Search Results (Refine Search)

Search Parameters:
There are 155,792 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2021-33824

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Published: June 18, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33823

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.

Published: June 18, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32696

The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS.

Published: June 18, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21282

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround.

Published: June 18, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33822

An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Published: June 18, 2021; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33820

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.

Published: June 18, 2021; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33818

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Published: June 18, 2021; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-3604

Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.

Published: June 18, 2021; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-18442

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".

Published: June 18, 2021; 11:15:08 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-32956

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.

Published: June 18, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-32954

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.

Published: June 18, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23846

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.

Published: June 18, 2021; 10:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23845

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

Published: June 18, 2021; 10:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21997

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.

Published: June 18, 2021; 9:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34815

CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter.

Published: June 18, 2021; 8:15:08 AM -0400
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2021-26835

No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file.

Published: June 18, 2021; 8:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-26834

A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode.

Published: June 18, 2021; 8:15:08 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.

Published: June 18, 2021; 7:15:08 AM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.

Published: June 18, 2021; 7:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-33347

An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur.

Published: June 18, 2021; 7:15:08 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW