| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28173 | Cri | 0.64 | 9.8 | 0.02 | Apr 6, 2021 | The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login. | ||
| CVE-2021-28171 | Cri | 0.64 | 9.8 | 0.01 | Apr 6, 2021 | The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie. | ||
| CVE-2021-30164 | Cri | 0.64 | 9.8 | 0.01 | Apr 6, 2021 | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. | ||
| CVE-2021-30149 | Cri | 0.68 | 9.8 | 0.10 | Apr 6, 2021 | Composr 10.0.36 allows upload and execution of PHP files. | ||
| CVE-2021-20308 | Cri | 0.64 | 9.8 | 0.02 | Apr 5, 2021 | Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. | ||
| CVE-2021-20307 | Cri | 0.64 | 9.8 | 0.02 | Apr 5, 2021 | Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. | ||
| CVE-2020-19596 | Cri | 0.64 | 9.8 | 0.01 | Apr 5, 2021 | Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. | ||
| CVE-2021-24212 | Cri | 0.64 | 9.8 | 0.08 | Apr 5, 2021 | The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp. | ||
| CVE-2021-24175 | Cri | 0.65 | 9.8 | 0.14 | Apr 5, 2021 | The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create… | ||
| CVE-2021-24171 | Cri | 0.64 | 9.8 | 0.02 | Apr 5, 2021 | The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the… | ||
| CVE-2021-29996 | Cri | 0.63 | 9.6 | 0.03 | Apr 5, 2021 | Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. | ||
| CVE-2020-27600 | Cri | 0.65 | 9.8 | 0.14 | Apr 2, 2021 | HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. | ||
| CVE-2021-30072 | Cri | 0.64 | 9.8 | 0.01 | Apr 2, 2021 | An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. | ||
| CVE-2021-28940 | Cri | 0.64 | 9.8 | 0.03 | Apr 2, 2021 | Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific… | ||
| CVE-2020-21585 | Cri | 0.64 | 9.8 | 0.03 | Apr 2, 2021 | Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. | ||
| CVE-2021-1871 | Cri | 0.76 | 9.8 | 0.07 | KEV | Apr 2, 2021 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a… | |
| CVE-2021-1870 | Cri | 0.76 | 9.8 | 0.08 | KEV | Apr 2, 2021 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a… | |
| CVE-2021-1818 | Cri | 0.64 | 9.8 | 0.03 | Apr 2, 2021 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected… | ||
| CVE-2021-1796 | Cri | 0.64 | 9.8 | 0.02 | Apr 2, 2021 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | ||
| CVE-2021-1795 | Cri | 0.64 | 9.8 | 0.02 | Apr 2, 2021 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | ||
| CVE-2021-1794 | Cri | 0.64 | 9.8 | 0.02 | Apr 2, 2021 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | ||
| CVE-2021-22201 | Cri | 0.63 | 9.6 | 0.03 | Apr 2, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. | ||
| CVE-2021-28123 | Cri | 0.64 | 9.8 | 0.01 | Apr 2, 2021 | Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. | ||
| CVE-2021-29012 | Cri | 0.64 | 9.8 | 0.03 | Apr 2, 2021 | DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static… | ||
| CVE-2021-30000 | Cri | 0.64 | 9.8 | 0.02 | Apr 2, 2021 | An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution. | ||
| CVE-2021-23921 | Cri | 0.59 | 9.1 | 0.01 | Apr 1, 2021 | An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. | ||
| CVE-2021-21982 | Cri | 0.59 | 9.1 | 0.01 | Apr 1, 2021 | VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token.… | ||
| CVE-2021-20078 | Cri | 0.64 | 9.1 | 0.60 | Apr 1, 2021 | Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS. | ||
| CVE-2021-28918 | — | Cri | 0.60 | 9.1 | 0.16 | Apr 1, 2021 | Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on… | |
| CVE-2021-29940 | — | Cri | 0.64 | 9.8 | 0.01 | Apr 1, 2021 | An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function. | |
| CVE-2021-29937 | — | Cri | 0.57 | 9.8 | 0.01 | Apr 1, 2021 | An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size(). | |
| CVE-2021-29936 | — | Cri | 0.64 | 9.8 | 0.01 | Apr 1, 2021 | An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix. | |
| CVE-2020-35308 | Cri | 0.64 | 9.8 | 0.01 | Mar 31, 2021 | CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code. | ||
| CVE-2021-23005 | Cri | 0.59 | 9.1 | 0.01 | Mar 31, 2021 | On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software… | ||
| CVE-2021-22991 | Cri | 0.81 | 9.8 | 0.61 | KEV | Mar 31, 2021 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which… | |
| CVE-2021-22992 | Cri | 0.70 | 9.8 | 0.73 | Mar 31, 2021 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy… | ||
| CVE-2021-22989 | Cri | 0.60 | 9.1 | 0.09 | Mar 31, 2021 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the… | ||
| CVE-2021-22987 | Cri | 0.65 | 9.9 | 0.14 | Mar 31, 2021 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration… | ||
| CVE-2021-22986 | Cri | 0.93 | 9.8 | 1.00 | KEV | Mar 31, 2021 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution… | |
| CVE-2020-28172 | Cri | 0.64 | 9.8 | 0.03 | Mar 31, 2021 | A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel. | ||
| CVE-2020-24391 | — | Cri | 0.63 | 9.8 | 0.75 | Mar 30, 2021 | mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769. | |
