Weekly Vulnerabilities Reports > September 20 to 26, 2021
Overview
365 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 39 high severity vulnerabilities. This weekly summary report vulnerabilities in 677 products from 145 vendors including IBM, Cisco, Swftools, Vmware, and Ffmpeg. Vulnerabilities are notably categorized as "Cross-site Scripting", "NULL Pointer Dereference", "Out-of-bounds Write", "SQL Injection", and "Classic Buffer Overflow".
- 320 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 109 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 257 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 40 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-09-23 | CVE-2021-22941 | Citrix | Unspecified vulnerability in Citrix Sharefile Storagezones Controller Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. | 10.0 |
2021-09-22 | CVE-2021-31819 | Octopus | Deserialization of Untrusted Data vulnerability in Octopus Halibut In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification. | 10.0 |
2021-09-24 | CVE-2021-22869 | Github | Improper Authentication vulnerability in Github Enterprise Server An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. | 9.8 |
2021-09-23 | CVE-2021-22005 | Vmware | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |
2021-09-23 | CVE-2021-34727 | Cisco | Classic Buffer Overflow vulnerability in Cisco IOS XE Sd-Wan A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. | 9.8 |
2021-09-22 | CVE-2021-36260 | Hikvision | OS Command Injection vulnerability in Hikvision products A command injection vulnerability in the web server of some Hikvision product. | 9.8 |
2021-09-23 | CVE-2021-41088 | ELV | Origin Validation Error vulnerability in ELV Elvish Elvish is a programming language and interactive shell, combined into one package. | 9.3 |
2021-09-22 | CVE-2021-38112 | Amazon | Argument Injection or Modification vulnerability in Amazon AWS Workspaces In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. | 9.3 |
2021-09-21 | CVE-2021-40847 | Netgear | Cleartext Transmission of Sensitive Information vulnerability in Netgear products The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. | 9.3 |
2021-09-23 | CVE-2021-22945 | Haxx Fedoraproject Netapp Oracle Apple Siemens Debian | Double Free vulnerability in multiple products When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | 9.1 |
2021-09-24 | CVE-2021-41583 | Eduvpn | Improper Input Validation vulnerability in Eduvpn Vpn-User-Portal vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. | 9.0 |
2021-09-23 | CVE-2021-22014 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). | 9.0 |
2021-09-23 | CVE-2021-34770 | Cisco | Out-of-bounds Write vulnerability in Cisco IOS XE A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. | 9.0 |
39 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-09-20 | CVE-2021-39537 | GNU Apple | Out-of-bounds Write vulnerability in multiple products An issue was discovered in ncurses through v6.2-1. | 8.8 |
2021-09-23 | CVE-2021-1624 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. | 8.6 |
2021-09-23 | CVE-2021-36823 | Cusmin | Cross-site Scripting vulnerability in Cusmin Absolutely Glamorous Custom Admin Auth. | 8.2 |
2021-09-20 | CVE-2021-24639 | FFW | Missing Authorization vulnerability in FFW Omgf The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. | 8.1 |
2021-09-24 | CVE-2021-41503 | Dlink D Link | Improper Authentication vulnerability in multiple products ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. | 8.0 |
2021-09-24 | CVE-2021-2464 | Oracle | Unspecified vulnerability in Oracle Engineered Systems Utilities and Linux Vulnerability in Oracle Linux (component: OSwatcher). | 7.8 |
2021-09-23 | CVE-2021-22015 | Vmware | Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. | 7.8 |
2021-09-23 | CVE-2021-34768 | Cisco | Double Free vulnerability in Cisco IOS XE Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
2021-09-23 | CVE-2021-34769 | Cisco | Double Free vulnerability in Cisco IOS XE Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
2021-09-20 | CVE-2021-32271 | Gpac | Out-of-bounds Write vulnerability in Gpac An issue was discovered in gpac through 20200801. | 7.8 |
2021-09-20 | CVE-2021-38300 | Linux Netapp Debian | arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. | 7.8 |
2021-09-23 | CVE-2021-1620 | Cisco | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. | 7.7 |
2021-09-23 | CVE-2020-4690 | IBM | Use of Hard-coded Credentials vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
2021-09-23 | CVE-2021-26794 | Frogcms Project | Unrestricted Upload of File with Dangerous Type vulnerability in Frogcms Project Frogcms 0.9.5 Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file. | 7.5 |
2021-09-23 | CVE-2021-21913 | Dlink | Use of Hard-coded Credentials vulnerability in Dlink Dir-3040 Firmware 1.13B03 An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. | 7.5 |
2021-09-23 | CVE-2021-41381 | Payara | Path Traversal vulnerability in Payara Micro Community Payara Micro Community 5.2021.6 and below allows Directory Traversal. | 7.5 |
2021-09-23 | CVE-2021-41428 | Datev | Incorrect Permission Assignment for Critical Resource vulnerability in Datev Framework Library, Program and Update Manager Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components. | 7.5 |
2021-09-23 | CVE-2021-32959 | Aveva | Heap-based Buffer Overflow vulnerability in Aveva Suitelink Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06 | 7.5 |
2021-09-22 | CVE-2020-23469 | Gmate Project | Unspecified vulnerability in Gmate Project Gmate 0.12+Bionic gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. | 7.5 |
2021-09-22 | CVE-2020-23478 | Leoeditor | Incorrect Comparison vulnerability in Leoeditor LEO 6.2.1 Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | 7.5 |
2021-09-22 | CVE-2019-6288 | Edge Core | Command Injection vulnerability in Edge-Core Ecs2020 Firmware 1.0.0.0 Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. | 7.5 |
2021-09-22 | CVE-2021-37925 | Zohocorp | OS Command Injection vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. | 7.5 |
2021-09-22 | CVE-2021-37927 | Zohocorp | Improper Verification of Cryptographic Signature vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. | 7.5 |
2021-09-21 | CVE-2021-23444 | Client | Type Confusion vulnerability in Client Jointjs This affects the package jointjs before 3.4.2. | 7.5 |
2021-09-21 | CVE-2021-0869 | Out-of-bounds Write vulnerability in Google Android In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. | 7.5 | |
