| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25470 | Hig | 0.51 | 7.9 | 0.00 | Oct 6, 2021 | An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE. | ||
| CVE-2021-38925 | Hig | 0.49 | 7.5 | 0.01 | Oct 6, 2021 | IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. | ||
| CVE-2021-29837 | Hig | 0.57 | 8.8 | 0.00 | Oct 6, 2021 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. | ||
| CVE-2021-20264 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to… | ||
| CVE-2021-0692 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0688 | Hig | 0.46 | 7.0 | 0.00 | Oct 6, 2021 | In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10… | ||
| CVE-2021-0685 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0684 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0683 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0636 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:… | ||
| CVE-2021-0635 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:… | ||
| CVE-2021-0598 | Hig | 0.47 | 7.3 | 0.00 | Oct 6, 2021 | In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2021-0595 | Hig | 0.51 | 7.8 | 0.00 | Oct 6, 2021 | In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-28702 | Hig | 0.49 | 7.6 | 0.00 | Oct 6, 2021 | PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is… | ||
| CVE-2021-24019 | Hig | 0.53 | 8.1 | 0.04 | Oct 6, 2021 | An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other,… | ||
| CVE-2021-31988 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2021 | A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. | ||
| CVE-2021-31987 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2021 | A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. | ||
| CVE-2020-21503 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2021 | waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. | ||
| CVE-2021-41124 | Hig | 0.41 | 7.4 | 0.01 | Oct 5, 2021 | Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and… | ||
| CVE-2021-41120 | Hig | 0.42 | 7.5 | 0.01 | Oct 5, 2021 | sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the… | ||
| CVE-2021-3581 | Hig | 0.46 | 7.0 | 0.00 | Oct 5, 2021 | Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 | ||
| CVE-2021-3510 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2021 | Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 | ||
| CVE-2021-41116 | Hig | 0.47 | 8.2 | 0.03 | Oct 5, 2021 | Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has… | ||
| CVE-2021-41113 | Hig | 0.50 | 8.8 | 0.01 | Oct 5, 2021 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The… | ||
| CVE-2021-35497 | Hig | 0.49 | 7.5 | 0.00 | Oct 5, 2021 | The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL -… | ||
| CVE-2021-41286 | Hig | 0.51 | 7.8 | 0.00 | Oct 5, 2021 | Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an… | ||
| CVE-2021-35491 | Hig | 0.53 | 8.1 | 0.01 | Oct 5, 2021 | A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request.… | ||
| CVE-2021-41554 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2021 | ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.ax… | ||
| CVE-2021-22261 | Hig | 0.48 | 7.3 | 0.01 | Oct 5, 2021 | A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code… | ||
| CVE-2021-39887 | Hig | 0.48 | 7.3 | 0.01 | Oct 5, 2021 | A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. | ||
| CVE-2021-35505 | Hig | 0.47 | 7.2 | 0.03 | Oct 5, 2021 | Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | ||
| CVE-2021-35504 | Hig | 0.47 | 7.2 | 0.03 | Oct 5, 2021 | Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | ||
| CVE-2021-41524 | Hig | 0.51 | 7.5 | 0.25 | Oct 5, 2021 | While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is… | ||
| CVE-2021-42008 | Hig | 0.00 | 7.8 | 0.01 | Oct 5, 2021 | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | ||
| CVE-2021-42006 | Hig | 0.57 | 8.8 | 0.01 | Oct 4, 2021 | An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. | ||
| CVE-2021-32765 | Hig | 0.00 | 8.8 | 0.02 | Oct 4, 2021 | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check… | ||
| CVE-2021-39433 | Hig | 0.49 | 7.5 | 0.08 | Oct 4, 2021 | A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured… | ||
| CVE-2020-21386 | Hig | 0.57 | 8.8 | 0.00 | Oct 4, 2021 | A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | ||
| CVE-2021-41651 | Hig | 0.49 | 7.5 | 0.02 | Oct 4, 2021 | A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. | ||
| CVE-2021-41100 | Hig | 0.48 | 7.4 | 0.01 | Oct 4, 2021 | Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as… | ||
| CVE-2021-41093 | Hig | 0.00 | 7.4 | 0.01 | Oct 4, 2021 | Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an… | ||
| CVE-2021-41579 | Hig | 0.51 | 7.8 | 0.01 | Oct 4, 2021 | LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where… | ||
| CVE-2021-41578 | Hig | 0.52 | 7.8 | 0.10 | Oct 4, 2021 | mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This… | ||
