Lucene search
K

9794 matches found

UbuntuCve
UbuntuCve
added 2022/01/01 6:15 a.m.27 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS6.8AI score0.02931EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2022/01/01 12:0 a.m.78 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS8AI score0.02931EPSS
Exploits1
CVE
CVE
added 2022/01/01 12:0 a.m.499 views

CVE-2021-41819

CVE-2021-41819 affects Ruby and the CGI::Cookie.parse function; Ruby up to 2.6.8 (and CGI gem up to 0.3.0) mishandle security prefixes in cookie names, enabling cookie-prefix spoofing. Public advisories confirm this and list affected Ruby versions across multiple distributions (AL2, AL2 Ruby3.0 e...

7.5CVSS7.5AI score0.02931EPSS
Exploits1References6Affected Software2
Debian CVE
Debian CVE
added 2022/01/01 12:0 a.m.31 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS6.9AI score0.02931EPSS
Exploits1
Cvelist
Cvelist
added 2022/01/01 12:0 a.m.27 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.9AI score0.02931EPSS
Exploits1References6
NVD
NVD
added 2021/12/30 10:15 p.m.24 views

CVE-2021-20167

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter...

8CVSS0.08461EPSS
Exploits0References1
NVD
NVD
added 2021/12/30 10:15 p.m.26 views

CVE-2021-20166

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton...

8.8CVSS0.02177EPSS
Exploits0References1
Prion
Prion
added 2021/12/30 10:15 p.m.34 views

Command injection

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter...

7.7CVSS8.1AI score0.08461EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/30 10:15 p.m.20 views

Buffer overflow

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton...

5.8CVSS8.8AI score0.02177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.23 views

CVE-2021-20167

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter...

8.3AI score0.08461EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.26 views

CVE-2021-20166

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton...

9.1AI score0.02177EPSS
Exploits0References1
CVE
CVE
added 2021/12/30 9:31 p.m.199 views

CVE-2021-20166

Netgear RAX43 firmware 1.0.3.96 is affected by a buffer overrun in the cgi-bin URL parsing endpoint (CVE-2021-20166). Nuclei templates also describe a related issue: command injection/authentication bypass in readycloud_control.cgi’s name parameter, and note that this vulnerability combines CVE-2...

8.8CVSS8.8AI score0.02177EPSS
In wildExploits0References1Affected Software1
CNVD
CNVD
added 2021/12/30 12:0 a.m.12 views

Zyxel NBG6604 Access Control Error Vulnerability

The Zyxel NBG6604 is a dual-band wireless router from China-based Hopkins Technology Zyxel. An access control error vulnerability exists in the Zyxel NBG6604 that originates from the product's CGI program allowing users with expired sessions to access the device. No details of the vulnerability a...

9.1CVSS9.2AI score0.01044EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/30 12:0 a.m.70 views

CVE-2021-20167

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8CVSS4.5AI score0.08461EPSS
In wildExploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/30 12:0 a.m.29 views

CVE-2021-20166

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Valu...

8.8CVSS5.4AI score0.02177EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2021/12/30 12:0 a.m.3 views

Netgear RAX43 缓冲区错误漏洞

The Netgear RAX43 is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between them. A buffer overflow vulnerability exists in Netgear RAX43 version 1.0.3.96. The vulnerability is caused by the URL parsing functionality of the...

8.8CVSS6AI score0.02177EPSS
Exploits0References3
NVD
NVD
added 2021/12/29 1:15 p.m.11 views

CVE-2021-35034

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...

9.1CVSS0.01044EPSS
Exploits0References1
Prion
Prion
added 2021/12/29 1:15 p.m.17 views

Session fixation

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...

6.4CVSS8.9AI score0.01044EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/12/29 12:36 p.m.53 views

CVE-2021-35034

Zyxel NBG6604 firmware CGI program has an insufficient session expiration vulnerability that can let a remote attacker access the device if the correct token is intercepted. Impact is unauthorized access via the network; exploitation is network-based with no user interaction. No explicit remediat...

9.1CVSS9AI score0.01044EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/29 12:36 p.m.15 views

CVE-2021-35034

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...

7.4CVSS9.2AI score0.01044EPSS
Exploits0References1
Rows per page
Query Builder