| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10867 | Cri | 0.59 | 9.1 | 0.01 | May 26, 2021 | Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. | ||
| CVE-2018-10866 | Cri | 0.59 | 9.1 | 0.01 | May 26, 2021 | It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him. | ||
| CVE-2021-33470 | Cri | 0.64 | 9.8 | 0.02 | May 26, 2021 | COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. | ||
| CVE-2021-20487 | Cri | 0.59 | 9.1 | 0.01 | May 26, 2021 | IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. | ||
| CVE-2021-25945 | — | Cri | 0.64 | 9.8 | 0.03 | May 26, 2021 | Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2021-21986 | Cri | 0.65 | 9.8 | 0.13 | May 26, 2021 | The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter… | ||
| CVE-2021-21985 | Cri | 0.93 | 9.8 | 1.00 | KEV | May 26, 2021 | The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute… | |
| CVE-2021-22160 | Cri | 0.68 | 9.8 | 0.53 | May 26, 2021 | If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl.… | ||
| CVE-2021-33575 | — | Cri | 0.64 | 9.8 | 0.03 | May 25, 2021 | The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing. | |
| CVE-2021-33574 | Cri | 0.64 | 9.8 | 0.03 | May 25, 2021 | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service… | ||
| CVE-2021-25946 | — | Cri | 0.64 | 9.8 | 0.03 | May 25, 2021 | Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2021-25944 | — | Cri | 0.64 | 9.8 | 0.03 | May 25, 2021 | Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2021-21658 | Cri | 0.52 | 9.1 | 0.02 | May 25, 2021 | Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2020-13601 | Cri | 0.59 | 9.0 | 0.01 | May 25, 2021 | Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44 | ||
| CVE-2021-30194 | Cri | 0.59 | 9.1 | 0.01 | May 25, 2021 | CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. | ||
| CVE-2021-30193 | Cri | 0.64 | 9.8 | 0.01 | May 25, 2021 | CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. | ||
| CVE-2021-30192 | Cri | 0.64 | 9.8 | 0.01 | May 25, 2021 | CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. | ||
| CVE-2021-30190 | Cri | 0.64 | 9.8 | 0.01 | May 25, 2021 | CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. | ||
| CVE-2021-30189 | Cri | 0.64 | 9.8 | 0.01 | May 25, 2021 | CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. | ||
| CVE-2021-30188 | Cri | 0.64 | 9.8 | 0.01 | May 25, 2021 | CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. | ||
| CVE-2021-30108 | — | Cri | 0.52 | 9.1 | 0.01 | May 24, 2021 | Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it. | |
| CVE-2020-20907 | Cri | 0.59 | 9.1 | 0.02 | May 24, 2021 | MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. | ||
| CVE-2021-29300 | — | Cri | 0.57 | 9.8 | 0.05 | May 24, 2021 | The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input. | |
| CVE-2019-12348 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2021 | An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. | ||
| CVE-2021-20426 | Cri | 0.64 | 9.8 | 0.01 | May 24, 2021 | IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313. | ||
| CVE-2021-32075 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2021 | Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. | ||
| CVE-2020-28910 | Cri | 0.64 | 9.8 | 0.04 | May 24, 2021 | Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | ||
| CVE-2020-28908 | Cri | 0.64 | 9.8 | 0.06 | May 24, 2021 | Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. | ||
| CVE-2020-28907 | Cri | 0.64 | 9.8 | 0.03 | May 24, 2021 | Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh. | ||
| CVE-2020-28904 | Cri | 0.64 | 9.8 | 0.04 | May 24, 2021 | Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code. | ||
| CVE-2020-28902 | Cri | 0.64 | 9.8 | 0.06 | May 24, 2021 | Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | ||
| CVE-2020-28901 | Cri | 0.64 | 9.8 | 0.09 | May 24, 2021 | Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | ||
| CVE-2020-28900 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2021 | Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | ||
| CVE-2020-25409 | Cri | 0.64 | 9.8 | 0.02 | May 24, 2021 | Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. | ||
| CVE-2021-21001 | Cri | 0.59 | 9.1 | 0.01 | May 24, 2021 | On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. | ||
| CVE-2021-33497 | — | Cri | 0.00 | 9.1 | 0.02 | May 24, 2021 | Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | |
| CVE-2021-33509 | — | Cri | 0.65 | 9.9 | 0.02 | May 21, 2021 | Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | |
| CVE-2020-36331 | Cri | 0.52 | 9.1 | 0.02 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||
| CVE-2020-36330 | Cri | 0.52 | 9.1 | 0.02 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||
| CVE-2020-36329 | Cri | 0.57 | 9.8 | 0.02 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||
| CVE-2020-36328 | Cri | 0.57 | 9.8 | 0.03 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system… | ||
| CVE-2018-25014 | Cri | 0.64 | 9.8 | 0.02 | May 21, 2021 | A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). | ||
