Total
32 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15568 | 1 Terra-master | 1 Tos | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter. | |||||
CVE-2020-15372 | 1 Broadcom | 1 Fabric Operating System | 2021-06-22 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging. | |||||
CVE-2021-25947 | 1 Nestie Project | 1 Nestie | 2021-06-11 | 7.5 HIGH | 9.8 CRITICAL |
Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
CVE-2021-21413 | 1 Isolated-vm Project | 1 Isolated-vm | 2021-04-07 | 5.8 MEDIUM | 9.6 CRITICAL |
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an environment where the implementer has exposed a Reference instance to an attacker they would be able to use it to acquire a Reference to the nodejs context's Function object. Similar application-specific attacks could be possible by modifying the local prototype of other API objects. Access to NativeModule objects could allow an attacker to load and run native code from anywhere on the filesystem. If combined with, for example, a file upload API this would allow for arbitrary code execution. This is addressed in v4.0.0 through a series of related changes. | |||||
CVE-2020-3419 | 1 Cisco | 1 Webex Meetings Server | 2020-12-01 | 6.4 MEDIUM | 9.1 CRITICAL |
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities. | |||||
CVE-2020-25803 | 1 Craftercms | 1 Studio | 2020-10-09 | 9.0 HIGH | 7.2 HIGH |
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. | |||||
CVE-2020-25802 | 1 Craftercms | 1 Studio | 2020-10-09 | 9.0 HIGH | 7.2 HIGH |
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. | |||||
CVE-2018-19836 | 1 Metinfo | 1 Metinfo | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter. | |||||
CVE-2020-4100 | 1 Hcltechsw | 1 Hcl Verse | 2020-07-22 | 2.1 LOW | 4.4 MEDIUM |
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly." | |||||
CVE-2019-1617 | 1 Cisco | 9 N9k-c92160yc-x, N9k-c9236c, N9k-c9272q and 6 more | 2019-10-09 | 6.1 MEDIUM | 7.4 HIGH |
A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2). | |||||
CVE-2019-1595 | 1 Cisco | 3 Nexus 5600, Nexus 6000, Nx-os | 2019-10-09 | 6.1 MEDIUM | 6.5 MEDIUM |
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1). | |||||
CVE-2014-9852 | 3 Imagemagick, Opensuse, Suse | 7 Imagemagick, Leap, Opensuse and 4 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. |