| Page(s) : 1 ... 782 783 784 785 786 787 788 789 790 791 [792] 793 794 795 796 797 798 799 800 801 802 ... | Result(s) : 43532 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2021-03-01 | CVE-2021-25832 | cve | A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacke... |
| 9.8 | 2021-03-01 | CVE-2021-25914 | cve | Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. |
| 9.8 | 2021-03-01 | CVE-2021-25833 | cve | A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the reques... |
| 9.1 | 2021-02-27 | CVE-2021-3144 | cve | In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) |
| 9.8 | 2021-02-27 | CVE-2021-3148 | cve | An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of diffe... |
| 9.8 | 2021-02-27 | CVE-2021-25281 | cve | An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any whe... |
| 9.8 | 2021-02-27 | CVE-2021-3197 | cve | An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_o... |
| 9.1 | 2021-02-27 | CVE-2021-25282 | cve | An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. |
| 9.8 | 2021-02-27 | CVE-2021-27132 | cve | SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. |
| 9.8 | 2021-02-27 | CVE-2021-25283 | cve | An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. |
| 9.8 | 2021-02-27 | CVE-2019-25022 | cve | An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the... |
| 9.1 | 2021-02-26 | CVE-2020-28199 | cve | best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor. |
| 9.1 | 2021-02-26 | CVE-2021-21308 | cve | PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign requ... |
| 9 | 2021-02-26 | CVE-2021-26566 | cve | Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to ex... |
| 9.8 | 2021-02-26 | CVE-2019-11684 | cve | Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, ... |
| 9.8 | 2021-02-26 | CVE-2021-26904 | cve | LMA ISIDA Retriever 5.2 allows SQL Injection. |
| 9.8 | 2021-02-26 | CVE-2021-27198 | cve | An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using ... |
| 9.8 | 2021-02-25 | CVE-2021-27670 | cve | Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. |
| 9.8 | 2021-02-25 | CVE-2021-3406 | cve | A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate ... |
| 9.8 | 2021-02-25 | CVE-2020-23534 | cve | A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. |
| Page(s) : 1 ... 782 783 784 785 786 787 788 789 790 791 [792] 793 794 795 796 797 798 799 800 801 802 ... | Result(s) : 43532 |
