Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36803 | 1 Akaunting | 1 Akaunting | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-36805 | 1 Akaunting | 1 Akaunting | 2021-08-11 | 3.5 LOW | 4.8 MEDIUM |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-22422 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | |||||
| CVE-2021-22421 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges. | |||||
| CVE-2021-22419 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos. | |||||
| CVE-2021-22418 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | |||||
| CVE-2021-22417 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage. | |||||
| CVE-2021-22416 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | |||||
| CVE-2021-27499 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2021-08-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages. | |||||
| CVE-2021-22424 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. | |||||
| CVE-2021-27942 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2021-08-11 | 7.2 HIGH | 6.8 MEDIUM |
| Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed. | |||||
| CVE-2019-14453 | 1 Comelitgroup | 1 Away From Home | 2021-08-11 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges (installer or administrator) for the graphical interface via a 1C000000000S value for domus, in conjunction with a zero value for logged. | |||||
| CVE-2021-29979 | 1 Mozilla | 1 Hubs Cloud | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210618012634. | |||||
| CVE-2018-21234 | 2 Apache, Jodd | 2 Hive, Jodd | 2021-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set. | |||||
| CVE-2018-14662 | 3 Debian, Opensuse, Redhat | 4 Debian Linux, Leap, Ceph and 1 more | 2021-08-11 | 2.7 LOW | 5.7 MEDIUM |
| It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | |||||
| CVE-2018-16846 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2021-08-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. | |||||
| CVE-2020-4707 | 1 Ibm | 1 Api Connect | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370. | |||||
| CVE-2021-26098 | 1 Fortinet | 1 Fortisandbox | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs. | |||||
| CVE-2021-32594 | 1 Fortinet | 1 Fortiportal | 2021-08-11 | 5.5 MEDIUM | 8.1 HIGH |
| An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files. | |||||
| CVE-2021-32590 | 1 Fortinet | 1 Fortiportal | 2021-08-11 | 9.0 HIGH | 8.8 HIGH |
| Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests. | |||||
| CVE-2021-33338 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 5.1 MEDIUM | 7.5 HIGH |
| The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the p_auth parameter. | |||||
| CVE-2021-33337 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter. | |||||
| CVE-2021-36764 | 1 Codesys | 1 Gateway | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. | |||||
| CVE-2021-35463 | 1 Liferay | 1 Liferay Portal | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. | |||||
| CVE-2021-24010 | 1 Fortinet | 1 Fortisandbox | 2021-08-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests. | |||||
| CVE-2021-3678 | 1 Showdoc | 1 Showdoc | 2021-08-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | |||||
| CVE-2021-36765 | 1 Codesys | 1 Ethernetip | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system. | |||||
| CVE-2021-36168 | 1 Fortinet | 1 Fortiportal | 2021-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values. | |||||
| CVE-2020-29011 | 1 Fortinet | 1 Fortisandbox | 2021-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests. | |||||
| CVE-2021-26097 | 1 Fortinet | 1 Fortisandbox | 2021-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2021-32596 | 1 Fortinet | 1 Fortiportal | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables. | |||||
| CVE-2021-37557 | 1 Centreon | 1 Centreon | 2021-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter. | |||||
| CVE-2021-37558 | 1 Centreon | 1 Centreon | 2021-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only when a valid Knowledge Base URL is configured on the Knowledge Base configuration page and points to a MediaWiki instance. This relates to the proxy feature in class/centreon-knowledge/ProceduresProxy.class.php and include/configuration/configKnowledge/proxy/proxy.php. | |||||
| CVE-2021-37556 | 1 Centreon | 1 Centreon | 2021-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters. | |||||
| CVE-2021-22423 | 1 Huawei | 1 Harmonyos | 2021-08-10 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow. | |||||
| CVE-2021-22425 | 1 Huawei | 1 Harmonyos | 2021-08-10 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges. | |||||
| CVE-2021-36542 | 1 Seeddms | 1 Seeddms | 2021-08-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | |||||
| CVE-2021-35343 | 1 Seeddms | 1 Seeddms | 2021-08-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | |||||
| CVE-2021-36543 | 1 Seeddms | 1 Seeddms | 2021-08-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | |||||
| CVE-2020-24827 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24826 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24822 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24821 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24823 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2020-24824 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS). | |||||
| CVE-2021-35450 | 1 Entando | 1 Admin Console | 2021-08-10 | 9.0 HIGH | 7.2 HIGH |
| A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute | |||||
| CVE-2021-22552 | 1 Google | 1 Asylo | 2021-08-10 | 2.1 LOW | 5.5 MEDIUM |
| An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a | |||||
| CVE-2021-37166 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2021-08-10 | 7.8 HIGH | 7.5 HIGH |
| A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and takes extensive time for the GUI to connect to the TCP socket, allowing the connection to be hijacked by an external attacker. | |||||
| CVE-2020-24825 | 1 Libelfin Project | 1 Libelfin | 2021-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
| CVE-2021-29697 | 1 Ibm | 1 Cloud Pak For Security | 2021-08-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system. | |||||