Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34326 | 1 Siemens | 3 Jt2go, Solid Edge, Teamcenter Visualization | 2022-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422) | |||||
| CVE-2021-34307 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-10-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343) | |||||
| CVE-2021-33713 | 1 Siemens | 1 Jt Utilities | 2022-10-27 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. | |||||
| CVE-2021-3547 | 1 Openvpn | 1 Openvpn | 2022-10-27 | 5.8 MEDIUM | 7.4 HIGH |
| OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. | |||||
| CVE-2022-1269 | 1 Fastflow | 1 Fastflow | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-29154 | 2 Fedoraproject, Samba | 2 Fedora, Rsync | 2022-10-27 | N/A | 7.4 HIGH |
| An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). | |||||
| CVE-2021-34627 | 1 Wp-upload-restriction Project | 1 Wp-upload-restriction | 2022-10-27 | 3.5 LOW | 4.3 MEDIUM |
| A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior. | |||||
| CVE-2021-34626 | 1 Wp-upload-restriction Project | 1 Wp-upload-restriction | 2022-10-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior. | |||||
| CVE-2021-34622 | 1 Profilepress | 1 Profilepress | 2022-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2022-24992 | 1 Qr Code Generator Project | 1 Qr Code Generator | 2022-10-27 | N/A | 7.5 HIGH |
| A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal. | |||||
| CVE-2021-35249 | 1 Solarwinds | 1 Serv-u | 2022-10-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed. | |||||
| CVE-2021-33013 | 1 Myscada | 1 Mypro | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | |||||
| CVE-2021-38427 | 1 Rti | 2 Connext Dds Professional, Connext Dds Secure | 2022-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. | |||||
| CVE-2021-3849 | 2 Ibm, Lenovo | 10 Nextscale Fan Power Controller, Nextscale Fan Power Controller Firmware, Nextscale N1200 Enclosure and 7 more | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. | |||||
| CVE-2021-36776 | 1 Rancher | 1 Rancher | 2022-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10. | |||||
| CVE-2021-36775 | 1 Rancher | 1 Rancher | 2022-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. | |||||
| CVE-2021-3813 | 1 Chatwoot | 1 Chatwoot | 2022-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | |||||
| CVE-2021-34865 | 1 Netgear | 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more | 2022-10-27 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313. | |||||
| CVE-2021-3850 | 2 Adodb Project, Debian | 2 Adodb, Debian Linux | 2022-10-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | |||||
| CVE-2021-36339 | 1 Dell | 7 Powermax Os, Solutions Enabler, Solutions Enabler Virtual Appliance and 4 more | 2022-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. | |||||