IDCVSSSummaryLast (major) updatePublished
CVE-2022-2778 None
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
30-09-2022 - 04:15 30-09-2022 - 04:15
CVE-2020-25602 4.6
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the ba
30-09-2022 - 03:44 23-09-2020 - 22:15
CVE-2020-25604 1.9
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also o
30-09-2022 - 03:44 23-09-2020 - 22:15
CVE-2020-15776 6.8
An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbi
30-09-2022 - 03:39 18-09-2020 - 14:15
CVE-2020-15772 4.0
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferen
30-09-2022 - 03:38 18-09-2020 - 14:15
CVE-2020-15775 5.0
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.
30-09-2022 - 03:38 18-09-2020 - 14:15
CVE-2020-15774 4.6
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browser could reopen their browser to access Gradle Enter
30-09-2022 - 03:38 18-09-2020 - 14:15
CVE-2020-15768 5.0
An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to di
30-09-2022 - 03:28 18-09-2020 - 14:15
CVE-2020-15770 2.1
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.
30-09-2022 - 03:28 18-09-2020 - 14:15
CVE-2020-5541 5.8
Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL.
30-09-2022 - 03:25 25-08-2020 - 03:15
CVE-2020-16223 6.8
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute
30-09-2022 - 03:24 07-08-2020 - 00:15
CVE-2020-16219 6.8
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrar
30-09-2022 - 03:24 07-08-2020 - 00:15
CVE-2020-16221 6.8
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute
30-09-2022 - 03:24 07-08-2020 - 00:15
CVE-2020-16225 6.8
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute
30-09-2022 - 03:24 07-08-2020 - 00:15
CVE-2020-5540 4.3
Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL.
30-09-2022 - 03:24 25-08-2020 - 03:15
CVE-2020-14591 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple
30-09-2022 - 03:23 15-07-2020 - 18:15
CVE-2021-20771 4.3
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
30-09-2022 - 03:09 18-08-2021 - 06:15
CVE-2021-21863 6.8
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provi
30-09-2022 - 03:09 05-08-2021 - 20:15
CVE-2021-21805 10.0
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to
30-09-2022 - 03:09 05-08-2021 - 21:15
CVE-2021-21866 6.8
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An
30-09-2022 - 03:09 02-08-2021 - 21:15
CVE-2021-21799 4.3
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the tar
30-09-2022 - 03:08 16-07-2021 - 11:15
CVE-2021-21800 4.3
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the target
30-09-2022 - 03:08 16-07-2021 - 11:15
CVE-2021-21801 4.3
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
30-09-2022 - 03:08 16-07-2021 - 11:15
CVE-2021-21802 4.3
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
30-09-2022 - 03:08 16-07-2021 - 11:15
CVE-2021-33678 7.5
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the a
30-09-2022 - 03:08 14-07-2021 - 12:15
CVE-2021-21793 6.8
An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trig
30-09-2022 - 03:07 08-07-2021 - 12:15
CVE-2021-21794 6.8
An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vul
30-09-2022 - 03:07 08-07-2021 - 12:15
CVE-2021-21871 6.8
A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor
30-09-2022 - 03:06 29-06-2021 - 16:15
CVE-2021-32629 4.6
Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario th
30-09-2022 - 03:06 24-05-2021 - 16:15
CVE-2015-1931 None
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows l
30-09-2022 - 03:04 29-09-2022 - 03:15
CVE-2020-26139 2.9
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denia
30-09-2022 - 03:03 11-05-2021 - 20:15
CVE-2020-24588 2.9
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP
30-09-2022 - 03:03 11-05-2021 - 20:15
CVE-2021-21784 6.8
An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
30-09-2022 - 03:02 13-04-2021 - 19:15
CVE-2021-30140 3.5
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is
30-09-2022 - 03:02 06-04-2021 - 16:15
CVE-2019-5797 None
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
30-09-2022 - 02:57 29-09-2022 - 02:15
CVE-2021-1382 7.2
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient inp
30-09-2022 - 02:53 24-03-2021 - 20:15
CVE-2020-13554 7.2
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace
30-09-2022 - 02:52 03-03-2021 - 17:15
CVE-2021-21803 4.3
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
30-09-2022 - 02:51 16-07-2021 - 11:15
CVE-2020-28587 6.8
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attac
30-09-2022 - 02:51 23-02-2021 - 19:15
CVE-2020-27250 6.8
In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the siz
30-09-2022 - 02:51 10-02-2021 - 22:15
CVE-2020-27249 6.8
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In versi
30-09-2022 - 02:51 04-02-2021 - 07:15
CVE-2021-21864 6.8
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution.
30-09-2022 - 02:50 02-08-2021 - 21:15
CVE-2021-21804 7.5
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP requ
30-09-2022 - 02:50 16-07-2021 - 11:15
CVE-2021-21473 6.5
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauth
30-09-2022 - 02:50 09-06-2021 - 14:15
CVE-2022-39264 None
nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect agains
30-09-2022 - 02:49 28-09-2022 - 22:15
CVE-2022-27002 10.0
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
30-09-2022 - 02:40 15-03-2022 - 22:15
CVE-2022-24409 7.5
Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerab
30-09-2022 - 02:39 23-02-2022 - 22:15
CVE-2022-0572 6.8
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
30-09-2022 - 02:39 14-02-2022 - 12:15
CVE-2021-40419 5.0
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this
30-09-2022 - 02:38 28-01-2022 - 20:15
CVE-2021-45444 5.1
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
30-09-2022 - 02:37 14-02-2022 - 12:15
Back to Top Mark selected
Back to Top