| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22013 | Hig | 0.49 | 7.5 | 0.02 | Sep 23, 2021 | The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | ||
| CVE-2021-22012 | Hig | 0.49 | 7.5 | 0.01 | Sep 23, 2021 | The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | ||
| CVE-2021-22010 | Hig | 0.49 | 7.5 | 0.02 | Sep 23, 2021 | The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service. | ||
| CVE-2021-22009 | Hig | 0.49 | 7.5 | 0.01 | Sep 23, 2021 | The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI… | ||
| CVE-2021-22008 | Hig | 0.49 | 7.5 | 0.02 | Sep 23, 2021 | The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. | ||
| CVE-2021-22006 | Hig | 0.49 | 7.5 | 0.06 | Sep 23, 2021 | The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints. | ||
| CVE-2021-33035 | Hig | 0.04 | 7.8 | 0.51 | Sep 23, 2021 | Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document… | ||
| CVE-2021-34769 | Hig | 0.56 | 8.6 | 0.01 | Sep 23, 2021 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS)… | ||
| CVE-2021-34768 | Hig | 0.56 | 8.6 | 0.01 | Sep 23, 2021 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS)… | ||
| CVE-2021-34767 | Hig | 0.48 | 7.4 | 0.01 | Sep 23, 2021 | A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS)… | ||
| CVE-2021-34740 | Hig | 0.48 | 7.4 | 0.00 | Sep 23, 2021 | A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due… | ||
| CVE-2021-34714 | Hig | 0.48 | 7.4 | 0.00 | Sep 23, 2021 | A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This… | ||
| CVE-2021-34699 | Hig | 0.50 | 7.7 | 0.01 | Sep 23, 2021 | A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could… | ||
| CVE-2021-1624 | Hig | 0.56 | 8.6 | 0.01 | Sep 23, 2021 | A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS)… | ||
| CVE-2021-1623 | Hig | 0.50 | 7.7 | 0.01 | Sep 23, 2021 | A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. This vulnerability… | ||
| CVE-2021-1622 | Hig | 0.56 | 8.6 | 0.01 | Sep 23, 2021 | A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due… | ||
| CVE-2021-1621 | Hig | 0.48 | 7.4 | 0.00 | Sep 23, 2021 | A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to… | ||
| CVE-2021-1620 | Hig | 0.50 | 7.7 | 0.01 | Sep 23, 2021 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability… | ||
| CVE-2021-1615 | Hig | 0.56 | 8.6 | 0.01 | Sep 23, 2021 | A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due… | ||
| CVE-2021-1611 | Hig | 0.56 | 8.6 | 0.01 | Sep 23, 2021 | A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an… | ||
| CVE-2021-1565 | Hig | 0.56 | 8.6 | 0.01 | Sep 23, 2021 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS)… | ||
| CVE-2021-1419 | Hig | 0.51 | 7.8 | 0.00 | Sep 23, 2021 | A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations… | ||
| CVE-2020-23478 | — | Hig | 0.42 | 7.5 | 0.01 | Sep 22, 2021 | Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | |
| CVE-2020-23469 | Hig | 0.49 | 7.5 | 0.01 | Sep 22, 2021 | gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. | ||
| CVE-2021-21991 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2021 | The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client… | ||
| CVE-2021-41011 | Hig | 0.49 | 7.5 | 0.01 | Sep 22, 2021 | LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information. | ||
| CVE-2021-40875 | Hig | 0.56 | 7.5 | 0.48 | Sep 22, 2021 | Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file… | ||
| CVE-2021-31847 | Hig | 0.53 | 8.2 | 0.00 | Sep 22, 2021 | Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as… | ||
| CVE-2021-31841 | Hig | 0.53 | 8.2 | 0.00 | Sep 22, 2021 | A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the… | ||
| CVE-2021-3583 | — | Hig | 0.39 | 7.1 | 0.01 | Sep 22, 2021 | A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special… | |
| CVE-2021-38112 | Hig | 0.58 | 8.8 | 0.07 | Sep 22, 2021 | In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9. | ||
| CVE-2021-41382 | Hig | 0.52 | 7.5 | 0.09 | Sep 22, 2021 | Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. | ||
| CVE-2020-23267 | Hig | 0.46 | 7.1 | 0.01 | Sep 22, 2021 | An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file | ||
| CVE-2021-41086 | Hig | 0.50 | 8.7 | 0.01 | Sep 21, 2021 | jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a… | ||
| CVE-2020-19551 | Hig | 0.57 | 8.8 | 0.02 | Sep 21, 2021 | Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. | ||
| CVE-2021-41084 | — | Hig | 0.50 | 8.7 | 0.01 | Sep 21, 2021 | http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values… | |
| CVE-2021-40847 | Hig | 0.53 | 8.1 | 0.10 | Sep 21, 2021 | The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon,… | ||
| CVE-2021-39230 | Hig | 0.00 | 8.8 | 0.01 | Sep 21, 2021 | Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds. | ||
| CVE-2021-29831 | Hig | 0.53 | 8.1 | 0.01 | Sep 21, 2021 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.… | ||
| CVE-2021-41531 | Hig | 0.49 | 7.5 | 0.01 | Sep 21, 2021 | NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation. | ||
