Total
66144 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-4121 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2021-38400 | 1 Bostonscientific | 2 Zoom Latitude Pogrammer\/recorder\/monitor 3120, Zoom Latitude Pogrammer\/recorder\/monitor 3120 Firmware | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password. | |||||
CVE-2021-38322 | 1 Twitter Friends Widget Project | 1 Twitter Friends Widget | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1. | |||||
CVE-2022-21264 | 3 Fedoraproject, Netapp, Oracle | 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2021-46052 | 1 Webassembly | 1 Binaryen | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. | |||||
CVE-2021-42662 | 1 Online Event Booking And Reservation System Project | 1 Online Event Booking And Reservation System | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. | |||||
CVE-2021-3920 | 1 Getgrav | 1 Grav-plugin-admin | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2021-0899 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059. | |||||
CVE-2021-0979 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191772737 | |||||
CVE-2021-20164 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page. | |||||
CVE-2021-24780 | 1 Single Post Exporter Project | 1 Single Post Exporter | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL | |||||
CVE-2021-22060 | 2 Oracle, Vmware | 3 Communications Cloud Native Core Console, Communications Cloud Native Core Service Communication Proxy, Spring Framework | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. | |||||
CVE-2021-40042 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800. | |||||
CVE-2021-40990 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2021-45471 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | |||||
CVE-2020-21387 | 1 Maccms | 1 Maccms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | |||||
CVE-2021-37085 | 1 Huawei | 1 Harmonyos | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service. | |||||
CVE-2021-24510 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue | |||||
CVE-2021-40567 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service. | |||||
CVE-2021-29842 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. |