2021-09-21 | CVE-2021-28960 | Manageengine | Command Injection vulnerability in Manageengine Desktop Central 10.0.282/5.65 Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. | 7.5 |
2021-09-21 | CVE-2021-37424 | Zohocorp | Unspecified vulnerability in Zohocorp Manageengine Admanager Plus 6.1 ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. | 7.5 |
2021-09-21 | CVE-2021-31917 | Infinispan Redhat | Improper Authentication vulnerability in multiple products A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). | 7.5 |
2021-09-20 | CVE-2020-26301 | Ssh2 Project | OS Command Injection vulnerability in Ssh2 Project Ssh2 ssh2 is client and server modules written in pure JavaScript for node.js. | 7.5 |
2021-09-20 | CVE-2021-40674 | Wuzhicms | SQL Injection vulnerability in Wuzhicms 4.1.0 An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. | 7.5 |
2021-09-20 | CVE-2021-24741 | Schiocco | SQL Injection vulnerability in Schiocco Support Board - Chat and Help Desk 1.2.3 The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. | 7.5 |
2021-09-23 | CVE-2021-1621 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. | 7.4 |
2021-09-23 | CVE-2021-34714 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. | 7.4 |
2021-09-23 | CVE-2021-34740 | Cisco | Memory Leak vulnerability in Cisco Aironet Access Point Software 17.2/17.3 A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.4 |
2021-09-23 | CVE-2021-1419 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. | 7.2 |
2021-09-21 | CVE-2021-20037 | Sonicwall | Incorrect Default Permissions vulnerability in Sonicwall Global VPN Client 4.10.4.0314 SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. | 7.2 |
2021-09-23 | CVE-2021-22948 | Revive Adserver | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Revive-Adserver Revive Adserver Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. | 7.1 |
2021-09-22 | CVE-2021-3583 | Redhat | Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower A flaw was found in Ansible, where a user's controller is vulnerable to template injection. | 7.1 |
2021-09-26 | CVE-2021-41617 | Openbsd Fedoraproject Netapp Oracle Starwindsoftware | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. | 7.0 |
252 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-09-22 | CVE-2021-31841 | Mcafee | Improper Verification of Cryptographic Signature vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. | 6.9 |
2021-09-22 | CVE-2021-31847 | Mcafee | Improper Privilege Management vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. | 6.9 |
2021-09-24 | CVE-2021-41588 | Gradle | Deserialization of Untrusted Data vulnerability in Gradle In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. | 6.8 |
2021-09-23 | CVE-2020-19951 | Yzmcms | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.5 A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | 6.8 |
2021-09-23 | CVE-2021-33035 | Apache | Classic Buffer Overflow vulnerability in Apache Openoffice Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. | 6.8 |
2021-09-23 | CVE-2021-34699 | Cisco | Interpretation Conflict vulnerability in Cisco IOS A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. | 6.8 |
2021-09-22 | CVE-2021-21992 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. | 6.8 |
2021-09-20 | CVE-2021-41083 | Dadamailproject | Cross-Site Request Forgery (CSRF) vulnerability in Dadamailproject Dada Mail Dada Mail is a web-based e-mail list management system. | 6.8 |
2021-09-20 | CVE-2020-20891 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2020-20892 | Ffmpeg | Divide By Zero vulnerability in Ffmpeg 4.2.1 An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. | 6.8 |
2021-09-20 | CVE-2020-20893 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Buffer Overflow vulnerability in function activate in libavfilter/af_afade.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2020-20894 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2020-20895 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Buffer Overflow vulnerability in function filter_vertically_##name in libavfilter/vf_avgblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2020-20896 | Ffmpeg | NULL Pointer Dereference vulnerability in Ffmpeg 4.2.1 An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. | 6.8 |
2021-09-20 | CVE-2020-20897 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Buffer Overflow vulnerability in function filter_slice in libavfilter/vf_bm3d.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2020-20898 | Ffmpeg | Integer Overflow or Wraparound vulnerability in Ffmpeg 4.2.1 Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2020-20899 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Buffer Overflow vulnerability in function config_props in libavfilter/vf_bwdif.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2020-20900 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2020-20901 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Buffer Overflow vulnerability in function filter_frame in libavfilter/vf_fieldorder.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2021-32265 | Axiosys | Classic Buffer Overflow vulnerability in Axiosys Bento4 An issue was discovered in Bento4 through v1.6.0-637. | 6.8 |
2021-09-20 | CVE-2021-32268 | Gpac | Out-of-bounds Write vulnerability in Gpac Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. | 6.8 |
2021-09-20 | CVE-2021-32272 | Faad2 Project Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in faad2 before 2.10.0. | 6.8 |
2021-09-20 | CVE-2021-32273 | Faad2 Project Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in faad2 through 2.10.0. | 6.8 |
2021-09-20 | CVE-2021-32274 | Faad2 Project Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in faad2 through 2.10.0. | 6.8 |
2021-09-20 | CVE-2021-32277 | Faad2 Project Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in faad2 through 2.10.0. | 6.8 |
2021-09-20 | CVE-2021-32278 | Faad2 Project Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in faad2 through 2.10.0. | 6.8 |
2021-09-20 | CVE-2021-32281 | Creolabs | Out-of-bounds Write vulnerability in Creolabs Gravity An issue was discovered in gravity through 0.8.1. | 6.8 |
2021-09-20 | CVE-2021-32284 | Creolabs | NULL Pointer Dereference vulnerability in Creolabs Gravity An issue was discovered in gravity through 0.8.1. | 6.8 |
2021-09-20 | CVE-2021-32286 | Hcxtools Project | Out-of-bounds Write vulnerability in Hcxtools Project Hcxtoold An issue was discovered in hcxtools through 6.1.6. | 6.8 |
2021-09-20 | CVE-2021-32287 | Nokia | Out-of-bounds Write vulnerability in Nokia Heif An issue was discovered in heif through v3.6.2. | 6.8 |
