Total
65269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20569 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243. | |||||
| CVE-2021-37967 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-21704 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. | |||||
| CVE-2021-38335 | 1 Wiseagent | 1 Wise Agent Capture Forms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2020-21532 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. | |||||
| CVE-2021-43192 | 2 Apple, Jetbrains | 2 Iphone Os, Youtrack Mobile | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. | |||||
| CVE-2020-23906 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. | |||||
| CVE-2021-32202 | 1 Cs-cart | 1 Cs-cart | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page. | |||||
| CVE-2021-46144 | 2 Debian, Roundcube | 2 Debian Linux, Roundcube | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | |||||
| CVE-2022-23129 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information. | |||||
| CVE-2020-23273 | 1 Broadcom | 1 Tcpreplay | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap. | |||||
| CVE-2021-31589 | 1 Beyondtrust | 1 Appliance Base Software | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization. | |||||
| CVE-2021-25975 | 1 Publify Project | 1 Publify | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. | |||||
| CVE-2021-0997 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191086488 | |||||
| CVE-2021-31821 | 2 Microsoft, Octopus | 2 Windows, Tentacle | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image | |||||
| CVE-2022-0395 | 1 Livehelperchat | 1 Live Helper Chat | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2022-21326 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2023-12-10 | 4.0 MEDIUM | 6.3 MEDIUM |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-46041 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service. | |||||
| CVE-2021-0681 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535337 | |||||
| CVE-2021-3775 | 1 Showdoc | 1 Showdoc | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||