βΌ CVE-2021-39908 βΌ
π Read
via "National Vulnerability Database".
In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32949 βΌ
π Read
via "National Vulnerability Database".
An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25691 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32960 βΌ
π Read
via "National Vulnerability Database".
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26623 βΌ
π Read
via "National Vulnerability Database".
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32503 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive informationΓ’β¬β’s to launch further attacks on the system.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-32974 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32976 βΌ
π Read
via "National Vulnerability Database".
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28355 βΌ
π Read
via "National Vulnerability Database".
randomUUID in Scala.js before 1.10.0 generates predictable values.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28356 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28376 βΌ
π Read
via "National Vulnerability Database".
Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28368 βΌ
π Read
via "National Vulnerability Database".
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).π Read
via "National Vulnerability Database".
βΌ CVE-2022-28381 βΌ
π Read
via "National Vulnerability Database".
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28378 βΌ
π Read
via "National Vulnerability Database".
Craft CMS before 3.7.29 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0405 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0406 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28379 βΌ
π Read
via "National Vulnerability Database".
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28380 βΌ
π Read
via "National Vulnerability Database".
The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30061 βΌ
π Read
via "National Vulnerability Database".
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27248 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30062 βΌ
π Read
via "National Vulnerability Database".
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.π Read
via "National Vulnerability Database".