| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22027 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information… | ||
| CVE-2021-22026 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information… | ||
| CVE-2021-22025 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. | ||
| CVE-2021-22024 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. | ||
| CVE-2021-22023 | Hig | 0.47 | 7.2 | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. | ||
| CVE-2020-35635 | Hig | 0.57 | 8.8 | 0.02 | Aug 30, 2021 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and… | ||
| CVE-2020-35634 | Hig | 0.57 | 8.8 | 0.02 | Aug 30, 2021 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead… | ||
| CVE-2020-35633 | Hig | 0.57 | 8.8 | 0.02 | Aug 30, 2021 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to… | ||
| CVE-2020-18121 | Hig | 0.57 | 8.8 | 0.01 | Aug 30, 2021 | A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. | ||
| CVE-2021-29723 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2021 | IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. | ||
| CVE-2021-29722 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2021 | IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. | ||
| CVE-2021-27912 | Hig | 0.46 | 7.1 | 0.01 | Aug 30, 2021 | Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit… | ||
| CVE-2021-27911 | Hig | 0.54 | 8.3 | 0.01 | Aug 30, 2021 | Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can… | ||
| CVE-2021-27910 | Hig | 0.46 | 8.2 | 0.01 | Aug 30, 2021 | Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback will be… | ||
| CVE-2021-37911 | Hig | 0.57 | 8.8 | 0.01 | Aug 30, 2021 | The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork. | ||
| CVE-2021-24581 | Hig | 0.61 | 8.8 | 0.04 | Aug 30, 2021 | The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the… | ||
| CVE-2021-24580 | Hig | 0.57 | 8.8 | 0.01 | Aug 30, 2021 | The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue | ||
| CVE-2021-24579 | Hig | 0.58 | 8.8 | 0.08 | Aug 30, 2021 | The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to… | ||
| CVE-2021-39113 | Hig | 0.49 | 7.5 | 0.02 | Aug 30, 2021 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and… | ||
| CVE-2021-39271 | Hig | 0.57 | 8.8 | 0.04 | Aug 30, 2021 | OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. | ||
| CVE-2021-38385 | Hig | 0.49 | 7.5 | 0.02 | Aug 30, 2021 | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. | ||
| CVE-2021-36359 | Hig | 0.58 | 8.8 | 0.04 | Aug 30, 2021 | OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12,… | ||
| CVE-2021-40174 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2021 | Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | ||
| CVE-2021-40173 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2021 | Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | ||
| CVE-2021-40172 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2021 | Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. | ||
| CVE-2021-38154 | Hig | 0.49 | 7.5 | 0.04 | Aug 29, 2021 | Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail… | ||
| CVE-2021-39174 | Hig | 0.58 | 8.8 | 0.04 | Aug 28, 2021 | Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email,… | ||
| CVE-2021-39173 | Hig | 0.57 | 8.8 | 0.02 | Aug 27, 2021 | Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1… | ||
| CVE-2021-39172 | Hig | 0.53 | 8.8 | 0.29 | Aug 27, 2021 | Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server.… | ||
| CVE-2021-32759 | Hig | 0.40 | 7.2 | 0.01 | Aug 27, 2021 | OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13… | ||
| CVE-2020-18116 | Hig | 0.57 | 8.8 | 0.01 | Aug 27, 2021 | A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection. | ||
| CVE-2021-3264 | Hig | 0.47 | 7.2 | 0.01 | Aug 27, 2021 | SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | ||
| CVE-2021-28697 | Hig | 0.51 | 7.8 | 0.00 | Aug 27, 2021 | grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get… | ||
| CVE-2021-28233 | Hig | 0.57 | 8.8 | 0.01 | Aug 27, 2021 | Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c. | ||
| CVE-2021-32758 | Hig | 0.40 | 7.2 | 0.02 | Aug 27, 2021 | OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched. | ||
| CVE-2021-36531 | Hig | 0.57 | 8.8 | 0.01 | Aug 27, 2021 | ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. | ||
| CVE-2021-36530 | Hig | 0.57 | 8.8 | 0.01 | Aug 27, 2021 | ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. | ||
| CVE-2021-40153 | Hig | 0.00 | 8.1 | 0.03 | Aug 27, 2021 | squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows… | ||
| CVE-2021-39169 | Hig | 0.00 | 8.0 | 0.01 | Aug 27, 2021 | Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has… | ||
| CVE-2021-35342 | Hig | 0.49 | 7.5 | 0.01 | Aug 27, 2021 | The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification… | ||
| CVE-2021-40142 | Hig | 0.49 | 7.5 | 0.03 | Aug 27, 2021 | In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | ||
| CVE-2021-39165 | Hig | 0.46 | 8.1 | 0.10 | Aug 26, 2021 | Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as… | ||