| CVE-2021-26810 | Cri | 0.64 | 9.8 | 0.05 | Mar 30, 2021 | D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the… | ||
| CVE-2019-5319 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2021 | A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6… | ||
| CVE-2021-25149 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2021 | A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6… | ||
| CVE-2021-28672 | Cri | 0.64 | 9.8 | 0.02 | Mar 29, 2021 | Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before… | ||
| CVE-2021-28671 | Cri | 0.64 | 9.8 | 0.03 | Mar 29, 2021 | Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before… | ||
| CVE-2021-27274 | Cri | 0.64 | 9.8 | 0.08 | Mar 29, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class.… | ||
| CVE-2021-28673 | Cri | 0.64 | 9.8 | 0.02 | Mar 29, 2021 | Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before… | ||
| CVE-2021-28668 | Cri | 0.64 | 9.8 | 0.01 | Mar 29, 2021 | Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities. | ||
| CVE-2021-26714 | Cri | 0.64 | 9.8 | 0.03 | Mar 29, 2021 | The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory… |
- risk 0.64cvss 9.8epss 0.02
The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.
- risk 0.64cvss 9.8epss 0.01
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.
- risk 0.64cvss 9.8epss 0.01
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
- risk 0.68cvss 9.8epss 0.10
Composr 10.0.36 allows upload and execution of PHP files.
- risk 0.64cvss 9.8epss 0.02
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
- risk 0.64cvss 9.8epss 0.02
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
- risk 0.64cvss 9.8epss 0.01
Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.
- risk 0.64cvss 9.8epss 0.08
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.
- risk 0.65cvss 9.8epss 0.14
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create…
- risk 0.64cvss 9.8epss 0.02
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the…
- risk 0.63cvss 9.6epss 0.03
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.
- risk 0.65cvss 9.8epss 0.14
HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.
- risk 0.64cvss 9.8epss 0.03
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific…
- risk 0.64cvss 9.8epss 0.03
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
- risk 0.76cvss 9.8epss 0.07
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a…
- risk 0.76cvss 9.8epss 0.08
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a…
- risk 0.64cvss 9.8epss 0.03
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected…
- risk 0.64cvss 9.8epss 0.02
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
- risk 0.63cvss 9.6epss 0.03
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.
- risk 0.64cvss 9.8epss 0.01
Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.
- risk 0.64cvss 9.8epss 0.03
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.
- risk 0.59cvss 9.1epss 0.01
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.
- risk 0.59cvss 9.1epss 0.01
VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token.…
- risk 0.64cvss 9.1epss 0.60
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.
- risk 0.60cvss 9.1epss 0.16
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function.
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size().
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.
- risk 0.64cvss 9.8epss 0.01
CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code.
- risk 0.59cvss 9.1epss 0.01
On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software…
- risk 0.81cvss 9.8epss 0.61
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which…
- risk 0.70cvss 9.8epss 0.73
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy…
- risk 0.60cvss 9.1epss 0.09
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the…
- risk 0.65cvss 9.9epss 0.14
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration…
- risk 0.93cvss 9.8epss 1.00
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution…
- risk 0.64cvss 9.8epss 0.03
A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel.
- risk 0.63cvss 9.8epss 0.75
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
- risk 0.64cvss 9.8epss 0.05
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the…
- risk 0.64cvss 9.8epss 0.02
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6…
- risk 0.64cvss 9.8epss 0.02
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6…
- risk 0.64cvss 9.8epss 0.02
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before…
- risk 0.64cvss 9.8epss 0.03
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before…
- risk 0.64cvss 9.8epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class.…
- risk 0.64cvss 9.8epss 0.02
Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before…
- risk 0.64cvss 9.8epss 0.01
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
- risk 0.64cvss 9.8epss 0.03
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory…