Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36876 | 1 Stylemixthemes | 1 Ulisting | 2021-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. | |||||
| CVE-2021-36874 | 1 Stylemixthemes | 1 Ulisting | 2021-10-01 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | |||||
| CVE-2021-40309 | 1 Os4ed | 1 Opensis | 2021-10-01 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability. | |||||
| CVE-2021-3819 | 1 Firefly-iii | 1 Firefly Iii | 2021-09-30 | 6.8 MEDIUM | 8.8 HIGH |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-41503 | 1 D-link | 4 Dcs-5000l, Dcs-5000l Firmware, Dcs-932l and 1 more | 2021-09-30 | 5.2 MEDIUM | 8.0 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-32838 | 2 Fedoraproject, Flask-restx Project | 2 Fedora, Flask-restx | 2021-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1. | |||||
| CVE-2021-26750 | 1 Pandasecurity | 2 Panda Adaptive Defense 360, Panda Devices Agent | 2021-09-30 | 4.4 MEDIUM | 7.8 HIGH |
| DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. | |||||
| CVE-2021-31843 | 1 Mcafee | 1 Endpoint Security | 2021-09-30 | 4.6 MEDIUM | 7.8 HIGH |
| Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. | |||||
| CVE-2021-41316 | 1 Device42 | 1 Device42 | 2021-09-30 | 8.5 HIGH | 8.1 HIGH |
| The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector. | |||||
| CVE-2021-2464 | 1 Oracle | 1 Linux | 2021-09-30 | 7.2 HIGH | 7.8 HIGH |
| Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-41315 | 1 Device42 | 1 Remote Collector | 2021-09-30 | 9.0 HIGH | 8.8 HIGH |
| The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges. | |||||
| CVE-2021-41587 | 1 Gradle | 1 Gradle | 2021-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. | |||||
| CVE-2021-41586 | 1 Gradle | 1 Gradle | 2021-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. | |||||
| CVE-2021-40099 | 1 Concretecms | 1 Concrete Cms | 2021-09-30 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. | |||||
| CVE-2021-38112 | 1 Amazon | 1 Aws Workspaces | 2021-09-30 | 9.3 HIGH | 8.8 HIGH |
| In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9. | |||||
| CVE-2018-8256 | 1 Microsoft | 10 Microsoft.powershell.archive, Powershell Core, Windows 10 and 7 more | 2021-09-30 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. | |||||
| CVE-2021-40108 | 1 Concretecms | 1 Concrete Cms | 2021-09-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. | |||||
| CVE-2021-1612 | 1 Cisco | 1 Sd-wan | 2021-09-30 | 6.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. | |||||
| CVE-2020-9759 | 1 Weechat | 1 Weechat | 2021-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files. | |||||
| CVE-2021-22019 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. | |||||
| CVE-2021-22952 | 1 Ui | 1 Unifi Talk | 2021-09-30 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. | |||||
| CVE-2020-19951 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | |||||
| CVE-2021-41584 | 1 Gradle | 1 Gradle | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header. | |||||
| CVE-2021-38864 | 1 Ibm | 1 Security Verify Bridge | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. | |||||
| CVE-2021-22948 | 1 Revive-adserver | 1 Revive Adserver | 2021-09-29 | 4.3 MEDIUM | 7.1 HIGH |
| Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account. | |||||
| CVE-2020-23267 | 1 Gpac | 1 Gpac | 2021-09-29 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file | |||||
| CVE-2021-36823 | 1 Cusmin | 1 Absolutely Glamorous Custom Admin | 2021-09-29 | 3.5 LOW | 8.2 HIGH |
| Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible. | |||||
| CVE-2021-23026 | 1 F5 | 15 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 12 more | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23030 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-41390 | 1 Ericsson | 1 Enterprise Content Management | 2021-09-29 | 6.0 MEDIUM | 8.0 HIGH |
| In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. | |||||
| CVE-2021-41077 | 1 Travis-ci | 1 Travis Ci | 2021-09-29 | 4.3 MEDIUM | 7.5 HIGH |
| The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by a customer, and added to git) is for a Travis service to perform builds in a way that prevents public access to customer-specific secret environment data such as signing keys, access credentials, and API tokens. However, during the stated 8-day interval, secret data could be revealed to an unauthorized actor who forked a public repository and printed files during a build process. | |||||
| CVE-2021-32265 | 1 Axiosys | 1 Bento4 | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure. | |||||
| CVE-2019-10911 | 2 Drupal, Sensiolabs | 2 Drupal, Symfony | 2021-09-29 | 6.0 MEDIUM | 7.5 HIGH |
| In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. | |||||
| CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 14 Debian Linux, Drupal, Fedora and 11 more | 2021-09-29 | 5.1 MEDIUM | 8.1 HIGH |
| PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | |||||
| CVE-2021-29742 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 5.2 MEDIUM | 8.0 HIGH |
| IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. | |||||
| CVE-2021-20533 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 | |||||
| CVE-2021-29831 | 1 Ibm | 2 Jazz For Service Management, Tivoli Netcool\/omnibus Gui | 2021-09-29 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775. | |||||
| CVE-2021-20497 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | |||||
| CVE-2021-32839 | 1 Sqlparse Project | 1 Sqlparse | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2. | |||||
| CVE-2021-30123 | 1 Ffmpeg | 1 Ffmpeg | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. | |||||
| CVE-2020-21548 | 1 Libsixel Project | 1 Libsixel | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. | |||||
| CVE-2020-21547 | 1 Libsixel Project | 1 Libsixel | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. | |||||
| CVE-2021-41383 | 1 Netgear | 2 R6020, R6020 Firmware | 2021-09-29 | 9.0 HIGH | 7.2 HIGH |
| setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. | |||||
| CVE-2021-24398 | 1 Webpsilon | 1 Responsive 3d Slider | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice. | |||||
| CVE-2021-24401 | 1 Wp-domain-redirect Project | 1 Wp-domain-redirect | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||
| CVE-2021-24402 | 1 Solvercircle | 1 Wp Icommerce | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors | |||||
| CVE-2021-24511 | 1 Dpl | 1 Product Feed On Woocommerce | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||
| CVE-2016-2568 | 1 Freedesktop | 1 Polkit | 2021-09-29 | 4.4 MEDIUM | 7.8 HIGH |
| pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | |||||
| CVE-2021-24403 | 1 Wpagecontact Project | 1 Wpagecontact | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors | |||||
| CVE-2021-24397 | 1 Activemedia | 1 Microcopy | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||