Total
65012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38152 | 1 Chikitsa | 1 Patient Management System | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS. | |||||
| CVE-2020-21987 | 1 Homeautomation Project | 1 Homeautomation | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. | |||||
| CVE-2021-23888 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-12-10 | 4.9 MEDIUM | 6.3 MEDIUM |
| Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user. | |||||
| CVE-2020-20249 | 1 Mikrotik | 1 Routeros | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service. | |||||
| CVE-2021-28807 | 1 Qnap | 4 Q\'center, Qts, Quts Hero and 1 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center v1.10.1004 and later QuTS hero h4.5.2: Q’center v1.12.1012 and later QuTScloud c4.5.4: Q’center v1.12.1012 and later | |||||
| CVE-2021-32106 | 1 Icecoder | 1 Icecoder | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed. | |||||
| CVE-2021-21639 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type. | |||||
| CVE-2021-40492 | 1 Gibbonedu | 1 Gibbon | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). | |||||
| CVE-2021-38757 | 1 Hospital Management System Project | 1 Hospital Management System | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | |||||
| CVE-2020-18454 | 1 Bycms Project | 1 Bycms | 2023-12-10 | 6.0 MEDIUM | 6.8 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. | |||||
| CVE-2021-3463 | 1 Lenovo | 125 Power Management Driver, Thinkpad 11e Gen 5, Thinkpad 11e Yoga Gen 6 and 122 more | 2023-12-10 | 4.9 MEDIUM | 4.4 MEDIUM |
| A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. | |||||
| CVE-2020-10774 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-29693 | 1 Ibm | 2 Aix, Vios | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255. | |||||
| CVE-2021-1409 | 1 Cisco | 3 Unified Communications Manager, Unified Communications Manager Im \& Presence Service, Unity Connection | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2021-34652 | 1 Meowapps | 1 Media Usage | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | |||||
| CVE-2021-24379 | 1 Wphappycoders | 1 Comments Like Dislike | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side | |||||
| CVE-2020-23179 | 1 Php-fusion | 1 Php-fusion | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field. | |||||
| CVE-2021-2321 | 1 Oracle | 1 Vm Virtualbox | 2023-12-10 | 2.1 LOW | 6.0 MEDIUM |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2021-29545 | 1 Google | 1 Tensorflow | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in converting sparse tensors to CSR Sparse matrices. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/800346f2c03a27e182dd4fba48295f65e7790739/tensorflow/core/kernels/sparse/kernels.cc#L66) does a double redirection to access an element of an array allocated on the heap. If the value at `indices(i, 0)` is such that `indices(i, 0) + 1` is outside the bounds of `csr_row_ptr`, this results in writing outside of bounds of heap allocated data. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2020-19475 | 1 Flowpaper | 1 Pdf2json | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in function CCITTFaxStream::lookChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 2 . | |||||