Total
64950 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0628 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454. | |||||
| CVE-2020-4562 | 1 Ibm | 1 Planning Analytics | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames. | |||||
| CVE-2020-18451 | 1 Damicms | 1 Damicms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. | |||||
| CVE-2021-20511 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 6.8 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. | |||||
| CVE-2021-29551 | 1 Google | 1 Tensorflow | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixTriangularSolve`(https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240) fails to terminate kernel execution if one validation condition fails. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2020-23914 | 1 Cpp-peglib Project | 1 Cpp-peglib | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer dereference exists in the peg::AstOptimizer::optimize() located in peglib.h. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-31222 | 1 Stormshield | 1 Endpoint Security | 2023-12-10 | 2.9 LOW | 5.7 MEDIUM |
| SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. | |||||
| CVE-2021-1778 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. | |||||
| CVE-2021-28556 | 1 Magento | 1 Magento | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is required for successful exploitation. | |||||
| CVE-2021-38602 | 1 Pluxml | 1 Pluxml | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. | |||||
| CVE-2021-30751 | 1 Apple | 1 Macos | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass certain Privacy preferences. | |||||
| CVE-2021-25444 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process. | |||||
| CVE-2021-20023 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. | |||||
| CVE-2021-30019 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy. | |||||
| CVE-2021-32091 | 1 Localstack | 1 Localstack | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. | |||||
| CVE-2021-35967 | 1 Learningdigital | 1 Orca Hcm | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in. | |||||
| CVE-2021-37391 | 1 Chamilo | 1 Chamilo Lms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature. | |||||
| CVE-2020-23238 | 1 Evo | 1 Evolution Cms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature. | |||||
| CVE-2021-30082 | 1 Gris Cms Project | 1 Gris Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard. | |||||
| CVE-2021-29313 | 1 Seacms | 1 Seacms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, | |||||