Total
65270 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-39995 | 1 Huawei | 4 Ecns280 Td, Ecns280 Td Firmware, Ese620x Vess and 1 more | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. | |||||
CVE-2021-41930 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php. | |||||
CVE-2021-44471 | 1 Deltaww | 1 Diaenergie | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | |||||
CVE-2022-20643 | 1 Cisco | 1 Security Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
CVE-2021-21701 | 1 Jenkins | 1 Performance | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
CVE-2020-23895 | 1 Wildbit-soft | 1 Wildbit Viewer | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | |||||
CVE-2021-30833 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | |||||
CVE-2021-46502 | 1 Jsish | 1 Jsish | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS). | |||||
CVE-2021-24648 | 1 Metagauss | 1 Registrationmagic | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting | |||||
CVE-2020-4160 | 1 Ibm | 1 Qradar Network Security | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340. | |||||
CVE-2021-20841 | 1 Ec-cube | 1 Ec-cube | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors. | |||||
CVE-2021-43156 | 1 Projectworlds | 1 Online Book Store Project In Php | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | |||||
CVE-2021-33694 | 1 Sap | 1 Cloud Connector | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting. | |||||
CVE-2022-0372 | 1 Craterapp | 1 Crater | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2. | |||||
CVE-2021-24868 | 1 Bplugins | 1 Document Embedder | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. | |||||
CVE-2021-1883 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption. | |||||
CVE-2021-4107 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2021-34773 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts. | |||||
CVE-2021-21705 | 3 Netapp, Oracle, Php | 3 Clustered Data Ontap, Sd-wan Aware, Php | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. | |||||
CVE-2021-3818 | 1 Getgrav | 1 Grav | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking |