Total
64815 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-43533 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox < 94. | |||||
CVE-2021-43438 | 1 Iresturant Project | 1 Iresturant | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field | |||||
CVE-2022-0374 | 1 Livehelperchat | 1 Live Helper Chat | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
CVE-2021-20872 | 1 Konicaminolta | 104 Bizhub 224e, Bizhub 224e Firmware, Bizhub 227 and 101 more | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware. | |||||
CVE-2021-40123 | 1 Cisco | 1 Identity Services Engine | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted. | |||||
CVE-2021-21926 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter. | |||||
CVE-2021-4018 | 1 Snipeitapp | 1 Snipe-it | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2021-1855 | 1 Apple | 1 Macos | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to force unnecessary network connections to fetch its favicon. | |||||
CVE-2019-16651 | 1 Virginmedia | 2 Super Hub 3, Super Hub 3 Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them). | |||||
CVE-2021-39555 | 1 Swftools | 1 Swftools | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D0() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service. | |||||
CVE-2021-45676 | 1 Netgear | 10 Rax15, Rax15 Firmware, Rax20 and 7 more | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126. | |||||
CVE-2021-23155 | 1 Gallagher | 1 Command Centre Mobile Client | 2023-12-10 | 4.3 MEDIUM | 6.8 MEDIUM |
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions. | |||||
CVE-2021-30819 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents. | |||||
CVE-2021-39846 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. | |||||
CVE-2021-30828 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root. | |||||
CVE-2021-0659 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559. | |||||
CVE-2021-44702 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. | |||||
CVE-2021-0677 | 2 Google, Mediatek | 9 Android, Mt6833, Mt6853 and 6 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154. | |||||
CVE-2021-35214 | 1 Solarwinds | 1 Pingdom | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021. | |||||
CVE-2021-3788 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. |