Total
64829 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-4018 | 1 Snipeitapp | 1 Snipe-it | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2021-1855 | 1 Apple | 1 Macos | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to force unnecessary network connections to fetch its favicon. | |||||
CVE-2019-16651 | 1 Virginmedia | 2 Super Hub 3, Super Hub 3 Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them). | |||||
CVE-2021-39555 | 1 Swftools | 1 Swftools | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D0() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service. | |||||
CVE-2021-45676 | 1 Netgear | 10 Rax15, Rax15 Firmware, Rax20 and 7 more | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126. | |||||
CVE-2021-23155 | 1 Gallagher | 1 Command Centre Mobile Client | 2023-12-10 | 4.3 MEDIUM | 6.8 MEDIUM |
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions. | |||||
CVE-2021-30819 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents. | |||||
CVE-2021-39846 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. | |||||
CVE-2021-30828 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root. | |||||
CVE-2021-0659 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559. | |||||
CVE-2021-44702 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. | |||||
CVE-2021-0677 | 2 Google, Mediatek | 9 Android, Mt6833, Mt6853 and 6 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154. | |||||
CVE-2021-35214 | 1 Solarwinds | 1 Pingdom | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021. | |||||
CVE-2021-3788 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. | |||||
CVE-2021-41798 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. | |||||
CVE-2021-4183 | 3 Fedoraproject, Oracle, Wireshark | 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file | |||||
CVE-2021-24765 | 1 Getperfectsurvey | 1 Perfect Survey | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue | |||||
CVE-2020-20597 | 1 Mossle | 1 Lemon | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. | |||||
CVE-2020-28968 | 1 Draytek | 26 Vigorap 1000c, Vigorap 1000c Firmware, Vigorap 700 and 23 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field. | |||||
CVE-2021-38896 | 2 Ibm, Linux | 2 Qradar Advisor, Linux Kernel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209566. |