Search Results (Refine Search)

Search Parameters:
There are 153,449 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2021-27574

An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.

Published: May 07, 2021; 3:31:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27573

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication.

Published: May 07, 2021; 3:31:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27572

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set.

Published: May 07, 2021; 3:31:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27571

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.

Published: May 07, 2021; 3:31:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27570

An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic.

Published: May 07, 2021; 3:31:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27569

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic.

Published: May 07, 2021; 3:31:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-29495

Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented.

Published: May 07, 2021; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22677

An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code execution on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).

Published: May 07, 2021; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-4901

IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.

Published: May 07, 2021; 12:15:07 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2021-29488

SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version.

Published: May 07, 2021; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27437

The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).

Published: May 07, 2021; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

Published: May 07, 2021; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22673

The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).

Published: May 07, 2021; 10:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22671

Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).

Published: May 07, 2021; 10:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22679

The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).

Published: May 07, 2021; 9:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22675

The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).

Published: May 07, 2021; 9:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-3502

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.

Published: May 07, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-26123

LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm.

Published: May 07, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-26122

LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.

Published: May 07, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21984

VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.

Published: May 07, 2021; 8:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)