Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24270 | 1 Dethemekit For Elementor Project | 1 Dethemekit For Elementor | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24267 | 1 Themesgrove | 1 All-in-one Addons For Elementor | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24269 | 1 Sinaextra | 1 Sina Extension For Elementor | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24260 | 1 Livemeshelementor | 1 Addons For Elementor | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24261 | 1 Hasthemes | 1 Ht Mega - Absolute Addons For Elementor Page Builder | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24262 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2017-8919 | 1 Netapp | 1 Oncommand Api Services | 2021-05-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors. | |||||
| CVE-2021-24255 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method. | |||||
| CVE-2021-24256 | 1 Brainstormforce | 1 Elementor - Header\, Footer \& Blocks Template | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24257 | 1 Leap13 | 1 Premium Addons For Elementor | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24258 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2021-05-11 | 4.0 MEDIUM | 5.4 MEDIUM |
| The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24259 | 1 Webtechstreet | 1 Elementor Addon Elements | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-29247 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. | |||||
| CVE-2021-29248 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. | |||||
| CVE-2021-29246 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 6.5 MEDIUM | 6.7 MEDIUM |
| BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory. | |||||
| CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2021-05-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | |||||
| CVE-2021-29245 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | |||||
| CVE-2021-29250 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing. | |||||
| CVE-2020-8694 | 1 Intel | 598 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 595 more | 2021-05-11 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-25155 | 1 Arubanetworks | 1 Instant | 2021-05-11 | 8.5 HIGH | 6.5 MEDIUM |
| A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-25156 | 1 Arubanetworks | 1 Instant | 2021-05-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-25157 | 1 Arubanetworks | 1 Instant | 2021-05-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-25158 | 1 Arubanetworks | 1 Instant | 2021-05-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-25159 | 1 Arubanetworks | 1 Instant | 2021-05-11 | 8.5 HIGH | 6.5 MEDIUM |
| A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-25160 | 1 Arubanetworks | 1 Instant | 2021-05-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-25161 | 1 Arubanetworks | 1 Instant | 2021-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-21547 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2021-05-11 | 2.1 LOW | 6.7 MEDIUM |
| Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2020-1721 | 1 Dogtagpki | 1 Dogtagpki | 2021-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. | |||||
| CVE-2020-21101 | 1 Screenly | 1 Screenly | 2021-05-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2021-21391 | 1 Ckeditor | 8 Ckeditor5-engine, Ckeditor5-font, Ckeditor5-image and 5 more | 2021-05-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. Following an internal audit, a regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using the CKEditor 5 packages listed above at version <= 26.0.0. The problem has been recognized and patched. The fix will be available in version 27.0.0. | |||||
| CVE-2020-21987 | 1 Homeautomation Project | 1 Homeautomation | 2021-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. | |||||
| CVE-2021-21543 | 1 Dell | 1 Idrac9 Firmware | 2021-05-10 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2021-21542 | 1 Dell | 1 Idrac9 Firmware | 2021-05-10 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2021-21541 | 1 Dell | 1 Idrac9 Firmware | 2021-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2020-8582 | 1 Netapp | 2 Element Os, Hci | 2021-05-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. | |||||
| CVE-2018-10599 | 1 Philips | 36 Avalon Fetal\/maternal Monitors Fm20, Avalon Fetal\/maternal Monitors Fm20 Firmware, Avalon Fetal\/maternal Monitors Fm30 and 33 more | 2021-05-10 | 2.9 LOW | 5.3 MEDIUM |
| IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. | |||||
| CVE-2020-18022 | 1 Qibosoft | 1 Qibocms | 2021-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component. | |||||
| CVE-2021-31421 | 1 Parallels | 1 Parallels Desktop | 2021-05-10 | 2.1 LOW | 6.0 MEDIUM |
| This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete arbitrary files in the context of the hypervisor. Was ZDI-CAN-12129. | |||||
| CVE-2020-20247 | 1 Mikrotik | 1 Routeros | 2021-05-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. | |||||
| CVE-2020-14874 | 1 Oracle | 1 Cloud Infrastructure Identity And Access Management | 2021-05-10 | 6.5 MEDIUM | 4.7 MEDIUM |
| Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Identity and Access Management accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Identity and Access Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Cloud Infrastructure Identity and Access Management. | |||||
| CVE-2021-1477 | 1 Cisco | 1 Firepower Management Center | 2021-05-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device. | |||||
| CVE-2021-1489 | 1 Cisco | 18 Firepower 1010, Firepower 1120, Firepower 1140 and 15 more | 2021-05-09 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability by uploading files to the device and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. Manual intervention is required to free filesystem resources and return the device to an operational state. | |||||
| CVE-2021-1495 | 2 Cisco, Snort | 22 C8200-1n-4t, C8200l-1n-4t, Catalyst 8300-1n1s-4t2x and 19 more | 2021-05-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. | |||||
| CVE-2021-30027 | 1 Md4c Project | 1 Md4c | 2021-05-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. | |||||
| CVE-2021-22327 | 1 Huawei | 2 P30, P30 Firmware | 2021-05-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4). | |||||
| CVE-2021-22330 | 1 Huawei | 2 P30, P30 Firmware | 2021-05-08 | 3.3 LOW | 6.5 MEDIUM |
| There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal. | |||||
| CVE-2021-29460 | 1 Getkirby | 1 Kirby | 2021-05-07 | 3.5 LOW | 5.4 MEDIUM |
| Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `<script>` tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby, the script will run and can for example trigger requests to Kirby's API with the permissions of the victim. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can escalate their privileges if they get access to the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. Visitors without Panel access can only use this attack vector if your site allows SVG file uploads in frontend forms and you don't already sanitize uploaded SVG files. The problem has been patched in Kirby 3.5.4. Please update to this or a later version to fix the vulnerability. Frontend upload forms need to be patched separately depending on how they store the uploaded file(s). If you use `File::create()`, you are protected by updating to 3.5.4+. As a work around you can disable the upload of SVG files in your file blueprints. | |||||
| CVE-2021-29146 | 1 Arubanetworks | 1 Clearpass | 2021-05-07 | 3.5 LOW | 5.4 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-29666 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2021-05-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400. | |||||
| CVE-2021-1519 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2021-05-07 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker must have valid credentials on the affected system. | |||||