Total
65506 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4264 | 1 Vanillaforums | 1 Vanilla Forums | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. | |||||
CVE-2021-27455 | 1 Deltaww | 1 Dopsoft | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. | |||||
CVE-2021-2173 | 1 Oracle | 1 Database Server | 2023-12-10 | 4.0 MEDIUM | 4.1 MEDIUM |
Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). | |||||
CVE-2021-21591 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
CVE-2021-20519 | 1 Ibm | 12 Collaborative Lifecycle Management, Doors Next, Engineering Insights and 9 more | 2023-12-10 | 4.3 MEDIUM | 5.4 MEDIUM |
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441. | |||||
CVE-2021-27640 | 1 Sap | 1 3d Visual Enterprise Viewer | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
CVE-2021-24477 | 1 Migrate Users Project | 1 Migrate Users | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack. | |||||
CVE-2021-2399 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql Server | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2021-32542 | 1 Sysjust | 1 Cts Web | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack. | |||||
CVE-2020-19716 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | |||||
CVE-2021-1535 | 1 Cisco | 1 Sd-wan Vmanage | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to allow the attacker to view sensitive information on the affected system. | |||||
CVE-2021-0271 | 1 Juniper | 10 Ex2200-c, Ex3200, Ex3300 and 7 more | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected. | |||||
CVE-2021-26698 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. | |||||
CVE-2021-22248 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only | |||||
CVE-2021-24367 | 1 Wp Config File Editor Project | 1 Wp Config File Editor | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. | |||||
CVE-2021-3243 | 1 Wfiltericf | 1 Wfilter Internet Content Filter | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function. | |||||
CVE-2021-29527 | 1 Google | 1 Tensorflow | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedConv2D`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/00e9a4d67d76703fa1aee33dac582acf317e0e81/tensorflow/core/kernels/quantized_conv_ops.cc#L257-L259) does a division by a quantity that is controlled by the caller. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
CVE-2020-21675 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | |||||
CVE-2021-20364 | 1 Ibm | 1 Cloud Pak For Applications | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195035. | |||||
CVE-2020-29621 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences. |