Lucene search
+L

120 matches found

OSV
OSV
added 2021/12/19 7:35 p.m.14 views

GSD-2021-1002385 iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove

iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.293 by commit...

7.2AI score
Exploits0
Prion
Prion
added 2021/12/15 1:15 p.m.15 views

Design/Logic Flaw

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to...

4CVSS6.3AI score0.01037EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2021/12/15 1:15 p.m.33 views

CVE-2021-20330

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to...

6.5CVSS6.6AI score0.01037EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/12/15 12:30 p.m.32 views

CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to...

6.5CVSS6.6AI score0.01037EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/30 8:7 p.m.37 views

Security Bulletin: IBM Aspera High-Speed Transfer Server, Endpoint, and Desktop Client are vulnerable to libcurl vulnerabilities (CVE-2021-22901, CVE-2021-22898)

Summary The following libcurl security vulnerabilities have been addressed for Aspera High-Speed Tranfer Server HSTS , Aspera High-Speed Transfer Endpoint HSTE, and Deskstop Client. Vulnerability Details CVEID: CVE-2021-22901 DESCRIPTION: cURL libcurl could allow a remote attacker to execute...

8.1CVSS1.9AI score0.60122EPSS
Exploits2Affected Software2
CVE
CVE
added 2021/08/20 6:10 p.m.71 views

CVE-2021-36000

CVE-2021-36000 affects Adobe Character Animator versions 4.2 and earlier. The issue is a memory corruption vulnerability triggered while parsing a specially crafted file, allowing an unauthenticated attacker to achieve arbitrary code execution in the user’s context. Exploitation requires user int...

9.3CVSS7.8AI score0.02265EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2021/07/26 6:20 p.m.38 views

CVE-2021-20333

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.1...

5.3CVSS5.2AI score0.01273EPSS
Exploits1References3
Prion
Prion
added 2021/07/14 7:15 p.m.18 views

Design/Logic Flaw

An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover...

7.8CVSS7.2AI score0.01471EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/03/10 10:15 a.m.16 views

Cross site scripting

Stored cross-site scripting vulnerability in Admin Page of GROWI v4.2 Series versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

3.5CVSS4.8AI score0.00754EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/10 10:15 a.m.18 views

Cross site scripting

Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI v4.2 Series versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors...

4.3CVSS5.9AI score0.00947EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/03/10 9:20 a.m.56 views

CVE-2021-20673

CVE-2021-20673 is a stored cross-site scripting vulnerability in GROWI (v4.2 Series) Admin Page, affecting versions v4.2.0 through v4.2.7. The issue allows a remote authenticated attacker to inject arbitrary script into a logged-in user’s browser via unspecified vectors. Affected product: GROWI (...

4.8CVSS4.7AI score0.00754EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/03/10 9:20 a.m.48 views

CVE-2021-20672

The CVE-2021-20672 entry applies to GROWI (WESEEK) versions in the 4.2.x series, specifically 4.2.0–4.2.7. The underlying issue is insufficient verification/validation of URL query parameters, causing a reflected cross-site scripting (XSS) vulnerability. Attackers can inject arbitrary scripts tha...

6.1CVSS6AI score0.00947EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/01/19 5:15 a.m.12 views

CVE-2021-20619

Cross-site scripting vulnerability in GROWI v4.2 Series versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.1AI score0.01044EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/01/19 4:55 a.m.21 views

CVE-2021-20619

Cross-site scripting vulnerability in GROWI v4.2 Series versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.3AI score0.01044EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/15 12:0 a.m.56 views

JVN#94169589: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS due to improper verification of input values CWE-400 - CVE-2020-5682 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L| Base Score: 5.3 CVSS v2|...

7.5CVSS7.7AI score0.02982EPSS
Exploits0
MongoDB
MongoDB
added 2020/12/01 12:0 a.m.32 views

Invariant in IndexBoundsBuilder

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2...

6.5CVSS6.3AI score0.01282EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2020/11/30 12:0 a.m.39 views

Potential privilege escalation in Ops Manager API

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2...

8.1CVSS5.6AI score0.01032EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/23 7:0 p.m.30 views

CVE-2020-7927 Potential privilege escalation in Ops Manager API

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

8.1CVSS8AI score0.01032EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/11/23 4:15 p.m.27 views

CVE-2019-20924

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2...

6.5CVSS6.6AI score0.01282EPSS
Exploits0References2
Prion
Prion
added 2020/11/23 3:15 p.m.16 views

Input validation

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 version...

5CVSS7.3AI score0.0166EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder