Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3040 | 1 Paloaltonetworks | 1 Bridgecrew Checkov | 2021-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted. | |||||
| CVE-2021-32658 | 1 Nextcloud | 1 Nextcloud | 2021-06-21 | 2.1 LOW | 4.6 MEDIUM |
| Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.1 | |||||
| CVE-2021-31489 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717. | |||||
| CVE-2021-31488 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716. | |||||
| CVE-2021-22181 | 1 Gitlab | 1 Gitlab | 2021-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. | |||||
| CVE-2021-31487 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715. | |||||
| CVE-2021-26828 | 1 Openplcproject | 1 Scadabr | 2021-06-21 | 6.5 MEDIUM | 8.8 HIGH |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | |||||
| CVE-2021-22175 | 1 Gitlab | 1 Gitlab | 2021-06-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | |||||
| CVE-2020-28713 | 1 Nightowlsp | 2 Smart Doorbell, Smart Doorbell Firmware | 2021-06-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events. | |||||
| CVE-2021-31486 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712. | |||||
| CVE-2021-34815 | 1 Checksec | 1 Canopy | 2021-06-21 | 3.5 LOW | 4.8 MEDIUM |
| CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. | |||||
| CVE-2021-31493 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304. | |||||
| CVE-2021-31492 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720. | |||||
| CVE-2021-24348 | 1 Wow-estore | 1 Side Menu | 2021-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue | |||||
| CVE-2021-3504 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2021-06-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-27485 | 1 Zoll | 1 Defibrillator Dashboard | 2021-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser. | |||||
| CVE-2021-20483 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2021-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591. | |||||
| CVE-2021-31491 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719. | |||||
| CVE-2021-31490 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718. | |||||
| CVE-2019-19889 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2021-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf. | |||||
| CVE-2018-12715 | 1 Digisol | 2 Dg-hr3400, Dg-hr3400 Firmware | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged. | |||||
| CVE-2018-20008 | 1 Iball | 2 Ib-wrb302n, Ib-wrb302n Firmware | 2021-06-21 | 2.1 LOW | 6.8 MEDIUM |
| iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. | |||||
| CVE-2017-14244 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2021-06-21 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. | |||||
| CVE-2017-11435 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords. | |||||
| CVE-2021-31496 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308. | |||||
| CVE-2021-24346 | 1 Stock In \& Out Project | 1 Stock In \& Out | 2021-06-21 | 3.5 LOW | 5.4 MEDIUM |
| The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue | |||||
| CVE-2021-31495 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307. | |||||
| CVE-2021-31494 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305. | |||||
| CVE-2021-24345 | 1 Sendit Project | 1 Sendit | 2021-06-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection. | |||||
| CVE-2021-31498 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744. | |||||
| CVE-2021-31499 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745. | |||||
| CVE-2020-13663 | 1 Drupal | 1 Drupal | 2021-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. | |||||
| CVE-2021-25419 | 1 Samsung | 1 Internet | 2021-06-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. | |||||
| CVE-2021-31497 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311. | |||||
| CVE-2020-22198 | 1 Dedecms | 1 Dedecms | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. | |||||
| CVE-2020-13688 | 1 Drupal | 1 Drupal | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6. | |||||
| CVE-2021-20566 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2021-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238. | |||||
| CVE-2021-26829 | 1 Openplcproject | 1 Scadabr | 2021-06-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. | |||||
| CVE-2021-31500 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746. | |||||
| CVE-2021-31501 | 1 Opentext | 1 Brava\! Desktop | 2021-06-21 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310. | |||||
| CVE-2020-5003 | 1 Ibm | 1 Financial Transaction Manager | 2021-06-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956. | |||||
| CVE-2021-20396 | 1 Ibm | 1 Security Qradar Analyst Workflow | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009. | |||||
| CVE-2021-34540 | 1 Advantech | 1 Webaccess | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | |||||
| CVE-2021-20567 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2021-06-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. | |||||
| CVE-2020-22206 | 1 Shopex | 1 Ecshop | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php. | |||||
| CVE-2020-22205 | 1 Shopex | 1 Ecshop | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php. | |||||
| CVE-2020-22204 | 1 Shopex | 1 Ecshop | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. . | |||||
| CVE-2019-7198 | 1 Qnap | 2 Qts, Quts Hero | 2021-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later | |||||
| CVE-2018-19942 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later) | |||||
| CVE-2020-36197 | 1 Qnap | 4 Music Station, Qts, Quts Hero and 1 more | 2021-06-21 | 5.8 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4. | |||||