2021-09-20 | CVE-2021-32288 | Nokia | Out-of-bounds Write vulnerability in Nokia Heif An issue was discovered in heif through v3.6.2. | 6.8 |
2021-09-20 | CVE-2021-32294 | Linuxsampler | Out-of-bounds Write vulnerability in Linuxsampler Libgig An issue was discovered in libgig through 20200507. | 6.8 |
2021-09-20 | CVE-2021-32297 | Lief Project | Out-of-bounds Write vulnerability in Lief-Project Lief An issue was discovered in LIEF through 0.11.4. | 6.8 |
2021-09-20 | CVE-2021-32298 | Libiff Project | Out-of-bounds Write vulnerability in Libiff Project Libiff An issue was discovered in libiff through 20190123. | 6.8 |
2021-09-20 | CVE-2021-32299 | Pbrt Project | Out-of-bounds Write vulnerability in Pbrt Project Pbrt An issue was discovered in pbrt through 20200627. | 6.8 |
2021-09-20 | CVE-2021-38089 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Buffer Overflow vulnerability in function config_input in libavfilter/vf_bm3d.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2021-38090 | Ffmpeg | Classic Buffer Overflow vulnerability in Ffmpeg 4.2.1 Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2021-38091 | Ffmpeg | Integer Overflow or Wraparound vulnerability in Ffmpeg 4.2.1 Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2021-38092 | Ffmpeg | Integer Overflow or Wraparound vulnerability in Ffmpeg 4.2.1 Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2021-38093 | Ffmpeg | Integer Overflow or Wraparound vulnerability in Ffmpeg 4.2.1 Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2021-38094 | Ffmpeg | Integer Overflow or Wraparound vulnerability in Ffmpeg 4.2.1 Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | 6.8 |
2021-09-20 | CVE-2021-39522 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 6.8 |
2021-09-20 | CVE-2021-39525 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 6.8 |
2021-09-20 | CVE-2021-39527 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 6.8 |
2021-09-20 | CVE-2021-39528 | GNU | Double Free vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 6.8 |
2021-09-20 | CVE-2021-39530 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 6.8 |
2021-09-20 | CVE-2021-39531 | Juniper | Out-of-bounds Write vulnerability in Juniper Libslax An issue was discovered in libslax through v0.22.1. | 6.8 |
2021-09-20 | CVE-2021-39533 | Juniper | Out-of-bounds Write vulnerability in Juniper Libslax An issue was discovered in libslax through v0.22.1. | 6.8 |
2021-09-20 | CVE-2021-39534 | Juniper | Out-of-bounds Write vulnerability in Juniper Libslax An issue was discovered in libslax through v0.22.1. | 6.8 |
2021-09-20 | CVE-2021-39536 | Libxsmm Project | Out-of-bounds Write vulnerability in Libxsmm Project Libxsmm An issue was discovered in libxsmm through v1.16.1-93. | 6.8 |
2021-09-20 | CVE-2021-39540 | Pdftools Project | Out-of-bounds Write vulnerability in Pdftools Project Pdftools An issue was discovered in pdftools through 20200714. | 6.8 |
2021-09-20 | CVE-2021-39544 | Sela Project | Out-of-bounds Write vulnerability in Sela Project Sela An issue was discovered in sela through 20200412. | 6.8 |
2021-09-20 | CVE-2021-39546 | Sela Project | Out-of-bounds Write vulnerability in Sela Project Sela An issue was discovered in sela through 20200412. | 6.8 |
2021-09-20 | CVE-2021-39550 | Sela Project | Out-of-bounds Write vulnerability in Sela Project Sela An issue was discovered in sela through 20200412. | 6.8 |
2021-09-20 | CVE-2021-39551 | Sela Project | Out-of-bounds Write vulnerability in Sela Project Sela An issue was discovered in sela through 20200412. | 6.8 |
2021-09-20 | CVE-2021-39552 | Sela Project | Out-of-bounds Write vulnerability in Sela Project Sela An issue was discovered in sela through 20200412. | 6.8 |
2021-09-20 | CVE-2021-39558 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20200710. | 6.8 |
2021-09-20 | CVE-2021-39561 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20200710. | 6.8 |
2021-09-20 | CVE-2021-39564 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20200710. | 6.8 |
2021-09-20 | CVE-2021-39569 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20200710. | 6.8 |
2021-09-20 | CVE-2021-39574 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20200710. | 6.8 |
2021-09-20 | CVE-2021-39577 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20200710. | 6.8 |
2021-09-20 | CVE-2021-39579 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20200710. | 6.8 |
2021-09-20 | CVE-2021-39582 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20200710. | 6.8 |
2021-09-20 | CVE-2021-39595 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20200710. | 6.8 |
2021-09-23 | CVE-2021-34723 | Cisco | Exposure of Resource to Wrong Sphere vulnerability in Cisco IOS XE 17.3.1A A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. | 6.7 |
2021-09-23 | CVE-2021-34725 | Cisco | OS Command Injection vulnerability in Cisco IOS XE Sd-Wan A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. | 6.7 |
2021-09-23 | CVE-2021-34726 | Cisco | OS Command Injection vulnerability in Cisco Sd-Wan A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. | 6.7 |
2021-09-23 | CVE-2021-34729 | Cisco | OS Command Injection vulnerability in Cisco IOS XE and IOS XE Sd-Wan A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. | 6.7 |
2021-09-23 | CVE-2021-1612 | Cisco | Link Following vulnerability in Cisco Sd-Wan A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. | 6.6 |
2021-09-24 | CVE-2021-40309 | Os4Ed | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. | 6.5 |
2021-09-24 | CVE-2021-40099 | Concretecms | Unspecified vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 6.5 |
2021-09-23 | CVE-2021-22952 | UI | Unspecified vulnerability in UI Unifi Talk A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. | 6.5 |
2021-09-23 | CVE-2021-1589 | Cisco | Insufficiently Protected Credentials vulnerability in Cisco Sd-Wan A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. | 6.5 |
2021-09-23 | CVE-2021-34703 | Cisco | Improper Initialization vulnerability in Cisco IOS A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. | 6.5 |
2021-09-23 | CVE-2021-34712 | Cisco | Unspecified vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. | 6.5 |
2021-09-22 | CVE-2021-34647 | Ninjaforms | Missing Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. | 6.5 |
2021-09-21 | CVE-2020-19551 | Wuzhicms | Incorrect Authorization vulnerability in Wuzhicms Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. | 6.5 |
