| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-45884 |
200 |
|
+Info |
2021-12-27 |
2022-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916. |
|
2 |
CVE-2021-45708 |
668 |
|
Bypass +Info |
2021-12-27 |
2022-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass. |
|
3 |
CVE-2021-45654 |
200 |
|
+Info |
2021-12-26 |
2022-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information. |
|
4 |
CVE-2021-45653 |
200 |
|
+Info |
2021-12-26 |
2022-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. |
|
5 |
CVE-2021-45652 |
200 |
|
+Info |
2021-12-26 |
2022-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. |
|
6 |
CVE-2021-45651 |
200 |
|
+Info |
2021-12-26 |
2022-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK50 before 2.7.3.22, RBR50 before 2.7.3.22, and RBS50 before 2.7.3.22. |
|
7 |
CVE-2021-45650 |
200 |
|
+Info |
2021-12-26 |
2022-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126. |
|
8 |
CVE-2021-45649 |
200 |
|
+Info |
2021-12-26 |
2022-01-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126. |
|
9 |
CVE-2021-45648 |
200 |
|
+Info |
2021-12-26 |
2022-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7. |
|
10 |
CVE-2021-45647 |
200 |
|
+Info |
2021-12-26 |
2022-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. |
|
11 |
CVE-2021-45646 |
200 |
|
+Info |
2021-12-26 |
2022-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information. |
|
12 |
CVE-2021-45603 |
200 |
|
+Info |
2021-12-26 |
2022-01-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. |
|
13 |
CVE-2021-45493 |
200 |
|
+Info |
2021-12-26 |
2022-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. |
|
14 |
CVE-2021-45488 |
327 |
|
+Info |
2021-12-25 |
2022-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. |
|
15 |
CVE-2021-45486 |
327 |
|
+Info |
2021-12-25 |
2023-02-24 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
|
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. |
|
16 |
CVE-2021-45485 |
327 |
|
+Info |
2021-12-25 |
2023-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. |
|
17 |
CVE-2021-45095 |
200 |
|
+Info |
2021-12-16 |
2022-04-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. |
|
18 |
CVE-2021-45046 |
502 |
|
Exec Code +Info |
2021-12-14 |
2022-10-06 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. |
|
19 |
CVE-2021-45038 |
200 |
|
+Info |
2021-12-17 |
2023-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. |
|
20 |
CVE-2021-44450 |
125 |
|
+Info |
2021-12-14 |
2021-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865) |
|
21 |
CVE-2021-44448 |
125 |
|
+Info |
2021-12-14 |
2021-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051) |
|
22 |
CVE-2021-44444 |
125 |
|
+Info |
2021-12-14 |
2022-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052) |
|
23 |
CVE-2021-44439 |
125 |
|
+Info |
2021-12-14 |
2021-12-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14908) |
|
24 |
CVE-2021-44436 |
125 |
|
+Info |
2021-12-14 |
2021-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905) |
|
25 |
CVE-2021-44431 |
125 |
|
+Info |
2021-12-14 |
2021-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841) |
|
26 |
CVE-2021-44145 |
200 |
|
+Info |
2021-12-17 |
2021-12-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information. |
|
27 |
CVE-2021-44017 |
125 |
|
+Info |
2021-12-14 |
2022-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111) |
|
28 |
CVE-2021-44015 |
125 |
|
+Info |
2021-12-14 |
2022-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109) |
|
29 |
CVE-2021-44012 |
125 |
|
+Info |
2021-12-14 |
2022-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102) |
|
30 |
CVE-2021-44011 |
125 |
|
+Info |
2021-12-14 |
2022-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101) |
|
31 |
CVE-2021-44010 |
125 |
|
+Info |
2021-12-14 |
2021-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. |
|
32 |
CVE-2021-44009 |
125 |
|
+Info |
2021-12-14 |
2021-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. |
|
33 |
CVE-2021-44008 |
125 |
|
+Info |
2021-12-14 |
2021-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. |
|
34 |
CVE-2021-44004 |
125 |
|
+Info |
2021-12-14 |
2021-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process. |
|
35 |
CVE-2021-43963 |
200 |
|
+Info |
2021-12-07 |
2021-12-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.) |
|
36 |
CVE-2021-43564 |
200 |
|
+Info |
2021-11-10 |
2021-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf). |
|
37 |
CVE-2021-43398 |
203 |
|
+Info |
2021-11-04 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this report is disputed by the vendor and multiple third parties. The execution-time differences are intentional. A user may make a choice of a longer key as a tradeoff between strength and performance. In making this choice, the amount of information leaked to an adversary is of infinitesimal value. |
|
38 |
CVE-2021-43067 |
200 |
|
+Info |
2021-12-08 |
2021-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. |
|
39 |
CVE-2021-42699 |
319 |
|
+Info |
2021-11-05 |
2021-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. |
|
40 |
CVE-2021-42568 |
200 |
|
+Info |
2021-11-02 |
2021-11-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. |
|
41 |
CVE-2021-42374 |
125 |
|
DoS +Info |
2021-11-15 |
2023-04-25 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that |
|
42 |
CVE-2021-42337 |
|
|
Bypass +Info |
2021-11-16 |
2022-08-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters. |
|
43 |
CVE-2021-42336 |
|
|
Bypass +Info |
2021-10-15 |
2022-08-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters. |
|
44 |
CVE-2021-42326 |
200 |
|
+Info |
2021-10-12 |
2021-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. |
|
45 |
CVE-2021-42089 |
200 |
|
+Info |
2021-10-07 |
2021-10-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. |
|
46 |
CVE-2021-42072 |
287 |
|
+Info |
2021-11-08 |
2022-05-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption. |
|
47 |
CVE-2021-41972 |
|
|
+Info |
2021-11-12 |
2022-08-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. |
|
48 |
CVE-2021-41874 |
|
|
+Info |
2021-10-29 |
2023-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. NOTE: Portainer has received no detail of this CVE report. There is also no response after multiple attempts of contacting the original source. |
|
49 |
CVE-2021-41747 |
79 |
|
XSS +Info |
2021-10-22 |
2021-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies. |
|
50 |
CVE-2021-41746 |
89 |
|
Sql +Info |
2021-10-29 |
2021-12-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information. |
