Total
66140 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15077 | 1 Openvpn | 1 Openvpn Access Server | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | |||||
CVE-2021-30483 | 1 Isomorphic-git | 1 Isomorphic-git | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. | |||||
CVE-2021-37466 | 1 Nchsoftware | 1 Quorum | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). | |||||
CVE-2021-28185 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | |||||
CVE-2020-18665 | 1 Webport | 1 Web Port | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings. | |||||
CVE-2021-33333 | 1 Liferay | 2 Dxp, Liferay Portal | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs. | |||||
CVE-2021-33702 | 1 Sap | 1 Netweaver Enterprise Portal | 2023-12-10 | 2.6 LOW | 6.1 MEDIUM |
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. | |||||
CVE-2021-30746 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | |||||
CVE-2021-22211 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling. | |||||
CVE-2021-24157 | 1 Themeisle | 1 Orbit Fox | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious. | |||||
CVE-2021-23413 | 1 Jszip Project | 1 Jszip | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. | |||||
CVE-2021-33326 | 1 Liferay | 2 Dxp, Liferay Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a modal window. | |||||
CVE-2020-18194 | 1 Emlog | 1 Emlog | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. | |||||
CVE-2021-28114 | 1 Froala | 1 Froala Editor | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. | |||||
CVE-2021-35984 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability achieve an application denial-of-service in the context of the current user. Exploitation of this issue does not requires user interaction. | |||||
CVE-2021-34146 | 1 Cypress | 4 Cyw20735b1, Cyw20735b1 Firmware, Cyw920735q60evb-01 and 1 more | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. | |||||
CVE-2021-20371 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516. | |||||
CVE-2021-0563 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358 | |||||
CVE-2021-0554 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162 | |||||
CVE-2021-31903 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. |