Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23673 | 1 Pekeupload Project | 1 Pekeupload | 2021-11-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed. | |||||
| CVE-2021-24812 | 1 Wpdeveloper | 1 Betterlinks | 2021-11-24 | 3.5 LOW | 5.4 MEDIUM |
| The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. | |||||
| CVE-2021-43409 | 1 Wpo365 | 1 Wordpress \+ Azure Ad \/ Microsoft Office 365 | 2021-11-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker. | |||||
| CVE-2021-43408 | 1 Duplicate Post Project | 1 Duplicate Post | 2021-11-24 | 9.0 HIGH | 8.8 HIGH |
| The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles. | |||||
| CVE-2016-4123 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-24 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2021-24873 | 1 Themeum | 1 Tutor Lms | 2021-11-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2016-4128 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-24 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-4129 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-24 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2021-39353 | 1 Easyregistrationforms | 1 Easy Registration Forms | 2021-11-24 | 6.8 MEDIUM | 8.8 HIGH |
| The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1. | |||||
| CVE-2021-35535 | 1 Hitachi | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2021-11-24 | 6.8 MEDIUM | 8.1 HIGH |
| Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions. | |||||
| CVE-2021-42254 | 1 Beyondtrust | 1 Privilege Management For Windows | 2021-11-24 | 7.2 HIGH | 7.8 HIGH |
| BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-22028 | 1 Greenplum | 1 Greenplum | 2021-11-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability. | |||||
| CVE-2021-22030 | 1 Greenplum | 1 Greenplum | 2021-11-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users | |||||
| CVE-2021-40774 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2021-11-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-24713 | 1 Creativemindssolutions | 2 Video Lessons Manager, Video Lessons Manager Pro | 2021-11-24 | 3.5 LOW | 4.8 MEDIUM |
| The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks | |||||
| CVE-2021-24700 | 1 Incsub | 1 Forminator | 2021-11-24 | 3.5 LOW | 4.8 MEDIUM |
| The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2021-24644 | 1 Imagestowebp Project | 1 Images To Webp | 2021-11-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue | |||||
| CVE-2021-24641 | 1 Imagestowebp Project | 1 Images To Webp | 2021-11-24 | 5.8 MEDIUM | 8.1 HIGH |
| The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion | |||||
| CVE-2021-43019 | 2 Adobe, Apple | 2 Creative Cloud Desktop Application, Macos | 2021-11-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2021-34399 | 3 Linux, Microsoft, Nvidia | 137 Linux Kernel, Windows, Dgx-1 P100 and 134 more | 2021-11-24 | 2.1 LOW | 4.4 MEDIUM |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure. | |||||
| CVE-2021-1105 | 3 Linux, Microsoft, Nvidia | 137 Linux Kernel, Windows, Dgx-1 P100 and 134 more | 2021-11-24 | 2.1 LOW | 4.4 MEDIUM |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure. | |||||
| CVE-2021-1088 | 3 Linux, Microsoft, Nvidia | 137 Linux Kernel, Windows, Dgx-1 P100 and 134 more | 2021-11-24 | 2.1 LOW | 4.4 MEDIUM |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure. | |||||
| CVE-2021-34400 | 3 Linux, Microsoft, Nvidia | 137 Linux Kernel, Windows, Dgx-1 P100 and 134 more | 2021-11-24 | 2.1 LOW | 4.4 MEDIUM |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure. | |||||
| CVE-2021-41280 | 1 Sharetribe | 1 Sharetribe | 2021-11-24 | 7.5 HIGH | 9.8 CRITICAL |
| Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the `sns_notification_token` configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set the`sns_notification_token` configuration parameter to a secret value. | |||||
| CVE-2021-41273 | 1 Pterodactyl | 1 Panel | 2021-11-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply trigger email spam to an administrative user, or generate a single auto-deployment token unexpectedly. This token is not revealed to the malicious user, it is simply created unexpectedly in the system. This has been addressed in release `1.6.6`. Users may optionally manually apply the fixes released in v1.6.6 to patch their own systems. | |||||
| CVE-2021-41274 | 1 Nebulab | 1 Solidus Auth Devise | 2021-11-24 | 6.8 MEDIUM | 8.8 HIGH |
| solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `solidus_auth_devise` are affected if `protect_from_forgery` method is both: Executed whether as: A `before_action` callback (the default) or A `prepend_before_action` (option `prepend: true` given) before the `:load_object` hook in `Spree::UserController` (most likely order to find). Configured to use `:null_session` or `:reset_session` strategies (`:null_session` is the default in case the no strategy is given, but `rails --new` generated skeleton use `:exception`). Users should promptly update to `solidus_auth_devise` version `2.5.4`. Users unable to update should if possible, change their strategy to `:exception`. Please see the linked GHSA for more workaround details. | |||||
| CVE-2021-32004 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2021-11-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning. | |||||
| CVE-2021-44144 | 1 Crocontrol | 1 Asterix | 2021-11-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. | |||||
| CVE-2021-21393 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. | |||||
| CVE-2021-21392 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 4.9 MEDIUM | 6.3 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds. | |||||
| CVE-2021-21394 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. | |||||
| CVE-2021-21333 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 2.6 LOW | 6.1 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0. | |||||
| CVE-2021-21332 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 4.3 MEDIUM | 8.2 HIGH |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0. | |||||
| CVE-2021-21274 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. | |||||
| CVE-2021-21273 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. | |||||
| CVE-2020-15074 | 1 Openvpn | 1 Openvpn Access Server | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp. | |||||
| CVE-2019-14463 | 3 Debian, Fedoraproject, Libmodbus | 3 Debian Linux, Fedora, Libmodbus | 2021-11-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. | |||||
| CVE-2019-14462 | 3 Debian, Fedoraproject, Libmodbus | 3 Debian Linux, Fedora, Libmodbus | 2021-11-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. | |||||
| CVE-2019-7283 | 2 Debian, Netkit | 2 Debian Linux, Netkit | 2021-11-23 | 5.8 MEDIUM | 7.4 HIGH |
| An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. | |||||
| CVE-2019-7282 | 2 Debian, Netkit | 2 Debian Linux, Netkit | 2021-11-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. | |||||
| CVE-2018-3689 | 2 Intel, Linux | 2 Software Guard Extensions, Linux Kernel | 2021-11-23 | 2.1 LOW | 5.5 MEDIUM |
| AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM. | |||||
| CVE-2017-11509 | 2 Debian, Firebirdsql | 2 Debian Linux, Firebird | 2021-11-23 | 9.0 HIGH | 8.8 HIGH |
| An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. | |||||
| CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2021-11-23 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2021-30632 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30629 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30628 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | |||||
| CVE-2021-30627 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30626 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30874 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission. | |||||
| CVE-2021-30867 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2021-11-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved authentication. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access photo metadata without needing permission to access photos. | |||||