git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
Max CVSS
7.5
EPSS Score
0.26%
Published
2021-08-31
Updated
2022-11-07
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
Max CVSS
6.1
EPSS Score
0.11%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
Max CVSS
9.8
EPSS Score
0.47%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
Max CVSS
6.1
EPSS Score
0.11%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
Max CVSS
9.8
EPSS Score
4.72%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
Max CVSS
8.8
EPSS Score
0.10%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
Max CVSS
8.8
EPSS Score
0.10%
Published
2021-08-29
Updated
2021-09-01
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
Max CVSS
8.8
EPSS Score
0.10%
Published
2021-08-29
Updated
2021-09-01
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
Max CVSS
8.1
EPSS Score
0.73%
Published
2021-08-27
Updated
2023-05-30
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-08-26
Updated
2021-09-07
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.
Max CVSS
7.5
EPSS Score
0.18%
Published
2021-08-26
Updated
2024-03-21
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
Max CVSS
7.5
EPSS Score
0.33%
Published
2021-08-27
Updated
2022-09-03
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it's not possible to create new such publishers, but existing publishers would continue to run.
Max CVSS
2.3
EPSS Score
0.04%
Published
2021-08-25
Updated
2021-09-09
An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints (by verifying that the client certificate has access to the CA and Profiles being enrolled against), this check was not performed when authenticating revocation operations, allowing a known tenant to revoke a certificate belonging to another tenant.
Max CVSS
5.4
EPSS Score
0.07%
Published
2021-08-25
Updated
2021-09-07
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST.
Max CVSS
4.0
EPSS Score
0.05%
Published
2021-08-25
Updated
2021-09-07
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from direct view, checking the page source would reveal the secret.
Max CVSS
3.5
EPSS Score
0.05%
Published
2021-08-25
Updated
2022-07-12
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
Max CVSS
6.5
EPSS Score
0.11%
Published
2021-08-31
Updated
2022-06-13
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers (a program with the same specification) does not do that.
Max CVSS
9.8
EPSS Score
0.44%
Published
2021-08-25
Updated
2022-07-12
Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).
Max CVSS
7.5
EPSS Score
0.19%
Published
2021-08-25
Updated
2021-08-30
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Max CVSS
10.0
EPSS Score
0.38%
Published
2021-08-23
Updated
2024-03-21
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.
Max CVSS
9.8
EPSS Score
0.38%
Published
2021-08-23
Updated
2021-08-30
D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Max CVSS
9.8
EPSS Score
0.38%
Published
2021-08-23
Updated
2024-03-21
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-08-23
Updated
2022-07-28
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.
Max CVSS
9.0
EPSS Score
2.99%
Published
2021-08-23
Updated
2021-09-14
A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.
Max CVSS
6.5
EPSS Score
0.06%
Published
2021-08-23
Updated
2021-08-30
2085 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!