| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42668 | Cri | 0.64 | 9.8 | 0.05 | Nov 5, 2021 | A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a… | ||
| CVE-2021-42667 | Cri | 0.65 | 9.8 | 0.16 | Nov 5, 2021 | A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web… | ||
| CVE-2021-42665 | Cri | 0.64 | 9.8 | 0.05 | Nov 5, 2021 | An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. | ||
| CVE-2021-42237 | Cri | 0.93 | 9.8 | 0.98 | KEV | Nov 5, 2021 | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. | |
| CVE-2021-43400 | Cri | 0.00 | 9.1 | 0.02 | Nov 4, 2021 | An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. | ||
| CVE-2021-21697 | Cri | 0.52 | 9.1 | 0.02 | Nov 4, 2021 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. | ||
| CVE-2021-21696 | Cri | 0.57 | 9.8 | 0.02 | Nov 4, 2021 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified… | ||
| CVE-2021-21694 | Cri | 0.57 | 9.8 | 0.02 | Nov 4, 2021 | FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||
| CVE-2021-21693 | Cri | 0.57 | 9.8 | 0.02 | Nov 4, 2021 | When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||
| CVE-2021-21692 | Cri | 0.57 | 9.8 | 0.02 | Nov 4, 2021 | FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. | ||
| CVE-2021-21691 | Cri | 0.57 | 9.8 | 0.02 | Nov 4, 2021 | Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||
| CVE-2021-21690 | Cri | 0.57 | 9.8 | 0.02 | Nov 4, 2021 | Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||
| CVE-2021-21689 | Cri | 0.52 | 9.1 | 0.01 | Nov 4, 2021 | FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||
| CVE-2021-21687 | Cri | 0.00 | 9.1 | 0.01 | Nov 4, 2021 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. | ||
| CVE-2021-21685 | Cri | 0.52 | 9.1 | 0.01 | Nov 4, 2021 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. | ||
| CVE-2021-40119 | Cri | 0.64 | 9.8 | 0.02 | Nov 4, 2021 | A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker… | ||
| CVE-2021-40113 | Cri | 0.65 | 10.0 | 0.05 | Nov 4, 2021 | Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if… | ||
| CVE-2021-40112 | Cri | 0.65 | 10.0 | 0.01 | Nov 4, 2021 | Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if… | ||
| CVE-2021-34795 | Cri | 0.65 | 10.0 | 0.02 | Nov 4, 2021 | Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if… | ||
| CVE-2020-25368 | Cri | 0.65 | 9.8 | 0.10 | Nov 4, 2021 | A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. | ||
| CVE-2020-25366 | Cri | 0.59 | 9.1 | 0.02 | Nov 4, 2021 | An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. | ||
| CVE-2020-25367 | Cri | 0.65 | 9.8 | 0.10 | Nov 4, 2021 | A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. | ||
| CVE-2021-42772 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2021 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In… | ||
| CVE-2021-41492 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php. | ||
| CVE-2021-43140 | Cri | 0.67 | 9.8 | 0.05 | Nov 3, 2021 | SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login. | ||
| CVE-2020-18262 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2021 | ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. | ||
| CVE-2020-18261 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2021 | An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | ||
| CVE-2020-24743 | Cri | 0.64 | 9.8 | 0.03 | Nov 3, 2021 | An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | ||
| CVE-2020-24000 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. | ||
| CVE-2020-23679 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field. | ||
| CVE-2020-20982 | Cri | 0.63 | 9.6 | 0.06 | Nov 3, 2021 | Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php. | ||
| CVE-2021-43082 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0. | ||
| CVE-2021-43130 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php. | ||
| CVE-2021-40849 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2021 | In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges. | ||
| CVE-2021-39238 | Cri | 0.65 | 9.8 | 0.12 | Nov 3, 2021 | Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow. | ||
| CVE-2020-5955 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2021 | An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges. | ||
| CVE-2021-41036 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2021 | In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | ||
| CVE-2021-20704 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and… | ||
| CVE-2021-20703 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows… | ||
| CVE-2021-20702 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows… | ||
| CVE-2021-20701 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to… | ||
| CVE-2021-20700 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2021 | Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to… | ||