| CVE-2021-29801 | Hig | 0.51 | 7.8 | 0.00 | Aug 26, 2021 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. | ||
| CVE-2021-32648 | Hig | 0.12 | 8.2 | 0.90 | KEV | Aug 26, 2021 | octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472… | |
| CVE-2021-29487 | Hig | 0.41 | 7.4 | 0.01 | Aug 26, 2021 | octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by… | ||
| CVE-2021-30604 | Hig | 0.57 | 8.8 | 0.03 | Aug 26, 2021 | Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-30603 | Hig | 0.49 | 7.5 | 0.04 | Aug 26, 2021 | Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-30602 | Hig | 0.57 | 8.8 | 0.02 | Aug 26, 2021 | Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-30601 | Hig | 0.57 | 8.8 | 0.02 | Aug 26, 2021 | Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-30600 | Hig | 0.57 | 8.8 | 0.03 | Aug 26, 2021 | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
- risk 0.49cvss 7.5epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information…
- risk 0.49cvss 7.5epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information…
- risk 0.49cvss 7.5epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.
- risk 0.49cvss 7.5epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
- risk 0.47cvss 7.2epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.
- risk 0.57cvss 8.8epss 0.02
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and…
- risk 0.57cvss 8.8epss 0.02
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead…
- risk 0.57cvss 8.8epss 0.02
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to…
- risk 0.57cvss 8.8epss 0.01
A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell.
- risk 0.49cvss 7.5epss 0.01
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.
- risk 0.49cvss 7.5epss 0.01
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.
- risk 0.46cvss 7.1epss 0.01
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit…
- risk 0.54cvss 8.3epss 0.01
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can…
- risk 0.46cvss 8.2epss 0.01
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback will be…
- risk 0.57cvss 8.8epss 0.01
The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork.
- risk 0.61cvss 8.8epss 0.04
The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the…
- risk 0.57cvss 8.8epss 0.01
The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue
- risk 0.58cvss 8.8epss 0.08
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to…
- risk 0.49cvss 7.5epss 0.02
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and…
- risk 0.57cvss 8.8epss 0.04
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
- risk 0.49cvss 7.5epss 0.02
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
- risk 0.58cvss 8.8epss 0.04
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12,…
- risk 0.57cvss 8.8epss 0.01
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
- risk 0.57cvss 8.8epss 0.01
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
- risk 0.57cvss 8.8epss 0.01
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
- risk 0.49cvss 7.5epss 0.04
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail…
- risk 0.58cvss 8.8epss 0.04
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email,…
- risk 0.57cvss 8.8epss 0.02
Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1…
- risk 0.53cvss 8.8epss 0.29
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server.…
- risk 0.40cvss 7.2epss 0.01
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13…
- risk 0.57cvss 8.8epss 0.01
A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection.
- risk 0.47cvss 7.2epss 0.01
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.
- risk 0.51cvss 7.8epss 0.00
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get…
- risk 0.57cvss 8.8epss 0.01
Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c.
- risk 0.40cvss 7.2epss 0.02
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
- risk 0.57cvss 8.8epss 0.01
ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary.
- risk 0.57cvss 8.8epss 0.01
ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary.
- risk 0.00cvss 8.1epss 0.03
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows…
- risk 0.00cvss 8.0epss 0.01
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has…
- risk 0.49cvss 7.5epss 0.01
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification…
- risk 0.49cvss 7.5epss 0.03
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
- risk 0.46cvss 8.1epss 0.10
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as…
- risk 0.51cvss 7.8epss 0.00
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.
- risk 0.12cvss 8.2epss 0.90
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472…
- risk 0.41cvss 7.4epss 0.01
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by…
- risk 0.57cvss 8.8epss 0.03
Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.49cvss 7.5epss 0.04
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.03
Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.