| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27963 | Hig | 0.53 | 8.2 | 0.02 | Mar 5, 2021 | SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header. | ||
| CVE-2019-18630 | Hig | 0.49 | 7.5 | 0.01 | Mar 4, 2021 | On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic… | ||
| CVE-2021-3404 | Hig | 0.51 | 7.8 | 0.02 | Mar 4, 2021 | In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. | ||
| CVE-2021-3403 | Hig | 0.51 | 7.8 | 0.02 | Mar 4, 2021 | In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. | ||
| CVE-2021-25346 | Hig | 0.46 | 7.1 | 0.01 | Mar 4, 2021 | A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. | ||
| CVE-2021-23132 | Hig | 0.49 | 7.5 | 0.07 | Mar 4, 2021 | An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads | ||
| CVE-2021-23131 | Hig | 0.49 | 7.5 | 0.02 | Mar 4, 2021 | An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager. | ||
| CVE-2021-22128 | Hig | 0.46 | 7.1 | 0.01 | Mar 4, 2021 | An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. | ||
| CVE-2020-24036 | Hig | 0.50 | 8.8 | 0.03 | Mar 4, 2021 | PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | ||
| CVE-2019-18629 | Hig | 0.53 | 8.1 | 0.01 | Mar 4, 2021 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing… | ||
| CVE-2021-27935 | Hig | 0.49 | 7.5 | 0.04 | Mar 3, 2021 | An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. | ||
| CVE-2021-22884 | Hig | 0.51 | 7.5 | 0.32 | Mar 3, 2021 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the… | ||
| CVE-2021-22883 | Hig | 0.55 | 7.5 | 0.77 | Mar 3, 2021 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then… | ||
| CVE-2020-28597 | Hig | 0.49 | 7.5 | 0.01 | Mar 3, 2021 | A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to… | ||
| CVE-2020-13558 | Hig | 0.57 | 8.8 | 0.02 | Mar 3, 2021 | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | ||
| CVE-2021-27927 | Hig | 0.57 | 8.8 | 0.01 | Mar 3, 2021 | In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the… | ||
| CVE-2021-22683 | Hig | 0.51 | 7.8 | 0.01 | Mar 3, 2021 | Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | ||
| CVE-2021-22670 | Hig | 0.51 | 7.8 | 0.01 | Mar 3, 2021 | An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | ||
| CVE-2021-22666 | Hig | 0.51 | 7.8 | 0.01 | Mar 3, 2021 | Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution. | ||
| CVE-2021-22662 | Hig | 0.51 | 7.8 | 0.01 | Mar 3, 2021 | A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | ||
| CVE-2021-22638 | Hig | 0.51 | 7.8 | 0.01 | Mar 3, 2021 | Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | ||
| CVE-2021-21979 | Hig | 0.48 | 7.3 | 0.01 | Mar 3, 2021 | In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and… | ||
| CVE-2021-20442 | Hig | 0.49 | 7.5 | 0.01 | Mar 3, 2021 | IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618. | ||
| CVE-2021-20233 | Hig | 0.53 | 8.2 | 0.01 | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to… | ||
| CVE-2021-20076 | Hig | 0.57 | 8.8 | 0.02 | Mar 3, 2021 | Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | ||
| CVE-2020-27779 | Hig | 0.49 | 7.5 | 0.00 | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory… | ||
| CVE-2020-25647 | Hig | 0.49 | 7.6 | 0.01 | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to… | ||
| CVE-2020-25632 | Hig | 0.53 | 8.2 | 0.01 | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed… | ||
| CVE-2020-14372 | Hig | 0.49 | 7.5 | 0.02 | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the… | ||
| CVE-2020-13554 | Hig | 0.51 | 7.8 | 0.01 | Mar 3, 2021 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to… | ||
| CVE-2021-26813 | — | Hig | 0.42 | 7.5 | 0.02 | Mar 3, 2021 | markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. | |
| CVE-2020-35296 | — | Hig | 0.49 | 7.5 | 0.02 | Mar 3, 2021 | ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. | |
| CVE-2021-27923 | — | Hig | 0.42 | 7.5 | 0.03 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | |
| CVE-2021-27922 | — | Hig | 0.42 | 7.5 | 0.05 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | |
| CVE-2021-27921 | — | Hig | 0.42 | 7.5 | 0.03 | Mar 3, 2021 | Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | |
| CVE-2021-22863 | Hig | 0.53 | 8.1 | 0.01 | Mar 3, 2021 | An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this… | ||
| CVE-2020-10519 | Hig | 0.57 | 8.8 | 0.03 | Mar 3, 2021 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to… | ||
| CVE-2021-27065 | Hig | 0.80 | 7.8 | 1.00 | KEV | Mar 3, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |
| CVE-2021-26858 | Hig | 0.76 | 7.8 | 0.90 | KEV | Mar 3, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |
| CVE-2021-26857 | Hig | 0.76 | 7.8 | 0.94 | KEV | Mar 3, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |
| CVE-2021-27885 | Hig | 0.03 | 8.8 | 0.03 | Mar 2, 2021 | usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | ||
| CVE-2021-25330 | Hig | 0.49 | 7.5 | 0.00 | Mar 2, 2021 | Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider. | ||
| CVE-2021-21513 | Hig | 0.56 | 8.6 | 0.06 | Mar 2, 2021 | Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to… | ||
| CVE-2021-25306 | Hig | 0.49 | 7.5 | 0.01 | Mar 2, 2021 | A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands. | ||
| CVE-2021-27878 | Hig | 0.80 | 8.8 | 0.24 | KEV | Mar 1, 2021 | An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an… | |
| CVE-2021-27877 | Hig | 0.79 | 8.2 | 0.65 | KEV | Mar 1, 2021 | An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely… | |
| CVE-2021-27876 | Hig | 0.75 | 8.1 | 0.13 | KEV | Mar 1, 2021 | An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an… | |
| CVE-2021-26704 | Hig | 0.57 | 8.8 | 0.03 | Mar 1, 2021 | EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. | ||
| CVE-2021-21517 | Hig | 0.47 | 7.2 | 0.01 | Mar 1, 2021 | SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read… | ||
| CVE-2021-25829 | Hig | 0.49 | 7.5 | 0.07 | Mar 1, 2021 | An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server. |
- risk 0.53cvss 8.2epss 0.02
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
- risk 0.49cvss 7.5epss 0.01
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic…
- risk 0.51cvss 7.8epss 0.02
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
- risk 0.51cvss 7.8epss 0.02
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
- risk 0.46cvss 7.1epss 0.01
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.
- risk 0.49cvss 7.5epss 0.07
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
- risk 0.46cvss 7.1epss 0.01
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
- risk 0.50cvss 8.8epss 0.03
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
- risk 0.53cvss 8.1epss 0.01
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing…
- risk 0.49cvss 7.5epss 0.04
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.
- risk 0.51cvss 7.5epss 0.32
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the…
- risk 0.55cvss 7.5epss 0.77
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then…
- risk 0.49cvss 7.5epss 0.01
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to…
- risk 0.57cvss 8.8epss 0.02
A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
- risk 0.57cvss 8.8epss 0.01
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the…
- risk 0.51cvss 7.8epss 0.01
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
- risk 0.51cvss 7.8epss 0.01
An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
- risk 0.51cvss 7.8epss 0.01
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution.
- risk 0.51cvss 7.8epss 0.01
A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
- risk 0.51cvss 7.8epss 0.01
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
- risk 0.48cvss 7.3epss 0.01
In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and…
- risk 0.49cvss 7.5epss 0.01
IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618.
- risk 0.53cvss 8.2epss 0.01
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to…
- risk 0.57cvss 8.8epss 0.02
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
- risk 0.49cvss 7.5epss 0.00
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory…
- risk 0.49cvss 7.6epss 0.01
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to…
- risk 0.53cvss 8.2epss 0.01
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed…
- risk 0.49cvss 7.5epss 0.02
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the…
- risk 0.51cvss 7.8epss 0.01
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to…
- risk 0.42cvss 7.5epss 0.02
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
- risk 0.49cvss 7.5epss 0.02
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.
- risk 0.42cvss 7.5epss 0.03
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
- risk 0.42cvss 7.5epss 0.05
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
- risk 0.42cvss 7.5epss 0.03
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
- risk 0.53cvss 8.1epss 0.01
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this…
- risk 0.57cvss 8.8epss 0.03
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…
- risk 0.80cvss 7.8epss 1.00
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.76cvss 7.8epss 0.90
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.76cvss 7.8epss 0.94
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.03cvss 8.8epss 0.03
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
- risk 0.49cvss 7.5epss 0.00
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.
- risk 0.56cvss 8.6epss 0.06
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to…
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.
- risk 0.80cvss 8.8epss 0.24
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an…
- risk 0.79cvss 8.2epss 0.65
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely…
- risk 0.75cvss 8.1epss 0.13
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an…
- risk 0.57cvss 8.8epss 0.03
EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.
- risk 0.47cvss 7.2epss 0.01
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read…
- risk 0.49cvss 7.5epss 0.07
An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.