| CVE-2021-43267 | Cri | 0.05 | 9.8 | 0.58 | Nov 2, 2021 | An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. | ||
| CVE-2020-6492 | Cri | 0.62 | 9.6 | 0.01 | Nov 2, 2021 | Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2021-37981 | Cri | 0.62 | 9.6 | 0.01 | Nov 2, 2021 | Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2020-23754 | Cri | 0.63 | 9.6 | 0.02 | Nov 2, 2021 | Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature. | ||
| CVE-2020-23719 | Cri | 0.63 | 9.6 | 0.01 | Nov 2, 2021 | Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter. | ||
| CVE-2020-23718 | Cri | 0.63 | 9.6 | 0.01 | Nov 2, 2021 | Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php. | ||
| CVE-2020-23685 | Cri | 0.64 | 9.8 | 0.02 | Nov 2, 2021 | SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php. | ||
| CVE-2020-18440 | Cri | 0.64 | 9.8 | 0.02 | Nov 2, 2021 | Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code. |
- risk 0.64cvss 9.8epss 0.05
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a…
- risk 0.65cvss 9.8epss 0.16
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web…
- risk 0.64cvss 9.8epss 0.05
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.
- risk 0.93cvss 9.8epss 0.98
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
- risk 0.00cvss 9.1epss 0.02
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.
- risk 0.52cvss 9.1epss 0.02
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
- risk 0.57cvss 9.8epss 0.02
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified…
- risk 0.57cvss 9.8epss 0.02
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
- risk 0.57cvss 9.8epss 0.02
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
- risk 0.57cvss 9.8epss 0.02
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
- risk 0.57cvss 9.8epss 0.02
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
- risk 0.57cvss 9.8epss 0.02
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
- risk 0.52cvss 9.1epss 0.01
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
- risk 0.00cvss 9.1epss 0.01
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.
- risk 0.52cvss 9.1epss 0.01
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.
- risk 0.64cvss 9.8epss 0.02
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker…
- risk 0.65cvss 10.0epss 0.05
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if…
- risk 0.65cvss 10.0epss 0.01
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if…
- risk 0.65cvss 10.0epss 0.02
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if…
- risk 0.65cvss 9.8epss 0.10
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
- risk 0.59cvss 9.1epss 0.02
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
- risk 0.65cvss 9.8epss 0.10
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
- risk 0.64cvss 9.8epss 0.01
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In…
- risk 0.64cvss 9.8epss 0.02
Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.
- risk 0.67cvss 9.8epss 0.05
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
- risk 0.64cvss 9.8epss 0.01
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands.
- risk 0.64cvss 9.8epss 0.03
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
- risk 0.64cvss 9.8epss 0.02
Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.
- risk 0.63cvss 9.6epss 0.06
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.
- risk 0.64cvss 9.8epss 0.02
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.
- risk 0.64cvss 9.8epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
- risk 0.64cvss 9.8epss 0.01
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.
- risk 0.65cvss 9.8epss 0.12
Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.
- risk 0.64cvss 9.8epss 0.01
In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.
- risk 0.64cvss 9.8epss 0.02
Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and…
- risk 0.64cvss 9.8epss 0.02
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows…
- risk 0.64cvss 9.8epss 0.02
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows…
- risk 0.64cvss 9.8epss 0.02
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to…
- risk 0.64cvss 9.8epss 0.02
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to…
- risk 0.05cvss 9.8epss 0.58
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
- risk 0.62cvss 9.6epss 0.01
Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- risk 0.62cvss 9.6epss 0.01
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- risk 0.63cvss 9.6epss 0.02
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.
- risk 0.63cvss 9.6epss 0.01
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.
- risk 0.63cvss 9.6epss 0.01
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
- risk 0.64cvss 9.8epss 0.02
Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.