Search Results (366631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27856 1 Fatpipeinc 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more 2024-11-21 9.8 Critical
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.
CVE-2021-27855 1 Fatpipeinc 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more 2024-11-21 8.8 High
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.
CVE-2021-27851 1 Gnu 1 Guix 2024-11-21 5.5 Medium
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.
CVE-2021-27850 1 Apache 1 Tapestry 2024-11-21 9.8 Critical
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
CVE-2021-27847 1 Libvips 1 Libvips 2024-11-21 6.5 Medium
Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85.
CVE-2021-27845 1 Jasper Project 1 Jasper 2024-11-21 5.5 Medium
A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c
CVE-2021-27839 1 Bigprof 1 Online Invoicing System 2024-11-21 4.4 Medium
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to.
CVE-2021-27836 2 Fedoraproject, Libxls Project 2 Fedora, Libxls 2024-11-21 6.5 Medium
An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.
CVE-2021-27828 1 In4velocity 1 In4suite Erp 2024-11-21 9.1 Critical
SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
CVE-2021-27823 1 Mediateknet 1 Netwave System 2024-11-21 7.5 High
An information disclosure vulnerability was discovered in /index.class.php (via port 8181) on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the system.
CVE-2021-27822 1 Phpgurukul 1 Vehicle Parking Management System 2024-11-21 4.8 Medium
A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field.
CVE-2021-27817 1 Shopxo 1 Shopxo 2024-11-21 9.8 Critical
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.
CVE-2021-27815 2 Fedoraproject, Libexif Project 2 Fedora, Exif 2024-11-21 5.5 Medium
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.
CVE-2021-27811 1 Qibosoft 1 Qibosoft 2024-11-21 7.2 High
A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php.
CVE-2021-27804 1 Libjxl Project 1 Libjxl 2024-11-21 9.8 Critical
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.
CVE-2021-27799 1 Zint 1 Barcode Generator 2024-11-21 7.5 High
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.
CVE-2021-27797 1 Broadcom 1 Fabric Operating System 2024-11-21 9.8 Critical
Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.
CVE-2021-27796 1 Broadcom 1 Fabric Operating System 2024-11-21 6.5 Medium
A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the “user” or “factory” account, to read the contents of any file on the filesystem utilizing one of a few available binaries.
CVE-2021-27795 1 Broadcom 13 Brocade 300, Brocade 610, Brocade 6505 and 10 more 2024-11-21 6.4 Medium
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key.
CVE-2021-27794 1 Broadcom 1 Fabric Operating System 2024-11-21 7.8 High
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.