IDCVSSSummaryLast (major) updatePublished
CVE-2021-23448 None
All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.
11-10-2021 - 21:15 11-10-2021 - 21:15
CVE-2021-42257 None
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
11-10-2021 - 20:15 11-10-2021 - 20:15
CVE-2021-42260 None
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
11-10-2021 - 20:15 11-10-2021 - 20:15
CVE-2020-27372 None
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
11-10-2021 - 19:15 11-10-2021 - 19:15
CVE-2021-25738 None
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.
11-10-2021 - 19:15 11-10-2021 - 19:15
CVE-2021-40188 None
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code
11-10-2021 - 19:15 11-10-2021 - 19:15
CVE-2021-40189 None
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.
11-10-2021 - 19:15 11-10-2021 - 19:15
CVE-2021-40239 None
A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c
11-10-2021 - 19:15 11-10-2021 - 19:15
CVE-2021-40617 None
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
11-10-2021 - 19:15 11-10-2021 - 19:15
CVE-2021-42252 None
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute pr
11-10-2021 - 19:15 11-10-2021 - 19:15
CVE-2021-20121 None
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a
11-10-2021 - 17:15 11-10-2021 - 17:15
CVE-2021-20122 None
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with
11-10-2021 - 17:15 11-10-2021 - 17:15
CVE-2021-22263 None
An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Main
11-10-2021 - 17:15 11-10-2021 - 17:15
CVE-2021-25633 None
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulner
11-10-2021 - 17:15 11-10-2021 - 17:15
CVE-2021-26588 None
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. T
11-10-2021 - 17:15 11-10-2021 - 17:15
CVE-2021-27002 None
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.
11-10-2021 - 17:15 11-10-2021 - 17:15
CVE-2021-32028 None
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confid
11-10-2021 - 17:15 11-10-2021 - 17:15
CVE-2021-41117 None
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was gene
11-10-2021 - 17:15 11-10-2021 - 17:15
CVE-2021-33903 None
In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig
11-10-2021 - 17:15 07-10-2021 - 15:15
CVE-2021-36160 5.0
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
11-10-2021 - 17:15 16-09-2021 - 15:15
CVE-2021-40085 4.0
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
11-10-2021 - 17:15 31-08-2021 - 18:15
CVE-2021-0583 None
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is ne
11-10-2021 - 16:15 11-10-2021 - 16:15
CVE-2021-27664 None
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
11-10-2021 - 16:15 11-10-2021 - 16:15
CVE-2021-27665 None
An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.
11-10-2021 - 16:15 11-10-2021 - 16:15
CVE-2021-37123 None
There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could
11-10-2021 - 16:15 11-10-2021 - 16:15
CVE-2021-39317 None
Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback functi
11-10-2021 - 16:15 11-10-2021 - 16:15
CVE-2021-40870 7.5
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
11-10-2021 - 16:15 13-09-2021 - 08:15
CVE-2021-42013 None
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these dire
11-10-2021 - 15:15 07-10-2021 - 16:15
CVE-2021-41773 None
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directorie
11-10-2021 - 15:15 05-10-2021 - 09:15
CVE-2021-40191 None
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/
11-10-2021 - 14:15 11-10-2021 - 14:15
CVE-2021-40541 None
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.
11-10-2021 - 14:15 11-10-2021 - 14:15
CVE-2021-29005 None
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
11-10-2021 - 13:15 11-10-2021 - 13:15
CVE-2021-29006 None
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.
11-10-2021 - 13:15 11-10-2021 - 13:15
CVE-2021-40542 None
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
11-10-2021 - 13:15 11-10-2021 - 13:15
CVE-2021-40543 None
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.
11-10-2021 - 13:15 11-10-2021 - 13:15
CVE-2021-29004 None
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the
11-10-2021 - 12:15 11-10-2021 - 12:15
CVE-2021-41830 None
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the L
11-10-2021 - 12:15 11-10-2021 - 08:15
CVE-2021-41831 None
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.
11-10-2021 - 12:15 11-10-2021 - 08:15
CVE-2021-41832 None
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advi
11-10-2021 - 12:15 11-10-2021 - 08:15
CVE-2021-24545 None
The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a resu
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24546 None
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24563 None
The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone a
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24576 None
The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion.
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24577 None
The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24651 None
The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such a
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24656 None
The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts (depending on the settings used), allowing high privilege users to perform Cross-Site Scr
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24681 None
The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24683 None
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24690 None
The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings.
11-10-2021 - 11:15 11-10-2021 - 11:15
CVE-2021-24691 None
The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capabi
11-10-2021 - 11:15 11-10-2021 - 11:15
Back to Top Mark selected
Back to Top