Latest CVE Feed
-
9.8
CRITICALCVE-2021-33576
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.... Read more
Affected Products : lexicom- Published: Jun. 18, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33575
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.... Read more
Affected Products : ruby-jss- Published: May. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33574
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a de... Read more
Affected Products : fedora debian_linux solidfire_baseboard_management_controller_firmware cloud_backup e-series_santricity_os_controller h300s_firmware h500s_firmware h700s_firmware h410s_firmware glibc +10 more products- Published: May. 25, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-33572
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A ... Read more
Affected Products : cloud_protection_for_salesforce elements_for_microsoft_365 endpoint_protection linux_security- Published: Jun. 21, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33571
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP ... Read more
- Published: Jun. 08, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-33570
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via ... Read more
Affected Products : postbird- Published: May. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33564
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs becau... Read more
Affected Products : dragonfly- Published: May. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33563
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.... Read more
Affected Products : koel- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-33562
A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= UR... Read more
Affected Products : shopizer- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-33561
A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is saved in the database. The code is executed for an... Read more
Affected Products : shopizer- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33560
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in... Read more
Affected Products : fedora debian_linux communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function libgcrypt communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function communications_cloud_native_core_service_communication_proxy- Published: Jun. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33558
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-spec... Read more
Affected Products : boa- Published: May. 27, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-33557
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.... Read more
Affected Products : mantisbt- Published: Jun. 17, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33555
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.... Read more
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33554
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33553
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33552
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33551
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33550
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33549
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024