Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35507 | 3 Gnu, Netapp, Redhat | 5 Binutils, Hci Bootstrap Os, Ontap Select Deploy Administration Utility and 2 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. | |||||
| CVE-2020-35496 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2020-35495 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2020-35494 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2020-35493 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2021-20739 | 1 Elecom | 22 Wrc-300febk, Wrc-300febk Firmware, Wrc-733febk and 19 more | 2021-07-10 | 5.8 MEDIUM | 8.8 HIGH |
| WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. | |||||
| CVE-2021-22227 | 1 Gitlab | 1 Gitlab | 2021-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it | |||||
| CVE-2021-20779 | 1 Codemiq | 1 Wordpress Email Template Designer | 2021-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2021-20780 | 1 Wp-currency | 1 Wordpress Currency Switcher | 2021-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-35985 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35984 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | |||||
| CVE-2020-25879 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter. | |||||
| CVE-2020-25878 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. | |||||
| CVE-2020-25877 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | |||||
| CVE-2020-25876 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter. | |||||
| CVE-2020-25875 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter. | |||||
| CVE-2020-25394 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. | |||||
| CVE-2020-25392 | 2021-07-10 | N/A | N/A | ||
| A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin. | |||||
| CVE-2020-25391 | 2021-07-10 | N/A | N/A | ||
| A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module. | |||||
| CVE-2021-35361 | 2021-07-10 | N/A | N/A | ||
| A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | |||||
| CVE-2021-35360 | 2021-07-10 | N/A | N/A | ||
| A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | |||||
| CVE-2021-35358 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters. | |||||
| CVE-2021-20024 | 2021-07-10 | N/A | N/A | ||
| Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. | |||||
| CVE-2020-35987 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2020-35986 | 2021-07-10 | N/A | N/A | ||
| A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | |||||
| CVE-2021-32659 | 1 Matrix | 1 Matrix-appservice-bridge | 2021-07-09 | 3.5 LOW | 4.9 MEDIUM |
| Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombstone` event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room `m.room.create` event is not checked to verify if the `predecessor` field contains the previous room. This means that any malicious admin of a bridged room can repoint the traffic to a different room without the new room being aware. Versions 2.6.1 and greater are patched. As a workaround, disabling the automatic room upgrade handling can be done by removing the `roomUpgradeOpts` key from the `Bridge` class options. | |||||
| CVE-2021-22230 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 6.5 MEDIUM | 7.2 HIGH |
| Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2. | |||||
| CVE-2021-22231 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. | |||||
| CVE-2021-35451 | 1 Teradici | 1 Pcoip Management Console | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. | |||||
| CVE-2021-33795 | 2021-07-09 | N/A | N/A | ||
| Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled. | |||||
| CVE-2021-33792 | 2021-07-09 | N/A | N/A | ||
| Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary. | |||||
| CVE-2021-26036 | 1 Joomla | 1 Joomla\! | 2021-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. | |||||
| CVE-2021-29730 | 2021-07-09 | N/A | N/A | ||
| IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164. | |||||
| CVE-2021-29712 | 2021-07-09 | N/A | N/A | ||
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966. | |||||
| CVE-2020-21333 | 2021-07-09 | N/A | N/A | ||
| Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. | |||||
| CVE-2020-22535 | 2021-07-09 | N/A | N/A | ||
| Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | |||||
| CVE-2020-24145 | 1 Cminds | 1 Cm Download Manager | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. | |||||
| CVE-2020-25925 | 1 Icewarp | 1 Webclient | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | |||||
| CVE-2021-31925 | 1 Pexip | 1 Pexip Infinity | 2021-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. | |||||
| CVE-2021-33217 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. | |||||
| CVE-2021-33219 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. | |||||
| CVE-2021-33218 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. | |||||
| CVE-2021-33216 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. | |||||
| CVE-2021-33215 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. | |||||
| CVE-2021-33220 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. | |||||
| CVE-2021-25952 | 1 Just-safe-set Project | 1 Just-safe-set | 2021-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-33221 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. | |||||
| CVE-2021-20416 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218. | |||||
| CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. | |||||
| CVE-2021-20417 | 1 Ibm | 1 Guardium Data Encryption | 2021-07-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219 | |||||