Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39201 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-12-14 | 3.5 LOW | 5.4 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress) | |||||
| CVE-2021-34556 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2021-12-14 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. | |||||
| CVE-2016-6457 | 1 Cisco | 19 Application Policy Infrastructure Controller, Nexus 92160yc-x, Nexus 92304qc and 16 more | 2021-12-14 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 11.2(2j) 11.2(3f) 11.2(3g) 11.2(3h) 11.2(3l) 11.3(0.236) 11.3(1j) 11.3(2i) 11.3(2j) 12.0(1r). | |||||
| CVE-2021-33059 | 1 Intel | 1 Administrative Tools For Intel Network Adapters | 2021-12-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0200 | 1 Intel | 22 Ethernet Controller V710-at2, Ethernet Controller V710-at2 Firmware, Ethernet Controller X710-am2 and 19 more | 2021-12-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0199 | 1 Intel | 6 Ethernet Network Controller E810-cam1, Ethernet Network Controller E810-cam1 Firmware, Ethernet Network Controller E810-cam2 and 3 more | 2021-12-14 | 2.1 LOW | 4.4 MEDIUM |
| Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2021-40096 | 1 Squaredup | 1 Squaredup | 2021-12-14 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations. | |||||
| CVE-2021-33098 | 1 Intel | 4 Ethernet 500 Series Controllers Driver, Ethernet Connection X540, Ethernet Connection X550 and 1 more | 2021-12-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-4089 | 1 Snipeitapp | 1 Snipe-it | 2021-12-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| snipe-it is vulnerable to Improper Access Control | |||||
| CVE-2021-22565 | 1 Google | 1 Exposure Notification Verification Server | 2021-12-14 | 5.8 MEDIUM | 6.5 MEDIUM |
| An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater. | |||||
| CVE-2021-37187 | 1 Digi | 17 Transport Dr64, Transport Dr64 Firmware, Transport Sr44 and 14 more | 2021-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords. | |||||
| CVE-2021-40834 | 1 F-secure | 1 Safe | 2021-12-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. | |||||
| CVE-2021-23861 | 1 Bosch | 4 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 1 more | 2021-12-14 | 5.5 MEDIUM | 6.5 MEDIUM |
| By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. | |||||
| CVE-2021-31747 | 1 Pluck-cms | 1 Pluck | 2021-12-14 | 5.8 MEDIUM | 4.8 MEDIUM |
| Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. | |||||
| CVE-2021-23860 | 1 Bosch | 4 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 1 more | 2021-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. | |||||
| CVE-2021-41696 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2021-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php. | |||||
| CVE-2021-41697 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2021-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script. | |||||
| CVE-2020-14405 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2021-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | |||||
| CVE-2020-14404 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2021-12-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. | |||||
| CVE-2020-14403 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2021-12-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. | |||||
| CVE-2020-14402 | 3 Debian, Libvncserver Project, Opensuse | 3 Debian Linux, Libvncserver, Leap | 2021-12-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | |||||
| CVE-2020-14401 | 3 Debian, Libvncserver Project, Opensuse | 3 Debian Linux, Libvncserver, Leap | 2021-12-14 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. | |||||
| CVE-2021-38937 | 1 Ibm | 1 Powervm Hypervisor | 2021-12-14 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894. | |||||
| CVE-2021-43410 | 1 Apache | 1 Airavata Django Portal | 2021-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170 | |||||
| CVE-2021-31850 | 2 Mcafee, Microsoft | 2 Database Security, Windows | 2021-12-14 | 5.5 MEDIUM | 6.5 MEDIUM |
| A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server. | |||||
| CVE-2020-25713 | 2 Fedoraproject, Librdf | 2 Fedora, Raptor Rdf Syntax Library | 2021-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. | |||||
| CVE-2017-7697 | 1 Libsamplerate Project | 1 Libsamplerate | 2021-12-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. | |||||
| CVE-2021-4092 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2021-12-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3829 | 1 Openwhyd | 1 Openwhyd | 2021-12-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| openwhyd is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-36911 | 1 Comment Engine Pro Project | 1 Comment Engine Pro | 2021-12-14 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. | |||||
| CVE-2021-4082 | 1 Pimcore | 1 Pimcore | 2021-12-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-42759 | 1 Fortinet | 2 Meru, Meru Firmware | 2021-12-13 | 7.2 HIGH | 6.7 MEDIUM |
| A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | |||||
| CVE-2021-36720 | 1 Pineapp | 1 Mail Secure | 2021-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies . | |||||
| CVE-2020-19683 | 1 Zzzcms | 1 Zzzcms | 2021-12-13 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. | |||||
| CVE-2021-4084 | 1 Pimcore | 1 Pimcore | 2021-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-25518 | 1 Google | 1 Android | 2021-12-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-20137 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser. | |||||
| CVE-2020-4027 | 1 Atlassian | 2 Confluence, Confluence Server | 2021-12-13 | 6.5 MEDIUM | 4.7 MEDIUM |
| Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1. | |||||
| CVE-2019-20102 | 1 Atlassian | 1 Confluence Server | 2021-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter. | |||||
| CVE-2019-15006 | 1 Atlassian | 2 Confluence, Confluence Server | 2021-12-13 | 5.8 MEDIUM | 6.5 MEDIUM |
| There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information. | |||||
| CVE-2021-25525 | 1 Samsung | 1 Pay | 2021-12-13 | 3.3 LOW | 6.5 MEDIUM |
| Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. | |||||
| CVE-2021-4033 | 1 Kimai | 1 Kimai 2 | 2021-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2021-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | |||||
| CVE-2020-35884 | 1 Tiny-http Project | 1 Tiny-http | 2021-12-13 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. | |||||
| CVE-2021-4081 | 1 Pimcore | 1 Pimcore | 2021-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2020-25444 | 1 Bookingcore | 1 Booking Core | 2021-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section. | |||||
| CVE-2019-9074 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2021-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. | |||||
| CVE-2019-9073 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2021-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. | |||||
| CVE-2021-24783 | 1 Publishpress | 1 Post Expirator | 2021-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. | |||||
| CVE-2021-39218 | 2 Bytecodealliance, Fedoraproject | 2 Wasmtime, Fedora | 2021-12-10 | 3.3 LOW | 6.3 MEDIUM |
| Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`. | |||||