| Page(s) : 1 2 [3] 4 5 6 7 8 9 10 11 12 13 ... | Result(s) : 190407 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2021-06-18 | CVE-2021-34808 | cve | Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified... |
| N/A | 2021-06-18 | CVE-2021-34809 | cve | Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.... |
| N/A | 2021-06-18 | CVE-2021-34810 | cve | Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unsp... |
| N/A | 2021-06-18 | CVE-2021-34811 | cve | Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intrane... |
| N/A | 2021-06-18 | CVE-2021-34812 | cve | Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors. |
| N/A | 2021-06-17 | CVE-2021-32695 | cve | Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of ... |
| N/A | 2021-06-17 | CVE-2021-32424 | cve | In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page.... |
| N/A | 2021-06-17 | CVE-2021-32426 | cve | In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. |
| N/A | 2021-06-17 | CVE-2021-32694 | cve | Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Cli... |
| N/A | 2021-06-17 | CVE-2021-32693 | cve | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with ... |
| N/A | 2021-06-17 | CVE-2020-36388 | cve | In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. |
| N/A | 2021-06-17 | CVE-2020-36389 | cve | In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. |
| N/A | 2021-06-17 | CVE-2021-32575 | cve | HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0... |
| N/A | 2021-06-17 | CVE-2021-33557 | cve | An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hid... |
| N/A | 2021-06-17 | CVE-2021-31818 | cve | Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t paramete... |
| N/A | 2021-06-17 | CVE-2021-34825 | cve | Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. |
| N/A | 2021-06-17 | CVE-2020-25414 | cve | A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. |
| N/A | 2021-06-17 | CVE-2021-32078 | cve | An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn'... |
| N/A | 2021-06-17 | CVE-2013-20002 | cve | Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. |
| N/A | 2021-06-17 | CVE-2020-19202 | cve | An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64)... |
| Page(s) : 1 2 [3] 4 5 6 7 8 9 10 11 12 13 ... | Result(s) : 190407 |