| CVE-2018-25013 | Cri | 0.59 | 9.1 | 0.02 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | ||
| CVE-2018-25012 | Cri | 0.59 | 9.1 | 0.02 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | ||
| CVE-2018-25011 | Cri | 0.64 | 9.8 | 0.03 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | ||
| CVE-2018-25010 | Cri | 0.59 | 9.1 | 0.02 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | ||
| CVE-2018-25009 | Cri | 0.59 | 9.1 | 0.02 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | ||
| CVE-2021-31474 | Cri | 0.71 | 9.8 | 0.94 | May 21, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library.… | ||
| CVE-2020-12061 | Cri | 0.64 | 9.8 | 0.02 | May 21, 2021 | An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a… | ||
| CVE-2021-32630 | Cri | 0.63 | 9.6 | 0.02 | May 20, 2021 | Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload… |
- risk 0.59cvss 9.1epss 0.01
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
- risk 0.59cvss 9.1epss 0.01
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.
- risk 0.64cvss 9.8epss 0.02
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.
- risk 0.59cvss 9.1epss 0.01
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
- risk 0.64cvss 9.8epss 0.03
Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
- risk 0.65cvss 9.8epss 0.13
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter…
- risk 0.93cvss 9.8epss 1.00
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute…
- risk 0.68cvss 9.8epss 0.53
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl.…
- risk 0.64cvss 9.8epss 0.03
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.
- risk 0.64cvss 9.8epss 0.03
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service…
- risk 0.64cvss 9.8epss 0.03
Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.
- risk 0.64cvss 9.8epss 0.03
Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.
- risk 0.52cvss 9.1epss 0.02
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- risk 0.59cvss 9.0epss 0.01
Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44
- risk 0.59cvss 9.1epss 0.01
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
- risk 0.64cvss 9.8epss 0.01
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
- risk 0.64cvss 9.8epss 0.01
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
- risk 0.64cvss 9.8epss 0.01
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
- risk 0.64cvss 9.8epss 0.01
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
- risk 0.64cvss 9.8epss 0.01
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
- risk 0.52cvss 9.1epss 0.01
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.
- risk 0.59cvss 9.1epss 0.02
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php.
- risk 0.57cvss 9.8epss 0.05
The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.
- risk 0.64cvss 9.8epss 0.01
IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313.
- risk 0.64cvss 9.8epss 0.02
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.
- risk 0.64cvss 9.8epss 0.04
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
- risk 0.64cvss 9.8epss 0.06
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
- risk 0.64cvss 9.8epss 0.03
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
- risk 0.64cvss 9.8epss 0.04
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
- risk 0.64cvss 9.8epss 0.06
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
- risk 0.64cvss 9.8epss 0.09
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
- risk 0.64cvss 9.8epss 0.02
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
- risk 0.64cvss 9.8epss 0.02
Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters.
- risk 0.59cvss 9.1epss 0.01
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
- risk 0.00cvss 9.1epss 0.02
Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.
- risk 0.65cvss 9.9epss 0.02
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
- risk 0.52cvss 9.1epss 0.02
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- risk 0.52cvss 9.1epss 0.02
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- risk 0.57cvss 9.8epss 0.02
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- risk 0.57cvss 9.8epss 0.03
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system…
- risk 0.64cvss 9.8epss 0.02
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
- risk 0.59cvss 9.1epss 0.02
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
- risk 0.59cvss 9.1epss 0.02
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
- risk 0.64cvss 9.8epss 0.03
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
- risk 0.59cvss 9.1epss 0.02
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
- risk 0.59cvss 9.1epss 0.02
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
- risk 0.71cvss 9.8epss 0.94
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library.…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a…
- risk 0.63cvss 9.6epss 0.02
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload…