Total
598 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23264 | 1 Craftercms | 1 Crafter Cms | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. | |||||
| CVE-2021-39212 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 3.6 LOW | 3.6 LOW |
| ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />. | |||||
| CVE-2021-44049 | 1 Cyberark | 1 Endpoint Privilege Manager | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
| CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. | |||||
| CVE-2020-28145 | 1 Wuzhicms | 1 Wuzhicms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | |||||
| CVE-2021-38004 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-38931 | 6 Hp, Ibm, Linux and 3 more | 7 Hp-ux, Aix, Db2 and 4 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. | |||||
| CVE-2021-24775 | 1 Bplugins | 1 Document Embedder | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. | |||||
| CVE-2021-46354 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. | |||||
| CVE-2021-41065 | 1 Bopsoft | 1 Listary | 2023-12-10 | 4.4 MEDIUM | 7.3 HIGH |
| An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds). | |||||
| CVE-2021-37112 | 1 Huawei | 1 Harmonyos | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak. | |||||
| CVE-2021-23263 | 1 Craftercms | 1 Crafter Cms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). | |||||
| CVE-2021-22385 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | |||||
| CVE-2021-31154 | 1 Pleaseedit Project | 1 Pleaseedit | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack. | |||||
| CVE-2021-29280 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2023-12-10 | 4.3 MEDIUM | 6.4 MEDIUM |
| In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | |||||
| CVE-2021-0542 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890 | |||||
| CVE-2021-20461 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770. | |||||
| CVE-2020-18646 | 1 5none | 1 Nonecms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php". | |||||
| CVE-2021-25432 | 2 Google, Samsung | 2 Android, Samsung Members | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. | |||||
| CVE-2021-25652 | 1 Avaya | 1 Aura Appliance Virtualization Platform | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. | |||||
| CVE-2021-28623 | 2 Adobe, Microsoft | 2 Premiere Elements, Windows | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | |||||