12-26 | CVE-2021-45515 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 3.3 |
2021-12-26 | CVE-2021-45521 | Netgear | Use of Hard-coded Credentials vulnerability in Netgear Rbk352 Firmware, Rbr350 Firmware and Rbs350 Firmware Certain NETGEAR devices are affected by a hardcoded password. | 3.3 |
2021-12-26 | CVE-2021-45643 | Netgear | Unspecified vulnerability in Netgear R6400V2 Firmware, R6700V3 Firmware and Xr1000 Firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. | 3.3 |
2021-12-24 | CVE-2021-20826 | Idec | Insufficiently Protected Credentials vulnerability in Idec products Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software. | 3.3 |
2021-12-20 | CVE-2021-43030 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Premiere Rush 1.5.12/1.5.16/1.5.8 Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose arbitrary data on affected installations. | 3.3 |
2021-12-20 | CVE-2021-44182 | Adobe | Out-of-bounds Read vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 3.3 |
2021-12-20 | CVE-2021-44183 | Adobe | Out-of-bounds Read vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 3.3 |
2021-12-26 | CVE-2021-45516 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 2.7 |
2021-12-26 | CVE-2021-45604 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 2.7 |
2021-12-21 | CVE-2021-45089 | Stormshield | Unspecified vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2/2.1.0 Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | 2.3 |
2021-12-26 | CVE-2021-45603 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 2.1 |
2021-12-26 | CVE-2021-45649 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 2.1 |
2021-12-23 | CVE-2017-13909 | Apple | Insecure Storage of Sensitive Information vulnerability in Apple mac OS X An issue existed in the storage of sensitive tokens. | 2.1 |
2021-12-23 | CVE-2017-13910 | Apple | Unspecified vulnerability in Apple mac OS X An access issue was addressed with additional sandbox restrictions on applications. | 2.1 |
2021-12-23 | CVE-2017-2375 | Apple | Unspecified vulnerability in Apple Iphone OS An issue existed in preventing the uploading of CallKit call history to iCloud. | 2.1 |
2021-12-23 | CVE-2019-8702 | Apple | Exposure of Resource to Wrong Sphere vulnerability in Apple Iphone OS This issue was addressed with a new entitlement. | 2.1 |
2021-12-23 | CVE-2021-27006 | Netapp | Unspecified vulnerability in Netapp Storagegrid StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager. | 2.1 |
2021-12-23 | CVE-2021-30767 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved state management. | 2.1 |
2021-12-23 | CVE-2021-43849 | Cordova Plugin Fingerprint ALL IN ONE Project | Reachable Assertion vulnerability in Cordova Plugin Fingerprint All-In-One Project Cordova Plugin Fingerprint All-In-One cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. | 2.1 |
2021-12-21 | CVE-2021-36341 | Dell | Information Exposure vulnerability in Dell Wyse Device Agent 14.5.4.1 Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. | 2.1 |