| CVE-2021-41099 | Hig | 0.00 | 7.5 | 0.03 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default… | ||
| CVE-2021-38618 | Hig | 0.48 | 7.4 | 0.01 | Oct 4, 2021 | In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement. | ||
| CVE-2021-32762 | Hig | 0.00 | 7.5 | 0.03 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the… | ||
| CVE-2021-32687 | Hig | 0.00 | 7.5 | 0.04 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability… | ||
| CVE-2021-32675 | Hig | 0.01 | 7.5 | 0.16 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each… | ||
| CVE-2021-32628 | Hig | 0.00 | 7.5 | 0.04 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the… | ||
| CVE-2021-32627 | Hig | 0.00 | 7.5 | 0.04 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and… |
- risk 0.51cvss 7.9epss 0.00
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.
- risk 0.49cvss 7.5epss 0.01
IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.
- risk 0.57cvss 8.8epss 0.00
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.
- risk 0.51cvss 7.8epss 0.00
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to…
- risk 0.51cvss 7.8epss 0.00
In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.46cvss 7.0epss 0.00
In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…
- risk 0.51cvss 7.8epss 0.00
In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:…
- risk 0.51cvss 7.8epss 0.00
When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product:…
- risk 0.47cvss 7.3epss 0.00
In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.51cvss 7.8epss 0.00
In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.6epss 0.00
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is…
- risk 0.53cvss 8.1epss 0.04
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other,…
- risk 0.57cvss 8.8epss 0.01
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
- risk 0.49cvss 7.5epss 0.01
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
- risk 0.49cvss 7.5epss 0.01
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free.
- risk 0.41cvss 7.4epss 0.01
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and…
- risk 0.42cvss 7.5epss 0.01
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the…
- risk 0.46cvss 7.0epss 0.00
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5
- risk 0.49cvss 7.5epss 0.01
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
- risk 0.47cvss 8.2epss 0.03
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has…
- risk 0.50cvss 8.8epss 0.01
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The…
- risk 0.49cvss 7.5epss 0.00
The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL -…
- risk 0.51cvss 7.8epss 0.00
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an…
- risk 0.53cvss 8.1epss 0.01
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request.…
- risk 0.57cvss 8.8epss 0.01
ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.ax…
- risk 0.48cvss 7.3epss 0.01
A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code…
- risk 0.48cvss 7.3epss 0.01
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.
- risk 0.47cvss 7.2epss 0.03
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
- risk 0.47cvss 7.2epss 0.03
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
- risk 0.51cvss 7.5epss 0.25
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is…
- risk 0.00cvss 7.8epss 0.01
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
- risk 0.57cvss 8.8epss 0.01
An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file.
- risk 0.00cvss 8.8epss 0.02
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check…
- risk 0.49cvss 7.5epss 0.08
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured…
- risk 0.57cvss 8.8epss 0.00
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
- risk 0.49cvss 7.5epss 0.02
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.
- risk 0.48cvss 7.4epss 0.01
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as…
- risk 0.00cvss 7.4epss 0.01
Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an…
- risk 0.51cvss 7.8epss 0.01
LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where…
- risk 0.52cvss 7.8epss 0.10
mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This…
- risk 0.00cvss 7.5epss 0.03
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default…
- risk 0.48cvss 7.4epss 0.01
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.
- risk 0.00cvss 7.5epss 0.03
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the…
- risk 0.00cvss 7.5epss 0.04
Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability…
- risk 0.01cvss 7.5epss 0.16
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each…
- risk 0.00cvss 7.5epss 0.04
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the…
- risk 0.00cvss 7.5epss 0.04
Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and…