Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25456 | 1 Google | 1 Android | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. | |||||
| CVE-2020-2530 | 1 Oracle | 1 Http Server | 2021-09-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2021-28914 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2021-09-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access. | |||||
| CVE-2021-38322 | 1 Twitter Friends Widget Project | 1 Twitter Friends Widget | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1. | |||||
| CVE-2020-19268 | 1 Dswjcms Project | 1 Dswjcms | 2021-09-22 | 3.5 LOW | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users. | |||||
| CVE-2021-1960 | 1 Qualcomm | 276 Aqt1000, Aqt1000 Firmware, Ar8031 and 273 more | 2021-09-22 | 3.3 LOW | 6.5 MEDIUM |
| Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-40284 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2021-09-22 | 6.8 MEDIUM | 6.5 MEDIUM |
| D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request. | |||||
| CVE-2021-1958 | 1 Qualcomm | 76 Qca6574a, Qca6574a Firmware, Qca6574au and 73 more | 2021-09-22 | 4.4 MEDIUM | 6.4 MEDIUM |
| A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2021-1957 | 1 Qualcomm | 92 Apq8017, Apq8017 Firmware, Qca6174a and 89 more | 2021-09-22 | 3.3 LOW | 6.5 MEDIUM |
| Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2021-1956 | 1 Qualcomm | 84 Aqt1000, Aqt1000 Firmware, Ar8035 and 81 more | 2021-09-22 | 3.3 LOW | 6.5 MEDIUM |
| Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2021-30778 | 1 Apple | 1 Macos | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2021-30750 | 1 Apple | 1 Macos | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts. | |||||
| CVE-2021-30746 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | |||||
| CVE-2021-30744 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2021-30738 | 1 Apple | 2 Mac Os X, Macos | 2021-09-22 | 2.1 LOW | 5.5 MEDIUM |
| A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization. | |||||
| CVE-2021-30733 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory. | |||||
| CVE-2021-30731 | 1 Apple | 2 Mac Os X, Macos | 2021-09-22 | 1.9 LOW | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices. | |||||
| CVE-2021-30727 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to modify protected parts of the file system. | |||||
| CVE-2021-30723 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | |||||
| CVE-2021-30722 | 1 Apple | 2 Mac Os X, Macos | 2021-09-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
| CVE-2021-30720 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2021-09-22 | 5.8 MEDIUM | 5.4 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. | |||||
| CVE-2020-27894 | 1 Apple | 1 Macos | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from. | |||||
| CVE-2021-1963 | 1 Qualcomm | 224 Apq8009w, Apq8009w Firmware, Apq8096au and 221 more | 2021-09-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Possible use-after-free due to lack of validation for the rule count in filter table in IPA driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-1962 | 1 Qualcomm | 168 Aqt1000, Aqt1000 Firmware, Ar9380 and 165 more | 2021-09-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1961 | 1 Qualcomm | 226 Apq8009, Apq8009 Firmware, Apq8053 and 223 more | 2021-09-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-40223 | 1 Rittal | 2 Cmc Pu Iii 7030.000, Cmc Pu Iii 7030.000 Firmware | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application. | |||||
| CVE-2021-34709 | 1 Cisco | 23 8101-32fh, 8101-32h, 8102-64h and 20 more | 2021-09-21 | 6.9 MEDIUM | 6.4 MEDIUM |
| Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34708 | 1 Cisco | 23 8101-32fh, 8101-32h, 8102-64h and 20 more | 2021-09-21 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1109 | 1 Nvidia | 8 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 5 more | 2021-09-21 | 3.3 LOW | 6.3 MEDIUM |
| NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams. | |||||
| CVE-2021-38331 | 1 Wp-t-wap Project | 1 Wp-t-wap | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2. | |||||
| CVE-2021-3646 | 1 Btcpayserver | 1 Btcpay Server | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-38208 | 1 Linux | 1 Linux Kernel | 2021-09-21 | 2.1 LOW | 5.5 MEDIUM |
| net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. | |||||
| CVE-2021-1112 | 1 Nvidia | 8 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 5 more | 2021-09-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service. | |||||
| CVE-2021-1114 | 1 Nvidia | 5 Jetson Agx Xavier, Jetson Linux, Jetson Tx2 and 2 more | 2021-09-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service. | |||||
| CVE-2021-3482 | 4 Debian, Exiv2, Fedoraproject and 1 more | 4 Debian Linux, Exiv2, Fedora and 1 more | 2021-09-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. | |||||
| CVE-2021-1584 | 1 Cisco | 42 Nexus 9000, Nexus 9000v, Nexus 92160yc-x and 39 more | 2021-09-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root. | |||||
| CVE-2021-1935 | 1 Qualcomm | 352 Apq8009, Apq8009 Firmware, Apq8017 and 349 more | 2021-09-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-27889 | 1 Mybb | 1 Mybb | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. | |||||
| CVE-2020-10727 | 2 Apache, Netapp | 2 Activemq Artemis, Oncommand Workflow Automation | 2021-09-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file. | |||||
| CVE-2020-5147 | 1 Sonicwall | 1 Netextender | 2021-09-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier. | |||||
| CVE-2021-34557 | 2 Fedoraproject, Xscreensaver Project | 2 Fedora, Xscreensaver | 2021-09-21 | 2.1 LOW | 4.6 MEDIUM |
| XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs. | |||||
| CVE-2021-34722 | 1 Cisco | 44 8101-32fh, 8101-32h, 8102-64h and 41 more | 2021-09-21 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-33214 | 1 Hms-networks | 1 Ecatcher | 2021-09-21 | 6.0 MEDIUM | 6.1 MEDIUM |
| In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation. | |||||
| CVE-2021-32767 | 1 Typo3 | 1 Typo3 | 2021-09-21 | 3.5 LOW | 6.5 MEDIUM |
| TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability. | |||||
| CVE-2021-32587 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-09-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration. | |||||
| CVE-2021-24477 | 1 Migrate Users Project | 1 Migrate Users | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack. | |||||
| CVE-2021-23411 | 1 Anchorme Project | 1 Anchorme | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction. | |||||
| CVE-2020-13938 | 2 Apache, Microsoft | 2 Http Server, Windows | 2021-09-21 | 2.1 LOW | 5.5 MEDIUM |
| Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | |||||
| CVE-2021-28693 | 1 Xen | 1 Xen | 2021-09-21 | 2.1 LOW | 5.5 MEDIUM |
| xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm. | |||||
| CVE-2021-31813 | 1 Zohocorp | 1 Manageengine Applications Manager | 2021-09-21 | 3.5 LOW | 5.4 MEDIUM |
| Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | |||||