Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41028 | 1 Fortinet | 2 Forticlient, Forticlient Endpoint Management Server | 2022-01-04 | 5.4 MEDIUM | 7.5 HIGH |
| A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol. | |||||
| CVE-2021-36884 | 1 Backupbliss | 1 Backup Migration | 2022-01-04 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions. | |||||
| CVE-2020-35872 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type. | |||||
| CVE-2020-35870 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free. | |||||
| CVE-2020-35868 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification. | |||||
| CVE-2020-35867 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module. | |||||
| CVE-2020-35866 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor. | |||||
| CVE-2017-13835 | 1 Apple | 1 Mac Os X | 2022-01-04 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges. | |||||
| CVE-2021-23814 | 1 Unisharp | 1 Laravel-filemanager | 2022-01-04 | 6.5 MEDIUM | 8.8 HIGH |
| This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories). | |||||
| CVE-2021-45531 | 1 Netgear | 2 D6220, D6220 Firmware | 2022-01-04 | 6.5 MEDIUM | 8.8 HIGH |
| NETGEAR D6220 devices before 1.0.0.76 are affected by command injection by an authenticated user. | |||||
| CVE-2021-45532 | 1 Netgear | 2 R8000, R8000 Firmware | 2022-01-04 | 4.6 MEDIUM | 7.8 HIGH |
| NETGEAR R8000 devices before 1.0.4.76 are affected by command injection by an authenticated user. | |||||
| CVE-2021-42808 | 2 Microsoft, Thalesgroup | 2 Windows, Sentinel Protection Installer | 2022-01-04 | 7.2 HIGH | 6.7 MEDIUM |
| Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. | |||||
| CVE-2021-42809 | 2 Microsoft, Thalesgroup | 2 Windows, Sentinel Protection Installer | 2022-01-04 | 6.9 MEDIUM | 7.8 HIGH |
| Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. | |||||
| CVE-2021-45817 | 2022-01-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11689. Reason: This candidate is a duplicate of CVE-2018-11689. Notes: All CVE users should reference CVE-2018-11689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-40612 | 1 Opmantek | 1 Open-audit | 2022-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes. | |||||
| CVE-2021-45418 | 1 Starcharge | 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more | 2022-01-03 | 6.5 MEDIUM | 8.8 HIGH |
| Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0. | |||||
| CVE-2021-45419 | 1 Starcharge | 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more | 2022-01-03 | 6.5 MEDIUM | 8.8 HIGH |
| Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9. | |||||
| CVE-2021-45519 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2022-01-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. | |||||
| CVE-2021-45518 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2022-01-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. | |||||
| CVE-2021-45517 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2022-01-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. | |||||