Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29904 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 2.1 LOW | 5.5 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610. | |||||
| CVE-2021-29833 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204825. | |||||
| CVE-2021-29832 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204824. | |||||
| CVE-2021-38877 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208405. | |||||
| CVE-2021-29905 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207616. | |||||
| CVE-2021-40845 | 1 Zenitel | 1 Alphacom Xe Audio Server | 2021-09-27 | 6.5 MEDIUM | 8.8 HIGH |
| The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory. | |||||
| CVE-2021-40670 | 1 Wuzhicms | 1 Wuzhicms | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. | |||||
| CVE-2020-21596 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21595 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21594 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21599 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21597 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21604 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21603 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. | |||||
| CVE-2021-39189 | 1 Pimcore | 1 Pimcore | 2021-09-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. | |||||
| CVE-2020-21601 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21606 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. | |||||
| CVE-2021-29842 | 1 Ibm | 1 Websphere Application Server | 2021-09-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. | |||||
| CVE-2021-34576 | 1 Kadenvodomery | 2 Picoflux Air, Picoflux Air Firmware | 2021-09-27 | 3.3 LOW | 4.3 MEDIUM |
| In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties. | |||||
| CVE-2021-3797 | 1 Hestiacp | 1 Control Panel | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| hestiacp is vulnerable to Use of Wrong Operator in String Comparison | |||||
| CVE-2021-27341 | 1 Os4ed | 1 Opensis | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter. | |||||
| CVE-2021-27340 | 1 Os4ed | 1 Opensis | 2021-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter. | |||||
| CVE-2021-38156 | 1 Nagios | 1 Nagios Xi | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. | |||||
| CVE-2021-39209 | 1 Glpi-project | 1 Glpi | 2021-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading. | |||||
| CVE-2019-11595 | 1 Ublockorigin | 1 Ublock Origin | 2021-09-27 | 6.8 MEDIUM | 9.0 CRITICAL |
| In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect. | |||||
| CVE-2020-21605 | 1 Libde265 | 1 Libde265 | 2021-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. | |||||
| CVE-2021-21993 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. | |||||
| CVE-2020-21480 | 1 Rgcms Project | 1 Rgcms | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2020-14124 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. | |||||
| CVE-2021-39239 | 1 Apache | 1 Jena | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. | |||||
| CVE-2021-24620 | 1 Simple-e-commerce-shopping-cart Project | 1 Simple-e-commerce-shopping-cart | 2021-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE | |||||
| CVE-2020-21481 | 1 Rgcms Project | 1 Rgcms | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file. | |||||
| CVE-2020-21482 | 1 Rgcms Project | 1 Rgcms | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board module | |||||
| CVE-2021-33693 | 1 Sap | 1 Cloud Connector | 2021-09-27 | 7.7 HIGH | 6.8 MEDIUM |
| SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution. | |||||
| CVE-2021-40966 | 1 Tinyfilemanager Project | 1 Tinyfilemanager | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server. | |||||
| CVE-2020-14119 | 1 Mi | 1 Ax3600 | 2021-09-27 | 10.0 HIGH | 9.8 CRITICAL |
| There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 | |||||
| CVE-2021-40965 | 1 Tinyfilemanager Project | 1 Tinyfilemanager | 2021-09-27 | 9.3 HIGH | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker. | |||||
| CVE-2021-39206 | 2 Envoyproxy, Pomerium | 2 Envoy, Pomerium | 2021-09-27 | 5.0 MEDIUM | 8.6 HIGH |
| Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation. | |||||
| CVE-2021-39204 | 2 Envoyproxy, Pomerium | 2 Envoy, Pomerium | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched. | |||||
| CVE-2021-20433 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-09-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345. | |||||
| CVE-2017-7525 | 6 Apache, Debian, Fasterxml and 3 more | 23 Struts, Debian Linux, Jackson-databind and 20 more | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | |||||
| CVE-2017-4995 | 1 Vmware | 1 Spring Security | 2021-09-27 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing. | |||||
| CVE-2021-40669 | 1 Wuzhicms | 1 Wuzhicms | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. | |||||
| CVE-2021-23051 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 8 more | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2005-2410 | 1 Gnome | 1 Networkmanager | 2021-09-27 | 7.5 HIGH | N/A |
| Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call. | |||||
| CVE-2020-14130 | 1 Mi | 1 Xiaomi | 2021-09-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809 | |||||
| CVE-2020-14109 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2021-09-27 | 9.0 HIGH | 7.2 HIGH |
| There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | |||||
| CVE-2021-23050 | 1 F5 | 3 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager, Nginx App Protect | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23029 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-09-27 | 6.5 MEDIUM | 8.8 HIGH |
| On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23039 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-09-27 | 7.1 HIGH | 7.5 HIGH |
| On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||