Total
65269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37999 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. | |||||
| CVE-2021-1837 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic. | |||||
| CVE-2022-21741 | 1 Google | 1 Tensorflow | 2023-12-10 | 5.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2021-1968 | 1 Qualcomm | 124 Aqt1000, Aqt1000 Firmware, Ar8031 and 121 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-21482 | 1 Rgcms Project | 1 Rgcms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board module | |||||
| CVE-2021-29365 | 1 Irfanview | 1 Irfanview | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS). | |||||
| CVE-2021-24776 | 1 Wp Performance Score Booster Project | 1 Wp Performance Score Booster | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2022-21345 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2021-39910 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature. | |||||
| CVE-2022-0348 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2. | |||||
| CVE-2021-44838 | 1 Deltarm | 1 Delta Rm | 2023-12-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies. | |||||
| CVE-2021-25049 | 1 Mobileeventsmanager | 1 Mobile Events Manager | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-46484 | 1 Jsish | 1 Jsish | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-24632 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-22850 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types. | |||||
| CVE-2021-41188 | 1 Shopware | 1 Shopware | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability. | |||||
| CVE-2022-21672 | 1 Linuxfromscratch | 1 Make-ca | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor. | |||||
| CVE-2021-20858 | 1 Elecom | 2 Wrc-2533ghbk-i, Wrc-2533ghbk-i Firmware | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20135 | 1 Tenable | 1 Nessus | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus). | |||||
| CVE-2021-24818 | 1 Wp Limits Project | 1 Wp Limits | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values | |||||