2022-02-02
2022-02-02 18:15Z
CRIT

CVE-2021-42637 — Printerlogic Web_stack: Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42637

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 918VNDPrinterlogicTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-01
2022-02-01 23:15Z
HIGH

CVE-2021-42638 — Printerlogic Web_stack: Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42638

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution. CVSSv3.1 8.1 (HIGH) · EPSS 92th percentile

CWECWE 77VNDPrinterlogicTYPVulnerability
8.1
CVSS v3.1
92
Edit Score
2022-01-31
2022-01-31 18:15Z
HIGH

CVE-2021-42635 — Printerlogic Web_stack: Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42635

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. CVSSv3.1 8.1 (HIGH) · EPSS 92th percentile

CWECWE 798VNDPrinterlogicTYPVulnerability
8.1
CVSS v3.1
92
Edit Score
2022-01-31
2022-01-31 18:15Z
HIGH

CVE-2021-42631 — Printerlogic Virtual_appliance: Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42631

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. CVSSv3.1 8.1 (HIGH) · EPSS 93th percentile

CWECWE 502VNDPrinterlogicTYPVulnerability
8.1
CVSS v3.1
92
Edit Score
2022-01-28
2022-01-28 19:15Z
CRIT

CVE-2021-44971 — Tenda Ac15_firmware: Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44971

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. CVSSv3.1 9.8 (CRITICAL) · EPSS 83th percentile

CWECWE 697VNDTendaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-01-27
2022-01-27 13:15Z
HIGH

CVE-2021-44793 — Krontech Single_connect: The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44793

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials. CVSSv3.1 8.6 (HIGH) · EPSS 63th percentile

CWECWE 862VNDKrontechTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2022-01-26
2022-01-26 19:15Z
HIGH

CVE-2021-46114 — Jpress Jpress: v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-46114

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. CVSSv3.1 8.8 (HIGH) · EPSS 74th percentile

CWECWE 94VNDJpressTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
728 × 90 / responsive · programmatic ad slot
2022-01-19
2022-01-19 13:15Z
HIGH

CVE-2021-45808 — Jpress Jpress: v4.2.0 allows users to register an account by default.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45808

jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server. CVSSv3.1 8.8 (HIGH) · EPSS 74th percentile

CWECWE 434VNDJpressTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-01-18
2022-01-18 16:15Z
HIGH

CVE-2022-23307 — Apache Chainsaw: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. CVSSv3.1 8.8 (HIGH) · EPSS 86th percentile

CWECWE 502VNDApacheVNDOracleVNDQosTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-01-18
2022-01-18 16:15Z
CRIT

CVE-2022-23305 — Apache Log4j: This allows attackers to manipulate the SQL by entering crafted strings into input fields

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to us CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile

CWECWE 89VNDApacheVNDBroadcomVNDNetappTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-01-18
2022-01-18 16:15Z
HIGH

CVE-2022-23302 — Apache Log4j: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically co CVSSv3.1 8.8 (HIGH) · EPSS 74th percentile

CWECWE 502VNDApacheVNDBroadcomVNDNetappTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-01-17
2022-01-17 02:15Z
CRIT

CVE-2022-23304 — W1.fi Hostapd: The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. CVSSv3.1 9.8 (CRITICAL) · EPSS 77th percentile

CWECWE 203VNDFedoraprojectVNDW1 FiTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-01-17
2022-01-17 02:15Z
CRIT

CVE-2022-23303 — W1.fi Hostapd: The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23303

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. CVSSv3.1 9.8 (CRITICAL)

CWECWE 203VNDFedoraprojectVNDW1 FiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-01-13
2022-01-13 19:15Z
CRIT

CVE-2021-45807 — Jpress Jpress: v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45807

jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. CVSSv3.1 9.8 (CRITICAL) · EPSS 83th percentile

VNDJpressTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-01-13
2022-01-13 14:15Z
HIGH

CVE-2021-45806 — Jpress Jpress: v4.2.0 admin panel provides a function through which attackers can modify the template

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45806

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDJpressTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-01-11
2022-01-11 21:15Z
HIGH

CVE-2022-21840 — Microsoft Excel: Office Remote Code Execution Vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-21840

Microsoft Office Remote Code Execution Vulnerability CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile

VNDMicrosoftTYPVulnerability
8.8
CVSS v3.1
97
Edit Score
2021-12-28
2021-12-28 20:15Z
MED

CVE-2021-44832 — Apache Log4j: Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. CVSSv3.1 6.6 (MEDIUM) · EPSS 98th percentile

CWECWE 74CWECWE 20VNDApacheTYPVulnerability
6.6
CVSS v3.1
98
Edit Score
2021-12-22
2021-12-22 17:15Z
HIGH

CVE-2021-45419 — Starcharge Titan_180_premium_firmware: Certain Starcharge products are affected by Improper Input Validation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45419

Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9. CVSSv3.1 8.8 (HIGH) · EPSS 44th percentile

CWECWE 345VNDCertainVNDStarchargeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-12-22
2021-12-22 16:15Z
HIGH

CVE-2021-45418 — Starcharge Titan_180_premium_firmware: Certain Starcharge products are vulnerable to Directory Traversal via main.cgi.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45418

Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0. CVSSv3.1 8.8 (HIGH) · EPSS 79th percentile

CWECWE 22VNDCertainVNDStarchargeTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2021-12-20
2021-12-20 08:15Z
CRIT

CVE-2021-44732 — Arm Mbed_tls: Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44732

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. CVSSv3.1 9.8 (CRITICAL) · EPSS 77th percentile

CWECWE 415VNDArmVNDTrustedfirmwareTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-12-18
2021-12-18 12:15Z
MED

CVE-2021-45105 — Apache Log4j: This allows an attacker with control over Thread Context Map data to cause a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. CVSSv3.1 5.9 (MEDIUM) · EPSS 99th percentile

CWECWE 20CWECWE 674VNDApacheVNDNetappTYPVulnerability
5.9
CVSS v3.1
100
Edit Score
2021-12-16
2021-12-16 17:15Z
HIGH

CVE-2021-42912 — Fiberhome An5506-01-a_firmware: ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42912

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. CVSSv3.1 8.8 (HIGH) · EPSS 96th percentile

CWECWE 78VNDFiberhomeTYPVulnerability
8.8
CVSS v3.1
98
Edit Score
2021-12-15
2021-12-15 18:15Z
CRIT

CVE-2021-42216 — Anonaddy Anonaddy: A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42216

A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 69th percentile

CWECWE 326VNDBrokenVNDAnonaddyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-12-15
2021-12-15 07:15Z
MED

CVE-2021-36450 — Verint Workforce_optimization: Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-36450

Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. CVSSv3.1 6.1 (MEDIUM) · EPSS 99th percentile

CWECWE 79VNDVerintTYPVulnerability
6.1
CVSS v3.1
100
Edit Score
2021-12-14
2021-12-14 12:15Z
HIGH

CVE-2021-4104 — Apache Log4j: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log CVSSv3.1 7.5 (HIGH) · EPSS 99th percentile

CWECWE 502VNDApacheVNDFedoraprojectTYPVulnerability
7.5
CVSS v3.1
100
Edit Score