Vulnerabilities (CVE)

Total 165320 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-20466 1 White Shark Systems Project 1 White Shark Systems 2021-06-23 7.5 HIGH 9.8 CRITICAL
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.
CVE-2020-20467 1 White Shark Systems Project 1 White Shark Systems 2021-06-23 6.4 MEDIUM 6.5 MEDIUM
White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.
CVE-2021-28815 1 Qnap 4 Myqnapcloud Link, Qts, Quts Hero and 1 more 2021-06-23 4.0 MEDIUM 4.9 MEDIUM
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
CVE-2020-20468 1 White Shark Systems Project 1 White Shark Systems 2021-06-23 4.3 MEDIUM 6.5 MEDIUM
White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.
CVE-2020-20469 1 White Shark Systems Project 1 White Shark Systems 2021-06-23 5.0 MEDIUM 7.5 HIGH
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.
CVE-2020-20470 1 White Shark Systems Project 1 White Shark Systems 2021-06-23 5.0 MEDIUM 5.3 MEDIUM
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.
CVE-2020-20471 1 White Shark Systems Project 1 White Shark Systems 2021-06-23 9.0 HIGH 8.8 HIGH
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
CVE-2020-20472 1 White Shark Systems Project 1 White Shark Systems 2021-06-23 5.0 MEDIUM 5.3 MEDIUM
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.
CVE-2021-32695 1 Nextcloud 1 Nextcloud 2021-06-23 4.3 MEDIUM 3.3 LOW
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1.
CVE-2020-20473 1 White Shark Systems Project 1 White Shark Systems 2021-06-23 5.0 MEDIUM 7.5 HIGH
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
CVE-2021-22913 1 Nextcloud 1 Deck 2021-06-23 4.3 MEDIUM 6.5 MEDIUM
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.
CVE-2021-29621 1 Flask-appbuilder Project 1 Flask-appbuilder 2021-06-23 5.0 MEDIUM 5.3 MEDIUM
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.
CVE-2020-17526 1 Apache 1 Airflow 2021-06-23 3.5 LOW 7.7 HIGH
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.
CVE-2020-20474 1 White Shark Systems Project 1 White Shark Systems 2021-06-23 5.0 MEDIUM 7.5 HIGH
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
CVE-2021-34808 1 Synology 1 Media Server 2021-06-23 5.0 MEDIUM 5.3 MEDIUM
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
CVE-2020-7860 2 Linux, Unegg Project 2 Linux Kernel, Unegg 2021-06-23 6.8 MEDIUM 7.8 HIGH
UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG. Attackers could exploit this and arbitrary code execution. This issue affects: Estsoft UnEGG 0.5 versions prior to 1.0 on linux.
CVE-2021-28684 1 Powerarchiver 1 Powerarchiver 2021-06-23 4.3 MEDIUM 4.3 MEDIUM
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).
CVE-2021-0143 1 Intel 1 Brand Verification Tool 2021-06-23 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-32557 1 Canonical 1 Apport 2021-06-23 3.6 LOW 7.1 HIGH
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
CVE-2021-34811 1 Synology 1 Download Station 2021-06-23 4.0 MEDIUM 4.3 MEDIUM
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.