Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39057 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-12-15 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. | |||||
| CVE-2020-4496 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-12-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046. | |||||
| CVE-2021-24872 | 1 Get Custom Field Values Project | 1 Get Custom Field Values | 2021-12-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata. | |||||
| CVE-2021-24932 | 1 Cm-wp | 1 Auto Featured Image | 2021-12-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue. | |||||
| CVE-2021-24896 | 1 Calderaforms | 1 Caldera Forms | 2021-12-15 | 3.5 LOW | 4.8 MEDIUM |
| The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2014-7959 | 1 Ait-pro | 1 Bulletproof Security | 2021-12-15 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter. | |||||
| CVE-2021-39933 | 1 Gitlab | 1 Gitlab | 2021-12-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. | |||||
| CVE-2021-44949 | 1 Glfusion | 1 Glfusion | 2021-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. | |||||
| CVE-2021-4107 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2021-12-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-44935 | 1 Glfusion | 1 Glfusion | 2021-12-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction. | |||||
| CVE-2021-44942 | 1 Glfusion | 1 Glfusion | 2021-12-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist. | |||||
| CVE-2021-39936 | 1 Gitlab | 1 Gitlab | 2021-12-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki. | |||||
| CVE-2018-11069 | 1 Dell | 1 Bsafe Ssl-j | 2021-12-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. | |||||
| CVE-2020-12890 | 1 Amd | 1 Amd Generic Encapsulated Software Architecture | 2021-12-15 | 7.2 HIGH | 6.7 MEDIUM |
| Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. | |||||
| CVE-2021-26340 | 1 Amd | 210 Epyc 7001, Epyc 7001 Firmware, Epyc 7232p and 207 more | 2021-12-15 | 3.6 LOW | 8.4 HIGH |
| A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | |||||
| CVE-2021-24925 | 1 Webnus | 1 Modern Events Calendar Lite | 2021-12-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24922 | 1 Fatcatapps | 1 Pixel Cat | 2021-12-15 | 6.0 MEDIUM | 9.0 CRITICAL |
| The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks | |||||
| CVE-2018-11068 | 1 Dell | 1 Bsafe Ssl-j | 2021-12-15 | 2.1 LOW | 4.6 MEDIUM |
| RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. | |||||
| CVE-2021-39937 | 1 Gitlab | 1 Gitlab | 2021-12-15 | 6.5 MEDIUM | 8.8 HIGH |
| A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances | |||||
| CVE-2021-39938 | 1 Gitlab | 1 Gitlab | 2021-12-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands | |||||