Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1534 | 1 Cisco | 8 Asyncos, Email Security Appliance C170, Email Security Appliance C190 and 5 more | 2021-10-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device. | |||||
| CVE-2020-21648 | 1 Wdja | 1 Wdja Cms | 2021-10-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php. | |||||
| CVE-2021-38923 | 1 Ibm | 2 Powervm Hypervisor, Powervm Hypervisor Firmware | 2021-10-14 | 6.5 MEDIUM | 9.1 CRITICAL |
| IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162. | |||||
| CVE-2021-25499 | 1 Samsung | 1 Galaxy Store | 2021-10-14 | 2.1 LOW | 5.5 MEDIUM |
| Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. | |||||
| CVE-2020-21865 | 1 Thinkphp50-cms Project | 1 Thinkphp50-cms | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha. | |||||
| CVE-2021-42093 | 1 Zammad | 1 Zammad | 2021-10-14 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers. | |||||
| CVE-2021-33602 | 1 F-secure | 4 Atlant, Cloud Protection, Internet Gatekeeper and 1 more | 2021-10-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | |||||
| CVE-2021-25471 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion. | |||||
| CVE-2020-21493 | 1 Xiuno | 1 Xiunobbs | 2021-10-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. | |||||
| CVE-2021-25486 | 1 Google | 1 Android | 2021-10-13 | 2.1 LOW | 3.3 LOW |
| Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log. | |||||
| CVE-2020-21431 | 1 Hongcms Project | 1 Hongcms | 2021-10-13 | 5.5 MEDIUM | 6.5 MEDIUM |
| HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. | |||||
| CVE-2021-39873 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response. | |||||
| CVE-2021-39871 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. | |||||
| CVE-2021-41867 | 1 Onionshare | 1 Onionshare | 2021-10-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature. | |||||
| CVE-2021-41868 | 1 Onionshare | 1 Onionshare | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. | |||||
| CVE-2021-40329 | 1 Pingidentity | 1 Pingfederate | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. | |||||
| CVE-2021-39874 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. | |||||
| CVE-2021-39896 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 5.5 MEDIUM | 3.8 LOW |
| In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues. | |||||
| CVE-2021-22257 | 1 Gitlab | 1 Gitlab | 2021-10-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances. | |||||
| CVE-2021-22258 | 1 Gitlab | 1 Gitlab | 2021-10-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses | |||||