2021-09-21 | CVE-2021-37741 | Zohocorp | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Admanager Plus ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. | 6.5 |
2021-09-20 | CVE-2021-39402 | Maianmedia | Code Injection vulnerability in Maianmedia Maianaffiliate 1.0 MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. | 6.5 |
2021-09-20 | CVE-2021-24396 | Bestiaweb | SQL Injection vulnerability in Bestiaweb Gseor 1.3 A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
2021-09-20 | CVE-2021-24397 | Activemedia | SQL Injection vulnerability in Activemedia Microcopy 1.1.0 The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. | 6.5 |
2021-09-20 | CVE-2021-24398 | Webpsilon | SQL Injection vulnerability in Webpsilon Responsive 3D Slider 1.2 The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. | 6.5 |
2021-09-20 | CVE-2021-24399 | Ombu | SQL Injection vulnerability in Ombu the Sorter 1.0 The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
2021-09-20 | CVE-2021-24400 | WP Display Users Project | SQL Injection vulnerability in Wp-Display-Users Project Wp-Display-Users The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
2021-09-20 | CVE-2021-24401 | WP Domain Redirect Project | SQL Injection vulnerability in Wp-Domain-Redirect Project Wp-Domain-Redirect The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
2021-09-20 | CVE-2021-24402 | Solvercircle | SQL Injection vulnerability in Solvercircle WP Icommerce 1.1.1 The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
2021-09-20 | CVE-2021-24403 | Wpagecontact Project | SQL Injection vulnerability in Wpagecontact Project Wpagecontact The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
2021-09-20 | CVE-2021-24404 | WP Board Project | SQL Injection vulnerability in Wp-Board Project Wp-Board 1.1 The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
2021-09-20 | CVE-2021-24511 | DPL | SQL Injection vulnerability in DPL Product Feed on Woocommerce The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 6.5 |
2021-09-20 | CVE-2021-24606 | Offshorewebmaster | SQL Injection vulnerability in Offshorewebmaster Availability Calendar The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+ | 6.5 |
2021-09-20 | CVE-2021-24663 | Simple Schools Staff Directory Project | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Schools Staff Directory Project Simple Schools Staff Directory The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE | 6.5 |
2021-09-24 | CVE-2021-40102 | Concretecms | Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 6.4 |
2021-09-23 | CVE-2021-22018 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. | 6.4 |
2021-09-23 | CVE-2021-1619 | Cisco | Use of Uninitialized Resource vulnerability in Cisco products A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. | 6.4 |
2021-09-22 | CVE-2021-40684 | Talend | Unspecified vulnerability in Talend ESB Runtime 5.1 Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container. | 6.4 |
2021-09-20 | CVE-2021-24638 | FFW | Path Traversal vulnerability in FFW Omgf The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. | 6.4 |
2021-09-23 | CVE-2021-34724 | Cisco | Unspecified vulnerability in Cisco IOS XE Sd-Wan A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. | 6.0 |
2021-09-22 | CVE-2021-38153 | Apache Quarkus Oracle | Information Exposure Through Discrepancy vulnerability in multiple products Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. | 5.9 |
2021-09-23 | CVE-2021-22949 | Concretecms | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" | 5.8 |
2021-09-23 | CVE-2021-22953 | Concretecms | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" | 5.8 |
2021-09-22 | CVE-2020-23267 | Gpac | Out-of-bounds Write vulnerability in Gpac 0.8.0 An issue was discovered in gpac 0.8.0. | 5.8 |
2021-09-21 | CVE-2021-23443 | Adonisjs | Type Confusion vulnerability in Adonisjs Edge This affects the package edge.js before 5.3.2. | 5.8 |
2021-09-20 | CVE-2021-24636 | Print MY Blog Project | Cross-Site Request Forgery (CSRF) vulnerability in Print MY Blog Project Print MY Blog The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link | 5.8 |
2021-09-21 | CVE-2021-29831 | IBM | XXE vulnerability in IBM products IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
2021-09-20 | CVE-2021-25741 | Kubernetes | Files or Directories Accessible to External Parties vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | 5.5 |
2021-09-20 | CVE-2021-32269 | Gpac | NULL Pointer Dereference vulnerability in Gpac An issue was discovered in gpac through 20200801. | 5.5 |
2021-09-20 | CVE-2021-32270 | Gpac | NULL Pointer Dereference vulnerability in Gpac An issue was discovered in gpac through 20200801. | 5.5 |
2021-09-20 | CVE-2021-32280 | Xfig Project Debian | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in fig2dev before 3.2.8.. | 5.5 |
2021-09-20 | CVE-2021-24584 | Motopress | Cross-site Scripting vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update arbitrary timeslot from any events. | 5.4 |
2021-09-20 | CVE-2021-24618 | Wbolt | Cross-site Scripting vulnerability in Wbolt Donate With Qrcode The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). | 5.4 |
2021-09-20 | CVE-2021-24635 | Bootstrapped | Missing Authorization vulnerability in Bootstrapped Visual Link Preview The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL | 5.4 |
2021-09-24 | CVE-2021-41504 | Dlink | Unspecified vulnerability in Dlink Dcs-5000L Firmware and Dcs-932L Firmware ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. | 5.2 |
2021-09-24 | CVE-2021-40655 | Dlink | Incorrect Authorization vulnerability in Dlink Dir-605L Firmware 2.01Mt An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. | 5.0 |
2021-09-24 | CVE-2021-41586 | Gradle | Server-Side Request Forgery (SSRF) vulnerability in Gradle In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. | 5.0 |
2021-09-24 | CVE-2021-41587 | Gradle | Server-Side Request Forgery (SSRF) vulnerability in Gradle In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. | 5.0 |
2021-09-24 | CVE-2021-31923 | Pingidentity | HTTP Request Smuggling vulnerability in Pingidentity Pingaccess Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. | 5.0 |
2021-09-24 | CVE-2021-41584 | Gradle | Information Exposure vulnerability in Gradle Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header. | 5.0 |
2021-09-23 | CVE-2020-24327 | Discourse | Server-Side Request Forgery (SSRF) vulnerability in Discourse 2.3.2/2.6.0 Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. | 5.0 |
