Show filters
214,028 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2021-44158

Disclosure Date: January 03, 2022 (last updated January 10, 2022)
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.
0
Attacker Value
Unknown

CVE-2021-45916

Disclosure Date: December 30, 2021 (last updated January 10, 2022)
The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially.
0
Attacker Value
Unknown

CVE-2021-45917

Disclosure Date: December 30, 2021 (last updated January 10, 2022)
The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.
0
Attacker Value
Unknown

CVE-2021-44160

Disclosure Date: December 30, 2021 (last updated January 10, 2022)
Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user.
0
Attacker Value
Unknown

CVE-2021-23727

Disclosure Date: December 29, 2021 (last updated January 10, 2022)
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.
0
Attacker Value
Unknown

CVE-2021-25993

Disclosure Date: December 29, 2021 (last updated January 10, 2022)
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.
0
Attacker Value
Unknown

CVE-2021-36723

Disclosure Date: December 28, 2021 (last updated January 10, 2022)
Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.
0
Attacker Value
Unknown

CVE-2021-36724

Disclosure Date: December 28, 2021 (last updated January 10, 2022)
ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.
0
Attacker Value
Unknown

CVE-2021-36722

Disclosure Date: December 28, 2021 (last updated January 10, 2022)
Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host.
0
Attacker Value
Unknown

CVE-2021-44161

Disclosure Date: December 28, 2021 (last updated January 10, 2022)
Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.
0