Critical
CVE-2021-36742
Trend Micro · Apex One, Apex One as a Service, and Worry-Free Business Security
Added Nov 3, 2021
Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
Critical
CVE-2021-36741
Trend Micro · Apex One, Apex One as a Service, and Worry-Free Business Security
Added Nov 3, 2021
Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
Critical
CVE-2019-20085
TVT · NVMS-1000
Added Nov 3, 2021
TVT NVMS-1000 Directory Traversal Vulnerability
TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.
Critical
CVE-2020-5849
Unraid · Unraid
Added Nov 3, 2021
Unraid Authentication Bypass Vulnerability
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.
Critical
CVE-2020-5847
Unraid · Unraid
Added Nov 3, 2021
Unraid Remote Code Execution Vulnerability
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.
Critical
CVE-2019-16759
vBulletin · vBulletin
Added Nov 3, 2021
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Critical
CVE-2020-17496
vBulletin · vBulletin
Added Nov 3, 2021
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.
Critical
CVE-2019-5544
VMware · VMware ESXi and Horizon DaaS
Added Nov 3, 2021
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.
Critical
CVE-2020-3992
VMware · ESXi
Added Nov 3, 2021
VMware ESXi OpenSLP Use-After-Free Vulnerability
VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.
Critical
CVE-2020-3950
VMware · Multiple Products
Added Nov 3, 2021
VMware Multiple Products Privilege Escalation Vulnerability
VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.
Critical
CVE-2021-22005
VMware · vCenter Server
Added Nov 3, 2021
VMware vCenter Server File Upload Vulnerability
VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.
Critical
CVE-2020-3952
VMware · vCenter Server
Added Nov 3, 2021
VMware vCenter Server Information Disclosure Vulnerability
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.
Critical
CVE-2021-21972
VMware · vCenter Server
Added Nov 3, 2021
VMware vCenter Server Remote Code Execution Vulnerability
VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.
Critical
CVE-2021-21985
VMware · vCenter Server
Added Nov 3, 2021
VMware vCenter Server Improper Input Validation Vulnerability
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.
Critical
CVE-2020-4006
VMware · Multiple Products
Added Nov 3, 2021
Multiple VMware Products Command Injection Vulnerability
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.
Critical
CVE-2020-25213
WordPress · File Manager Plugin
Added Nov 3, 2021
WordPress File Manager Plugin Remote Code Execution Vulnerability
WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.
Critical
CVE-2020-11738
WordPress · Snap Creek Duplicator Plugin
Added Nov 3, 2021
WordPress Snap Creek Duplicator Plugin File Download Vulnerability
WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.
Critical
CVE-2019-9978
WordPress · Social Warfare Plugin
Added Nov 3, 2021
WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.
Critical
CVE-2021-27561
Yealink · Device Management
Added Nov 3, 2021
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.
Critical
CVE-2021-40539
Zoho · ManageEngine
Added Nov 3, 2021
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
Critical
CVE-2020-10189
Zoho · ManageEngine
Added Nov 3, 2021
Zoho ManageEngine Desktop Central File Upload Vulnerability
Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.
Critical
CVE-2019-8394
Zoho · ManageEngine
Added Nov 3, 2021
Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
Critical
CVE-2020-29583
Zyxel · Multiple Products
Added Nov 3, 2021
Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability
Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.