2021-09-23 | CVE-2021-38864 | IBM | Improper Certificate Validation vulnerability in IBM Security Verify Bridge IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. | 5.0 |
2021-09-23 | CVE-2021-32963 | Aveva | NULL Pointer Dereference vulnerability in Aveva Suitelink Null pointer dereference in SuiteLink server while processing commands 0x03/0x10 | 5.0 |
2021-09-23 | CVE-2021-32971 | Aveva | NULL Pointer Dereference vulnerability in Aveva Suitelink Null pointer dereference in SuiteLink server while processing command 0x07 | 5.0 |
2021-09-23 | CVE-2021-32979 | Aveva | NULL Pointer Dereference vulnerability in Aveva Suitelink Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a | 5.0 |
2021-09-23 | CVE-2021-32987 | Aveva | NULL Pointer Dereference vulnerability in Aveva Suitelink Null pointer dereference in SuiteLink server while processing command 0x0b | 5.0 |
2021-09-23 | CVE-2021-32999 | Aveva | Improper Handling of Exceptional Conditions vulnerability in Aveva Suitelink Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 | 5.0 |
2021-09-23 | CVE-2021-22017 | Vmware | Unspecified vulnerability in VMWare Vcenter Server 6.7 Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. | 5.0 |
2021-09-23 | CVE-2021-22019 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. | 5.0 |
2021-09-23 | CVE-2021-22006 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. | 5.0 |
2021-09-23 | CVE-2021-22008 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. | 5.0 |
2021-09-23 | CVE-2021-22009 | Vmware | Exposure of Resource to Wrong Sphere vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. | 5.0 |
2021-09-23 | CVE-2021-22010 | Vmware | Resource Exhaustion vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in VPXD service. | 5.0 |
2021-09-23 | CVE-2021-22011 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. | 5.0 |
2021-09-23 | CVE-2021-22012 | Vmware | Missing Authentication for Critical Function vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. | 5.0 |
2021-09-23 | CVE-2021-22013 | Vmware | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. | 5.0 |
2021-09-23 | CVE-2021-1565 | Cisco | Double Free vulnerability in Cisco products Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.0 |
2021-09-23 | CVE-2021-1611 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.0 |
2021-09-23 | CVE-2021-1615 | Cisco | Unspecified vulnerability in Cisco Embedded Wireless Controller A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. | 5.0 |
2021-09-23 | CVE-2021-34696 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. | 5.0 |
2021-09-23 | CVE-2021-34697 | Cisco | Improper Initialization vulnerability in Cisco IOS XE A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. | 5.0 |
2021-09-22 | CVE-2021-40875 | Gurock | Forced Browsing vulnerability in Gurock Testrail Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. | 5.0 |
2021-09-22 | CVE-2021-39339 | Telefication | Server-Side Request Forgery (SSRF) vulnerability in Telefication The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. | 5.0 |
2021-09-22 | CVE-2021-41382 | Plasticscm | Unspecified vulnerability in Plasticscm Plastic SCM Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. | 5.0 |
2021-09-21 | CVE-2021-39230 | Butter Project | Unspecified vulnerability in Butter Project Butter Butter is a system usability utility. | 5.0 |
2021-09-21 | CVE-2021-41531 | Nlnetlabs | Improper Input Validation vulnerability in Nlnetlabs Routinator NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. | 5.0 |
2021-09-21 | CVE-2021-37419 | Zohocorp | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Admanager Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | 5.0 |
2021-09-20 | CVE-2021-39229 | Nuxref | Resource Exhaustion vulnerability in Nuxref Apprise Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. | 5.0 |
2021-09-20 | CVE-2021-41082 | Discourse | Incorrect Authorization vulnerability in Discourse Discourse is a platform for community discussion. | 5.0 |
2021-09-20 | CVE-2021-32838 | Flask Restx Project Fedoraproject | Resource Exhaustion vulnerability in multiple products Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. | 5.0 |
2021-09-20 | CVE-2021-32839 | Sqlparse Project | Resource Exhaustion vulnerability in Sqlparse Project Sqlparse sqlparse is a non-validating SQL parser module for Python. | 5.0 |
2021-09-20 | CVE-2020-21468 | Redislabs | Unspecified vulnerability in Redislabs Redis 5.0.7 ** DISPUTED ** A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). | 5.0 |
2021-09-20 | CVE-2019-16651 | Virginmedia | Incorrect Authorization vulnerability in Virginmedia Super HUB 3 Firmware An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. | 5.0 |
2021-09-24 | CVE-2020-20514 | Maccms | Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0 A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | 4.9 |
2021-09-21 | CVE-2021-29795 | IBM | Injection vulnerability in IBM Powervm Hypervisor IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. | 4.9 |
2021-09-21 | CVE-2021-26333 | AMD | Missing Initialization of Resource vulnerability in AMD Chipset Driver and PSP Driver An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. | 4.9 |
2021-09-23 | CVE-2021-1616 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. | 4.7 |
2021-09-21 | CVE-2021-41084 | Typelevel | Injection vulnerability in Typelevel Http4S http4s is an open source scala interface for HTTP. | 4.7 |
2021-09-22 | CVE-2021-21991 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. | 4.6 |
2021-09-24 | CVE-2021-28130 | Drweb | Uncontrolled Search Path Element vulnerability in Drweb Security Space 12.5.2.4160 Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. | 4.4 |
2021-09-23 | CVE-2021-26750 | Pandasecurity | Uncontrolled Search Path Element vulnerability in Pandasecurity Panda Adaptive Defense 360 and Panda Devices Agent DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. | 4.4 |
2021-09-25 | CVE-2021-21742 | ZTE | Unspecified vulnerability in ZTE Axon 30 PRO Message Service 5.3.1.2103091059 There is an information leak vulnerability in the message service app of a ZTE mobile phone. | 4.3 |
2021-09-24 | CVE-2020-20508 | Shopkit Project | Cross-site Scripting vulnerability in Shopkit Project Shopkit 2.7 Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field. | 4.3 |
2021-09-24 | CVE-2016-6555 | Opennms | Cross-site Scripting vulnerability in Opennms OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. | 4.3 |
2021-09-24 | CVE-2016-6556 | Opennms | Cross-site Scripting vulnerability in Opennms OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. | 4.3 |
2021-09-24 | CVE-2021-41581 | Openbsd | Out-of-bounds Read vulnerability in Openbsd Libressl x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. | 4.3 |
2021-09-23 | CVE-2021-29816 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
2021-09-23 | CVE-2021-22276 | ABB | Improper Validation of Integrity Check Value vulnerability in ABB products The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. | 4.3 |
2021-09-23 | CVE-2021-3824 | Openvpn | Cross-site Scripting vulnerability in Openvpn Access Server OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. | 4.3 |
2021-09-23 | CVE-2021-22016 | Vmware | Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. | 4.3 |
2021-09-23 | CVE-2021-22950 | Concretecms | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" | 4.3 |
2021-09-23 | CVE-2021-1622 | Cisco | Improper Locking vulnerability in Cisco IOS XE A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. | 4.3 |
2021-09-23 | CVE-2021-1625 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. | 4.3 |
2021-09-23 | CVE-2021-34705 | Cisco | Unspecified vulnerability in Cisco IOS A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. | 4.3 |
2021-09-22 | CVE-2021-34648 | Ninjaforms | Missing Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. | 4.3 |
2021-09-22 | CVE-2021-41011 | Linecorp | Unspecified vulnerability in Linecorp Line LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. | 4.3 |
2021-09-22 | CVE-2020-23266 | Gpac | Out-of-bounds Write vulnerability in Gpac 0.8.0 An issue was discovered in gpac 0.8.0. | 4.3 |
2021-09-22 | CVE-2020-23269 | Gpac | Out-of-bounds Write vulnerability in Gpac 0.8.0 An issue was discovered in gpac 0.8.0. | 4.3 |
2021-09-22 | CVE-2020-23273 | Broadcom | Out-of-bounds Write vulnerability in Broadcom Tcpreplay 4.3.2 Heap-buffer overflow in the randomize_iparp function in edit_packet.c. | 4.3 |
2021-09-21 | CVE-2020-19554 | Manageengine | Cross-site Scripting vulnerability in Manageengine Opmanager 12.3 Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. | 4.3 |
2021-09-21 | CVE-2021-40868 | Cloudron | Cross-site Scripting vulnerability in Cloudron 6.2 In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. | 4.3 |
2021-09-21 | CVE-2021-37420 | Zohocorp | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Admanager Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. | 4.3 |
2021-09-21 | CVE-2021-20829 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page. | 4.3 |
2021-09-20 | CVE-2021-34650 | Eideasy | Cross-site Scripting vulnerability in Eideasy EID Easy The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6. | 4.3 |
2021-09-20 | CVE-2020-16630 | TI | Incorrect Authorization vulnerability in TI products TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. | 4.3 |
2021-09-20 | CVE-2021-39325 | Optinmonster | Cross-site Scripting vulnerability in Optinmonster The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0. | 4.3 |
2021-09-20 | CVE-2020-19915 | Wuzhicms | Cross-site Scripting vulnerability in Wuzhicms 4.1.0 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | 4.3 |
2021-09-20 | CVE-2020-20902 | Ffmpeg | Out-of-bounds Read vulnerability in Ffmpeg 4.2.1 A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. | 4.3 |
2021-09-20 | CVE-2021-32275 | Grame | NULL Pointer Dereference vulnerability in Grame Faust An issue was discovered in faust through v2.30.5. | 4.3 |
2021-09-20 | CVE-2021-32276 | Faad2 Project Debian | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in faad2 through 2.10.0. | 4.3 |
2021-09-20 | CVE-2021-32282 | Creolabs | NULL Pointer Dereference vulnerability in Creolabs Gravity An issue was discovered in gravity through 0.8.1. | 4.3 |
2021-09-20 | CVE-2021-32283 | Creolabs | NULL Pointer Dereference vulnerability in Creolabs Gravity An issue was discovered in gravity through 0.8.1. | 4.3 |
2021-09-20 | CVE-2021-32285 | Creolabs | NULL Pointer Dereference vulnerability in Creolabs Gravity An issue was discovered in gravity through 0.8.1. | 4.3 |
2021-09-20 | CVE-2021-32289 | Nokia | NULL Pointer Dereference vulnerability in Nokia Heif An issue was discovered in heif through through v3.6.2. | 4.3 |
2021-09-20 | CVE-2021-39514 | Jpeg | Incorrect Comparison vulnerability in Jpeg Libjpeg An issue was discovered in libjpeg through 2020021. | 4.3 |
2021-09-20 | CVE-2021-39515 | Jpeg | NULL Pointer Dereference vulnerability in Jpeg Libjpeg An issue was discovered in libjpeg through 2020021. | 4.3 |
2021-09-20 | CVE-2021-39516 | Jpeg | NULL Pointer Dereference vulnerability in Jpeg Libjpeg An issue was discovered in libjpeg through 2020021. | 4.3 |
2021-09-20 | CVE-2021-39517 | Jpeg | NULL Pointer Dereference vulnerability in Jpeg Libjpeg An issue was discovered in libjpeg through 2020021. | 4.3 |
2021-09-20 | CVE-2021-39518 | Jpeg | Out-of-bounds Write vulnerability in Jpeg Libjpeg An issue was discovered in libjpeg through 2020021. | 4.3 |
2021-09-20 | CVE-2021-39519 | Jpeg | NULL Pointer Dereference vulnerability in Jpeg Libjpeg An issue was discovered in libjpeg through 2020021. | 4.3 |
2021-09-20 | CVE-2021-39520 | Jpeg | NULL Pointer Dereference vulnerability in Jpeg Libjpeg An issue was discovered in libjpeg through 2020021. | 4.3 |
2021-09-20 | CVE-2021-39521 | GNU | NULL Pointer Dereference vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 4.3 |
2021-09-20 | CVE-2021-39523 | GNU | NULL Pointer Dereference vulnerability in GNU Libredwg An issue was discovered in libredwg through v0.10.1.3751. | 4.3 |
2021-09-20 | CVE-2021-39532 | Juniper | NULL Pointer Dereference vulnerability in Juniper Libslax An issue was discovered in libslax through v0.22.1. | 4.3 |
2021-09-20 | CVE-2021-39535 | Libxsmm Project | NULL Pointer Dereference vulnerability in Libxsmm Project Libxsmm An issue was discovered in libxsmm through v1.16.1-93. | 4.3 |
2021-09-20 | CVE-2021-39538 | Pdftools Project | NULL Pointer Dereference vulnerability in Pdftools Project Pdftools An issue was discovered in pdftools through 20200714. | 4.3 |
2021-09-20 | CVE-2021-39539 | Pdftools Project | NULL Pointer Dereference vulnerability in Pdftools Project Pdftools An issue was discovered in pdftools through 20200714. | 4.3 |
2021-09-20 | CVE-2021-39541 | Pdftools Project | NULL Pointer Dereference vulnerability in Pdftools Project Pdftools An issue was discovered in pdftools through 20200714. | 4.3 |
2021-09-20 | CVE-2021-39542 | Pdftools Project | NULL Pointer Dereference vulnerability in Pdftools Project Pdftools An issue was discovered in pdftools through 20200714. | 4.3 |
2021-09-20 | CVE-2021-39543 | Pdftools Project | NULL Pointer Dereference vulnerability in Pdftools Project Pdftools An issue was discovered in pdftools through 20200714. | 4.3 |
