6672 matches found
CVE-2021-20124
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
CVE-2021-20123
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
CVE-2021-20123
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
Heap overflow
A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...
Wire has unspecified vulnerabilities (CNVD-2022-10740)
Wire is a chat software from a personal developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, the ability to make voice calls, send photos, and its ingenious way of saying hello, PING. Wire has a security vulnerability that allows users of Wire by...
CVE-2021-42088
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled...
CVE-2021-42088
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled...
Cross site scripting
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled...
CVE-2021-42088
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled...
Design/Logic Flaw
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, China. A security vulnerability exists in a component of Huawei HarmonyOS, which provides a microkernel-based, fully-scoped distributed operating system. An attacker can exploit the vulnerability to cause abnormal system functionality...
CVE-2021-41595
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the filename parameter of the Step3 import functionality...
CVE-2021-41596
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality...
Information disclosure
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the filename parameter of the Step3 import functionality...
CVE-2021-41596
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality...
CVE-2021-41595
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the filename parameter of the Step3 import functionality...
CVE-2021-41868
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality...
Code injection
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality...
UBUNTU-CVE-2021-41868
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality...
CVE-2021-41868
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality...