Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30058 | 1 Eng | 1 Knowage | 2021-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter. | |||||
| CVE-2021-24152 | 1 Sygnoos | 1 Popup Builder | 2021-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. | |||||
| CVE-2021-30074 | 1 Docsifyjs | 1 Docsify | 2021-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. | |||||
| CVE-2021-1800 | 1 Apple | 1 Xcode | 2021-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. | |||||
| CVE-2020-21588 | 1 Coreftp | 1 Core Ftp | 2021-04-08 | 2.1 LOW | 5.5 MEDIUM |
| Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox. | |||||
| CVE-2020-21590 | 1 Wuzhicms | 1 Wuzhicms | 2021-04-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. | |||||
| CVE-2020-25633 | 2 Quarkus, Redhat | 2 Quarkus, Resteasy | 2021-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-20685 | 1 Daifukuya | 1 Kagemai | 2021-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20686 | 1 Daifukuya | 1 Kagemai | 2021-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20689 | 1 Yomi-search Project | 1 Yomi-search | 2021-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20690 | 1 Yomi-search Project | 1 Yomi-search | 2021-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20691 | 1 Yomi-search Project | 1 Yomi-search | 2021-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2020-29608 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory. | |||||
| CVE-2020-11683 | 1 Linux4sam | 1 At91bootstrap | 2021-04-08 | 4.6 MEDIUM | 6.8 MEDIUM |
| A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system. | |||||
| CVE-2020-27946 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory. | |||||
| CVE-2020-29610 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory. | |||||
| CVE-2020-27949 | 1 Apple | 2 Mac Os X, Macos | 2021-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace. | |||||
| CVE-2018-6590 | 1 Broadcom | 1 Ca Api Developer Portal | 2021-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | |||||
| CVE-2020-29613 | 1 Apple | 2 Ipados, Iphone Os | 2021-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain. | |||||
| CVE-2020-29639 | 1 Apple | 2 Ipados, Iphone Os | 2021-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory. | |||||
| CVE-2021-28941 | 1 Magpierss Project | 1 Magpierss | 2021-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request. | |||||
| CVE-2021-29661 | 1 Softing | 1 Opc Toolbox | 2021-04-08 | 3.5 LOW | 5.4 MEDIUM |
| Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. | |||||
| CVE-2021-22865 | 1 Github | 1 Enterprise Server | 2021-04-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2021-3374 | 1 Rstudio | 1 Shiny Server | 2021-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. | |||||
| CVE-2020-29372 | 1 Linux | 1 Linux Kernel | 2021-04-08 | 4.7 MEDIUM | 4.7 MEDIUM |
| An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. | |||||
| CVE-2020-29615 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service. | |||||
| CVE-2020-9978 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2021-04-07 | 2.7 LOW | 4.5 MEDIUM |
| This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state. | |||||
| CVE-2020-9995 | 1 Apple | 1 Macos Server | 2021-04-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. | |||||
| CVE-2020-11923 | 1 Wizconnected | 1 Wiz | 2021-04-07 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. | |||||
| CVE-2020-11924 | 1 Wizconnected | 2 Colors A60, Colors A60 Firmware | 2021-04-07 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. | |||||
| CVE-2021-22202 | 1 Gitlab | 1 Gitlab | 2021-04-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | |||||
| CVE-2020-29621 | 1 Apple | 2 Mac Os X, Macos | 2021-04-07 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2019-6504 | 1 Broadcom | 1 Automic Workload Automation | 2021-04-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object. | |||||
| CVE-2016-3118 | 1 Broadcom | 1 Api Gateway | 2021-04-07 | 6.4 MEDIUM | 6.5 MEDIUM |
| CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors. | |||||
| CVE-2020-27893 | 1 Apple | 1 Macos | 2021-04-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen. | |||||
| CVE-2020-10008 | 1 Apple | 1 Macos | 2021-04-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information. | |||||
| CVE-2020-27901 | 1 Apple | 1 Macos | 2021-04-07 | 4.3 MEDIUM | 6.3 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2021-22198 | 1 Gitlab | 1 Gitlab | 2021-04-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. | |||||
| CVE-2020-27935 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-04-07 | 4.3 MEDIUM | 6.3 MEDIUM |
| Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2021-22201 | 1 Gitlab | 1 Gitlab | 2021-04-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. | |||||
| CVE-2021-22197 | 1 Gitlab | 1 Gitlab | 2021-04-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other | |||||
| CVE-2021-22196 | 1 Gitlab | 1 Gitlab | 2021-04-07 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. | |||||
| CVE-2020-27937 | 1 Apple | 1 Mac Os X | 2021-04-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to access private information. | |||||
| CVE-2020-25657 | 3 Fedoraproject, M2crypto Project, Redhat | 4 Fedora, M2crypto, Enterprise Linux and 1 more | 2021-04-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-28969 | 1 Fireeye | 2 Email Malware Protection System, Ex 3500 | 2021-04-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software. | |||||
| CVE-2021-26718 | 1 Kaspersky | 1 Internet Security | 2021-04-07 | 2.1 LOW | 5.5 MEDIUM |
| KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. | |||||
| CVE-2021-30003 | 1 Nokia | 2 G-120w-f, G-120w-f Firmware | 2021-04-07 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. | |||||
| CVE-2021-21400 | 1 Wire | 1 Wire-webapp | 2021-04-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0. | |||||
| CVE-2021-30004 | 1 W1.fi | 2 Hostapd, Wpa Supplicant | 2021-04-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | |||||
| CVE-2021-29349 | 1 Mahara | 1 Mahara | 2021-04-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox. | |||||