2021-09-20 | CVE-2021-39545 | Sela Project | NULL Pointer Dereference vulnerability in Sela Project Sela An issue was discovered in sela through 20200412. | 4.3 |
2021-09-20 | CVE-2021-39547 | Sela Project | NULL Pointer Dereference vulnerability in Sela Project Sela An issue was discovered in sela through 20200412. | 4.3 |
2021-09-20 | CVE-2021-39548 | Sela Project | NULL Pointer Dereference vulnerability in Sela Project Sela An issue was discovered in sela through 20200412. | 4.3 |
2021-09-20 | CVE-2021-39549 | Sela Project | NULL Pointer Dereference vulnerability in Sela Project Sela An issue was discovered in sela through 20200412. | 4.3 |
2021-09-20 | CVE-2021-39553 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39554 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39555 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39556 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39557 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39559 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39562 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39563 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39575 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39583 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39584 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39585 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39587 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39588 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39589 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39590 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39591 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39592 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39593 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39594 | Swftools | NULL Pointer Dereference vulnerability in Swftools Other An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39596 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39597 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2021-39598 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20200710. | 4.3 |
2021-09-20 | CVE-2020-21913 | Unicode Debian | Use After Free vulnerability in multiple products International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. | 4.3 |
2021-09-20 | CVE-2021-24583 | Motopress | Cross-Site Request Forgery (CSRF) vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. | 4.3 |
2021-09-20 | CVE-2021-24657 | Limit Login Attempts Project | Cross-site Scripting vulnerability in Limit Login Attempts Project Limit Login Attempts The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue. | 4.3 |
2021-09-24 | CVE-2021-40654 | Dlink | Incorrect Authorization vulnerability in Dlink Dir-615 Firmware 17.00 An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. | 4.0 |
2021-09-24 | CVE-2021-22868 | Github | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 4.0 |
2021-09-24 | CVE-2021-36749 | Apache | Incorrect Authorization vulnerability in Apache Druid In the Druid ingestion system, the InputSource is used for reading data from a certain data source. | 4.0 |
2021-09-23 | CVE-2020-4941 | IBM | Information Exposure Through an Error Message vulnerability in IBM Edge Application Manager 4.2 IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. | 4.0 |
2021-09-23 | CVE-2021-20377 | IBM | Information Exposure Through an Error Message vulnerability in IBM Security Guardium 11.3 IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
2021-09-23 | CVE-2021-20485 | IBM | Information Exposure Through an Error Message vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
2021-09-23 | CVE-2021-20563 | IBM | Information Exposure vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. | 4.0 |
2021-09-23 | CVE-2021-21993 | Vmware | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. | 4.0 |
2021-09-23 | CVE-2021-1623 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. | 4.0 |
2021-09-21 | CVE-2021-41087 | IN Toto | Path Traversal vulnerability in In-Toto In-Toto-Golang in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. | 4.0 |
2021-09-20 | CVE-2020-8561 | Kubernetes | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes 1.20.11/1.21.5/1.22.2 A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. | 4.0 |
2021-09-20 | CVE-2021-29811 | IBM | Insufficiently Protected Credentials vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. | 4.0 |
2021-09-20 | CVE-2021-29856 | IBM | Unspecified vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. | 4.0 |
2021-09-20 | CVE-2021-24585 | Motopress | Information Exposure vulnerability in Motopress Timetable and Event Schedule The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. | 4.0 |
61 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2021-09-24 | CVE-2021-39246 | Torproject | Information Exposure Through Log Files vulnerability in Torproject TOR Browser Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. | 3.6 |
2021-09-22 | CVE-2021-31836 | Mcafee | Improper Privilege Management vulnerability in Mcafee Agent 5.0.0/5.6.6/5.7.3 Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. | 3.6 |
2021-09-26 | CVE-2021-3830 | Btcpayserver | Cross-site Scripting vulnerability in Btcpayserver Btcpay Server btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
2021-09-24 | CVE-2021-40310 | Os4Ed | Cross-site Scripting vulnerability in Os4Ed Opensis 8.0 OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. | 3.5 |
2021-09-24 | CVE-2021-40100 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 3.5 |
2021-09-23 | CVE-2020-19949 | Yzmcms | Cross-site Scripting vulnerability in Yzmcms 5.3 A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | 3.5 |
2021-09-23 | CVE-2020-19950 | Yzmcms | Cross-site Scripting vulnerability in Yzmcms 5.3 A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | 3.5 |
2021-09-23 | CVE-2021-29810 | IBM | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-29812 | IBM | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-29813 | IBM | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-29814 | IBM | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-29815 | IBM | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-29832 | IBM | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-29833 | IBM | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-29905 | IBM | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-38870 | IBM | Cross-site Scripting vulnerability in IBM Aspera on Cloud IBM Aspera Cloud is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-38877 | IBM | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-20484 | IBM | Cross-site Scripting vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-29800 | IBM | Cross-site Scripting vulnerability in IBM products IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-23 | CVE-2021-36873 | Webence | Cross-site Scripting vulnerability in Webence IQ Block Country Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). | 3.5 |