| CVE-2021-37741 | Hig | 0.57 | 8.8 | 0.03 | Sep 21, 2021 | ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. | ||
| CVE-2021-37419 | Hig | 0.49 | 7.5 | 0.02 | Sep 21, 2021 | Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | ||
| CVE-2021-20037 | Hig | 0.51 | 7.8 | 0.00 | Sep 21, 2021 | SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier. | ||
| CVE-2021-41083 | Hig | 0.00 | 8.0 | 0.00 | Sep 20, 2021 | Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This… | ||
| CVE-2021-39229 | Hig | 0.42 | 7.5 | 0.02 | Sep 20, 2021 | Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a… | ||
| CVE-2021-41082 | Hig | 0.00 | 7.5 | 0.02 | Sep 20, 2021 | Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not… | ||
| CVE-2020-26301 | Hig | 0.42 | 7.5 | 0.04 | Sep 20, 2021 | ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable… | ||
| CVE-2021-32838 | Hig | 0.42 | 7.5 | 0.02 | Sep 20, 2021 | Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1. | ||
| CVE-2021-32839 | Hig | 0.42 | 7.5 | 0.02 | Sep 20, 2021 | sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n'… | ||
| CVE-2021-25741 | Hig | 0.58 | 8.8 | 0.07 | Sep 20, 2021 | A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. |
- risk 0.49cvss 7.5epss 0.02
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
- risk 0.49cvss 7.5epss 0.01
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
- risk 0.49cvss 7.5epss 0.02
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.
- risk 0.49cvss 7.5epss 0.01
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI…
- risk 0.49cvss 7.5epss 0.02
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
- risk 0.49cvss 7.5epss 0.06
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
- risk 0.04cvss 7.8epss 0.51
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document…
- risk 0.56cvss 8.6epss 0.01
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…
- risk 0.56cvss 8.6epss 0.01
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…
- risk 0.48cvss 7.4epss 0.01
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS)…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This…
- risk 0.50cvss 7.7epss 0.01
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS)…
- risk 0.50cvss 7.7epss 0.01
A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. This vulnerability…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to…
- risk 0.50cvss 7.7epss 0.01
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an…
- risk 0.56cvss 8.6epss 0.01
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations…
- risk 0.42cvss 7.5epss 0.01
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.
- risk 0.49cvss 7.5epss 0.01
gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin.
- risk 0.51cvss 7.8epss 0.00
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client…
- risk 0.49cvss 7.5epss 0.01
LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.
- risk 0.56cvss 7.5epss 0.48
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file…
- risk 0.53cvss 8.2epss 0.00
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as…
- risk 0.53cvss 8.2epss 0.00
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the…
- risk 0.39cvss 7.1epss 0.01
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special…
- risk 0.58cvss 8.8epss 0.07
In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.
- risk 0.52cvss 7.5epss 0.09
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
- risk 0.46cvss 7.1epss 0.01
An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file
- risk 0.50cvss 8.7epss 0.01
jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a…
- risk 0.57cvss 8.8epss 0.02
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
- risk 0.50cvss 8.7epss 0.01
http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values…
- risk 0.53cvss 8.1epss 0.10
The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon,…
- risk 0.00cvss 8.8epss 0.01
Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.
- risk 0.53cvss 8.1epss 0.01
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.…
- risk 0.49cvss 7.5epss 0.01
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.
- risk 0.57cvss 8.8epss 0.03
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
- risk 0.49cvss 7.5epss 0.02
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
- risk 0.51cvss 7.8epss 0.00
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
- risk 0.00cvss 8.0epss 0.00
Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This…
- risk 0.42cvss 7.5epss 0.02
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a…
- risk 0.00cvss 7.5epss 0.02
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not…
- risk 0.42cvss 7.5epss 0.04
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable…
- risk 0.42cvss 7.5epss 0.02
Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.
- risk 0.42cvss 7.5epss 0.02
sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n'…
- risk 0.58cvss 8.8epss 0.07
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.