Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25783 | 1 Accfly | 2 720p, 720p Firmware | 2021-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling. | |||||
| CVE-2020-25784 | 1 Accfly | 2 720p, 720p Firmware | 2021-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling. | |||||
| CVE-2020-35853 | 1 4homepages | 1 4images | 2021-02-01 | 3.5 LOW | 4.8 MEDIUM |
| 4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload. | |||||
| CVE-2020-36011 | 1 Qdocs | 1 Smart Hospital | 2021-02-01 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field. | |||||
| CVE-2020-25785 | 1 Accfly | 2 720p, 720p Firmware | 2021-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure. | |||||
| CVE-2020-35270 | 1 Student Result Management System Project | 1 Student Result Management System | 2021-02-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. | |||||
| CVE-2020-35309 | 1 Bakeshop Online Ordering System Project | 1 Bakeshop Online Ordering System | 2021-02-01 | 3.5 LOW | 4.8 MEDIUM |
| Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories". | |||||
| CVE-2020-29241 | 1 Online News Portal Project | 1 Online News Portal | 2021-02-01 | 3.5 LOW | 4.8 MEDIUM |
| Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter. | |||||
| CVE-2021-21254 | 1 Ckeditor | 1 Ckeditor 5 | 2021-02-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0. | |||||
| CVE-2020-8292 | 1 Rocket.chat | 1 Rocket.chat | 2021-02-01 | 4.3 MEDIUM | 5.4 MEDIUM |
| Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. | |||||
| CVE-2020-28208 | 1 Rocket.chat | 1 Rocket.chat | 2021-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. | |||||
| CVE-2021-25224 | 1 Trendmicro | 1 Serverprotect | 2021-02-01 | 2.1 LOW | 5.5 MEDIUM |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-25173 | 1 Reolink | 14 Rlc-410, Rlc-410 Firmware, Rlc-422 and 11 more | 2021-02-01 | 4.6 MEDIUM | 7.8 HIGH |
| An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access | |||||
| CVE-2020-8569 | 1 Kubernetes | 1 Container Storage Interface Snapshotter | 2021-02-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected. | |||||
| CVE-2021-25225 | 1 Trendmicro | 1 Serverprotect | 2021-02-01 | 2.1 LOW | 5.5 MEDIUM |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-25226 | 1 Trendmicro | 1 Serverprotect | 2021-02-01 | 2.1 LOW | 5.5 MEDIUM |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-22871 | 1 Revive-adserver | 1 Revive Adserver | 2021-02-01 | 3.5 LOW | 4.8 MEDIUM |
| Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-20621 | 1 Aterm | 4 Wg2600hp, Wg2600hp2, Wg2600hp2 Firmware and 1 more | 2021-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2021-20620 | 1 Aterm | 2 Wg2600hp, Wg2600hp Firmware | 2021-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2020-7550 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7554 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-25169 | 1 Reolink | 14 Rlc-410, Rlc-410 Firmware, Rlc-422 and 11 more | 2021-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds. | |||||
| CVE-2020-7556 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7557 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2021-26304 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2021-02-01 | 3.5 LOW | 5.4 MEDIUM |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. | |||||
| CVE-2021-20622 | 1 Aterm | 4 Wg2600hp, Wg2600hp2, Wg2600hp2 Firmware and 1 more | 2021-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-21270 | 1 Octopus | 1 Octopusdsc | 2021-02-01 | 2.1 LOW | 5.5 MEDIUM |
| OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002. | |||||
| CVE-2020-7558 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-11214 | 1 Qualcomm | 349 Aqt1000, Ar8031, Ar8035 and 346 more | 2021-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11213 | 1 Qualcomm | 555 Apq8009, Apq8009w, Apq8016 and 552 more | 2021-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-23342 | 1 Anchorcms | 1 Anchor Cms | 2021-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. | |||||
| CVE-2020-8288 | 1 Rocket.chat | 1 Rocket.chat | 2021-02-01 | 3.5 LOW | 5.4 MEDIUM |
| The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter. | |||||
| CVE-2020-35854 | 1 Textpattern | 1 Textpattern | 2021-02-01 | 3.5 LOW | 4.8 MEDIUM |
| Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | |||||
| CVE-2020-11179 | 1 Qualcomm | 404 Apq8009, Apq8009w, Apq8017 and 401 more | 2021-02-01 | 6.9 MEDIUM | 7.0 HIGH |
| Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-20183 | 1 Moodle | 1 Moodle | 2021-02-01 | 4.3 MEDIUM | 5.4 MEDIUM |
| It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries. | |||||
| CVE-2021-20184 | 1 Moodle | 1 Moodle | 2021-02-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. | |||||
| CVE-2021-20186 | 1 Moodle | 1 Moodle | 2021-02-01 | 2.1 LOW | 5.4 MEDIUM |
| It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS. | |||||
| CVE-2020-23774 | 1 Winmail Project | 1 Winmail | 2021-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed. | |||||
| CVE-2021-20187 | 1 Moodle | 1 Moodle | 2021-02-01 | 6.5 MEDIUM | 7.2 HIGH |
| It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. | |||||
| CVE-2020-28403 | 1 Iris | 1 Star | 2021-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application. | |||||
| CVE-2012-2663 | 1 Netfilter | 1 Iptables | 2021-02-01 | 7.5 HIGH | N/A |
| extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant. | |||||
| CVE-2021-3186 | 1 Tenda | 2 Ac1200, Ac1200 Firmware | 2021-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter. | |||||
| CVE-2021-25124 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2021-01-30 | 7.2 HIGH | 7.8 HIGH |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability. | |||||
| CVE-2021-25125 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2021-01-30 | 7.2 HIGH | 7.8 HIGH |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability. | |||||
| CVE-2021-25126 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2021-01-30 | 7.2 HIGH | 7.8 HIGH |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function. | |||||
| CVE-2021-25127 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2021-01-30 | 7.2 HIGH | 7.8 HIGH |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function. | |||||
| CVE-2021-25128 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2021-01-30 | 7.2 HIGH | 7.8 HIGH |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func function path traversal vulnerability. | |||||
| CVE-2021-25129 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2021-01-30 | 7.2 HIGH | 7.8 HIGH |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability. | |||||
| CVE-2021-25130 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2021-01-30 | 7.2 HIGH | 7.8 HIGH |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setactdir_func function. | |||||
| CVE-2021-25131 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2021-01-30 | 7.2 HIGH | 7.8 HIGH |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setfwimagelocation_func function. | |||||