Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42129 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | |||||
| CVE-2021-42132 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | |||||
| CVE-2021-42988 | 1 Eltima | 1 Usb Network Gate | 2021-12-08 | 7.2 HIGH | 8.8 HIGH |
| Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-42987 | 1 Eltima | 1 Usb Network Gate | 2021-12-08 | 7.2 HIGH | 8.8 HIGH |
| Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-42130 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. | |||||
| CVE-2021-42131 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | |||||
| CVE-2021-42125 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | |||||
| CVE-2021-22956 | 1 Citrix | 4 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 1 more | 2021-12-08 | 4.3 MEDIUM | 7.5 HIGH |
| An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. | |||||
| CVE-2021-42127 | 1 Ivanti | 1 Avalanche | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | |||||
| CVE-2021-43784 | 2 Debian, Linuxfoundation | 2 Debian Linux, Runc | 2021-12-08 | 6.0 MEDIUM | 5.0 MEDIUM |
| runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug. | |||||
| CVE-2021-43805 | 1 Nebulab | 1 Solidus | 2021-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity. | |||||
| CVE-2021-42994 | 1 Donglify | 1 Donglify | 2021-12-08 | 7.2 HIGH | 8.8 HIGH |
| Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-40334 | 1 Hitachienergy | 4 Fox615, Fox615 Firmware, Xcm20 and 1 more | 2021-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A. | |||||
| CVE-2021-43789 | 1 Prestashop | 1 Prestashop | 2021-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2. | |||||
| CVE-2020-27356 | 1 Debug Meta Data Project | 1 Debug Meta Data | 2021-12-08 | 3.5 LOW | 5.4 MEDIUM |
| The debug-meta-data plugin 1.1.2 for WordPress allows XSS. | |||||
| CVE-2021-42986 | 1 Nomachine | 1 Enterprise Client | 2021-12-08 | 7.2 HIGH | 8.8 HIGH |
| NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-42976 | 1 Nomachine | 1 Enterprise Desktop | 2021-12-08 | 7.2 HIGH | 8.8 HIGH |
| NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-42977 | 1 Nomachine | 1 Enterprise Desktop | 2021-12-08 | 7.2 HIGH | 8.8 HIGH |
| NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-42980 | 1 Nomachine | 1 Cloud Server | 2021-12-08 | 7.2 HIGH | 8.8 HIGH |
| NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||
| CVE-2021-42983 | 1 Nomachine | 1 Enterprise Client | 2021-12-08 | 7.2 HIGH | 8.8 HIGH |
| NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | |||||