Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38705 | 1 Cliniccases | 1 Cliniccases | 2021-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker. | |||||
| CVE-2021-39193 | 1 Parity | 1 Frontier | 2021-09-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch. | |||||
| CVE-2021-38704 | 1 Cliniccases | 1 Cliniccases | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. | |||||
| CVE-2020-19855 | 1 Phpwcms | 1 Phpwcms | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. | |||||
| CVE-2021-38312 | 1 Redux | 1 Gutenberg Template Library \& Redux Framework | 2021-09-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts. | |||||
| CVE-2021-38314 | 1 Redux | 1 Gutenberg Template Library \& Redux Framework | 2021-09-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`. | |||||
| CVE-2021-39192 | 1 Ghost | 1 Ghost | 2021-09-10 | 6.5 MEDIUM | 7.2 HIGH |
| Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround. | |||||
| CVE-2021-40491 | 1 Gnu | 1 Inetutils | 2021-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. | |||||
| CVE-2021-40494 | 1 Adaptivescale | 1 Lxdui | 2021-09-10 | 10.0 HIGH | 9.8 CRITICAL |
| A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. | |||||
| CVE-2021-22775 | 1 Schneider-electric | 1 Gp-pro Ex | 2021-09-10 | 4.4 MEDIUM | 7.8 HIGH |
| A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. | |||||
| CVE-2019-6146 | 1 Forcepoint | 1 Web Security | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) | |||||
| CVE-2019-6144 | 1 Forcepoint | 1 One Endpoint | 2021-09-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. | |||||
| CVE-2019-6145 | 1 Forcepoint | 1 Vpn Client | 2021-09-10 | 7.2 HIGH | 6.7 MEDIUM |
| Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. | |||||
| CVE-2019-6143 | 1 Forcepoint | 1 Next Generation Firewall | 2021-09-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. The vulnerability affects the following NGFW features when the LDAP authentication method is used as the backend authentication: IPsec VPN, SSL VPN or Browser-based user authentication. The vulnerability does not apply when any other backend authentication is used. The RADIUS authentication method is not vulnerable, for example. | |||||
| CVE-2019-6140 | 1 Forcepoint | 1 Email Security | 2021-09-10 | 7.5 HIGH | 8.8 HIGH |
| A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. | |||||
| CVE-2018-16529 | 1 Forcepoint | 1 Email Security | 2021-09-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password. | |||||
| CVE-2019-6139 | 1 Forcepoint | 1 User Id | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface. | |||||
| CVE-2021-3758 | 1 Bookstackapp | 1 Bookstack | 2021-09-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| bookstack is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2021-34759 | 1 Cisco | 1 Identity Services Engine | 2021-09-10 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials. | |||||
| CVE-2021-21086 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-10 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-34746 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2021-09-10 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device. | |||||
| CVE-2021-34733 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2021-09-10 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system. | |||||
| CVE-2021-34732 | 1 Cisco | 1 Prime Collaboration Provisioning | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2021-40378 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2021-09-10 | 8.5 HIGH | 8.1 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device. | |||||
| CVE-2021-37911 | 1 Benq | 2 Eh600, Eh600 Firmware | 2021-09-10 | 8.3 HIGH | 8.8 HIGH |
| The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork. | |||||
| CVE-2021-30355 | 1 Amazon | 2 Kindle, Kindle Firmware | 2021-09-10 | 9.3 HIGH | 8.6 HIGH |
| Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. | |||||
| CVE-2020-19853 | 1 Bluecms Project | 1 Bluecms | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. | |||||
| CVE-2021-23438 | 1 Mpath Project | 1 Mpath | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input. | |||||
| CVE-2021-34150 | 1 Bluetrum | 2 Ab5301a, Ab5301a Firmware | 2021-09-10 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. | |||||
| CVE-2021-37418 | 2021-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-31874. Reason: This candidate is a reservation duplicate of CVE-2021-31874. Notes: All CVE users should reference CVE-2021-31874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-27911 | 1 Acquia | 1 Mautic | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc. | |||||
| CVE-2021-27910 | 1 Acquia | 1 Mautic | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the "error" and "error_related_to" parameters of the POST request (POST /mailer/<product / webhook>/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information. | |||||
| CVE-2021-30354 | 1 Amazon | 2 Kindle, Kindle Firmware | 2021-09-10 | 9.3 HIGH | 8.6 HIGH |
| Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book. | |||||
| CVE-2021-39177 | 1 Geysermc | 1 Geyser | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch for the issue. There are no known workarounds aside from upgrading. | |||||
| CVE-2015-5955 | 1 Owncloud | 1 Owncloud | 2021-09-10 | 5.0 MEDIUM | N/A |
| ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | |||||
| CVE-2021-22929 | 1 Brave | 1 Brave | 2021-09-10 | 3.6 LOW | 6.1 MEDIUM |
| An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. | |||||
| CVE-2021-27909 | 1 Acquia | 1 Mautic | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized. | |||||
| CVE-2021-23436 | 1 Immer Project | 1 Immer | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p === "constructor") in applyPatches_ returns false if p is ['__proto__'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type. | |||||
| CVE-2021-39109 | 1 Atlassian | 1 Atlasboard | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. | |||||
| CVE-2020-20490 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| A heap buffer-overflow in the client_example1.c component of libiec_iccp_mod v1.5 leads to a denial of service (DOS). | |||||
| CVE-2017-17933 | 1 Netwin | 1 Surgeftp | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | |||||
| CVE-2017-13137 | 1 Formcrafts | 1 Formcraft | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. | |||||
| CVE-2017-5995 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-2244 | 1 Brother | 2 Mfc-j960dwn, Mfc-j960dwn Firmware | 2021-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2015-2889 | 1 Summerinfant | 2 Baby Zoom Wifi Monitor, Baby Zoom Wifi Monitor Firmware | 2021-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. | |||||
| CVE-2020-20341 | 1 Yzmcms | 1 Yzmcms | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | |||||
| CVE-2020-20340 | 1 S-cms | 1 S-cms | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. | |||||
| CVE-2021-34435 | 1 Eclipse | 1 Theia | 2021-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.. | |||||
| CVE-2021-36002 | 1 Adobe | 1 Captivate | 2021-09-10 | 4.4 MEDIUM | 7.3 HIGH |
| Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer. | |||||
| CVE-2021-39285 | 1 Versa-networks | 1 Versa Director | 2021-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack. | |||||