2021-09-23 | CVE-2021-36872 | Wordpress Popular Posts Project | Cross-site Scripting vulnerability in Wordpress Popular Posts Project Wordpress Popular Posts Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). | 3.5 |
2021-09-22 | CVE-2020-23481 | Cmsmadesimple | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. | 3.5 |
2021-09-22 | CVE-2021-39404 | Maianaffiliate | Cross-site Scripting vulnerability in Maianaffiliate 1.0 MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database. | 3.5 |
2021-09-21 | CVE-2021-41086 | Jsuites | Cross-site Scripting vulnerability in Jsuites jsuites is an open source collection of common required javascript web components. | 3.5 |
2021-09-21 | CVE-2020-19553 | Wuzhicms | Cross-site Scripting vulnerability in Wuzhicms Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. | 3.5 |
2021-09-20 | CVE-2021-25740 | Kubernetes | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | 3.5 |
2021-09-20 | CVE-2021-29806 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-20 | CVE-2021-29807 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-20 | CVE-2021-29808 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-20 | CVE-2021-29809 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. | 3.5 |
2021-09-20 | CVE-2021-29817 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. | 3.5 |
2021-09-20 | CVE-2021-29818 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. | 3.5 |
2021-09-20 | CVE-2021-29819 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. | 3.5 |
2021-09-20 | CVE-2021-29820 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. | 3.5 |
2021-09-20 | CVE-2021-29821 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Netcool/Omnibus Webgui 8.1.0 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. | 3.5 |
2021-09-20 | CVE-2021-24525 | Getshortcodes | Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. | 3.5 |
2021-09-20 | CVE-2021-24530 | Alojapro | Cross-site Scripting vulnerability in Alojapro Widget The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 3.5 |
2021-09-20 | CVE-2021-24582 | Thinktwit Project | Cross-site Scripting vulnerability in Thinktwit Project Thinktwit The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. | 3.5 |
2021-09-20 | CVE-2021-24587 | Zeesweb | Cross-site Scripting vulnerability in Zeesweb Splash Header The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue. | 3.5 |
2021-09-20 | CVE-2021-24596 | Itservicejung | Cross-site Scripting vulnerability in Itservicejung Youforms-Free-For-Copecart The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 3.5 |
2021-09-20 | CVE-2021-24597 | YOU Shang Project | Cross-site Scripting vulnerability in You-Shang Project You-Shang The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used | 3.5 |
2021-09-20 | CVE-2021-24600 | WP Dialog Project | Cross-site Scripting vulnerability in WP Dialog Project WP Dialog The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
2021-09-20 | CVE-2021-24604 | Offshorewebmaster | Cross-site Scripting vulnerability in Offshorewebmaster Availability Calendar The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 3.5 |
2021-09-20 | CVE-2021-24609 | WP Mapa Politico Espana Project | Cross-site Scripting vulnerability in WP Mapa Politico Espana Project WP Mapa Politico Espana The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 3.5 |
2021-09-20 | CVE-2021-24613 | Dfactory | Cross-site Scripting vulnerability in Dfactory Post Views Counter The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed | 3.5 |
2021-09-20 | CVE-2021-24637 | Fontsplugin | Cross-site Scripting vulnerability in Fontsplugin Fonts The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block. | 3.5 |
2021-09-20 | CVE-2021-24640 | Gutenslider | Cross-site Scripting vulnerability in Gutenslider The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | 3.5 |
2021-09-23 | CVE-2021-34767 | Cisco | Always-Incorrect Control Flow Implementation vulnerability in Cisco IOS XE A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. | 3.3 |
2021-09-22 | CVE-2021-37860 | Mattermost | Cross-site Scripting vulnerability in Mattermost Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. | 2.6 |
2021-09-23 | CVE-2021-29904 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. | 2.1 |
2021-09-23 | CVE-2020-4803 | IBM | Insecure Storage of Sensitive Information vulnerability in IBM Edge Application Manager 4.2 IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |
2021-09-23 | CVE-2020-4805 | IBM | Insecure Storage of Sensitive Information vulnerability in IBM Edge Application Manager 4.2 IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |
2021-09-23 | CVE-2020-4809 | IBM | Insecure Storage of Sensitive Information vulnerability in IBM Edge Application Manager 4.2 IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |
2021-09-23 | CVE-2021-20434 | IBM | Insufficiently Protected Credentials vulnerability in IBM Security Verify Bridge IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. | 2.1 |
2021-09-23 | CVE-2021-20435 | IBM | Improper Certificate Validation vulnerability in IBM Security Verify Bridge IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. | 2.1 |
2021-09-23 | CVE-2021-38863 | IBM | Insufficiently Protected Credentials vulnerability in IBM Security Verify Bridge IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. | 2.1 |
2021-09-23 | CVE-2021-22020 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in the Analytics service. | 2.1 |
2021-09-23 | CVE-2021-22007 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a local information disclosure vulnerability in the Analytics service. | 2.1 |
2021-09-23 | CVE-2021-1546 | Cisco | Information Exposure Through an Error Message vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. | 2.1 |
2021-09-21 | CVE-2021-41525 | Flexera | Unspecified vulnerability in Flexera Flexnet Inventory Agent and Beacon An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. | 2.1 |
2021-09-20 | CVE-2021-38899 | IBM | Information Exposure vulnerability in IBM Cloud PAK for Data 2.5 IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. | 2.1 |