Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13448 | 1 Quickbox | 1 Quickbox | 2021-12-13 | 9.0 HIGH | 8.8 HIGH |
| QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. | |||||
| CVE-2021-4082 | 1 Pimcore | 1 Pimcore | 2021-12-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-42759 | 1 Fortinet | 2 Meru, Meru Firmware | 2021-12-13 | 7.2 HIGH | 6.7 MEDIUM |
| A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | |||||
| CVE-2021-36720 | 1 Pineapp | 1 Mail Secure | 2021-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies . | |||||
| CVE-2021-36719 | 1 Cybonet | 1 Mail Secure | 2021-12-13 | 9.0 HIGH | 8.8 HIGH |
| PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code. | |||||
| CVE-2020-19682 | 1 Zzzcms | 1 Zzzcms | 2021-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | |||||
| CVE-2020-19683 | 1 Zzzcms | 1 Zzzcms | 2021-12-13 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. | |||||
| CVE-2021-4084 | 1 Pimcore | 1 Pimcore | 2021-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-36718 | 1 Synel | 2 Eharmonynew, Synel Reports | 2021-12-13 | 6.8 MEDIUM | 6.5 MEDIUM |
| SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc') The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions. | |||||
| CVE-2021-44557 | 1 Kb | 1 Multiner | 2021-12-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. | |||||
| CVE-2021-44556 | 1 Kb | 1 Digger | 2021-12-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. | |||||
| CVE-2020-13787 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | |||||
| CVE-2020-13784 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | |||||
| CVE-2020-13783 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | |||||
| CVE-2020-13693 | 1 Bbpress | 1 Bbpress | 2021-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. | |||||
| CVE-2021-43811 | 1 Amazon | 1 Sockeye | 2021-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24. | |||||
| CVE-2020-3956 | 2 Linux, Vmware | 3 Linux Kernel, Photon Os, Vcloud Director | 2021-12-13 | 6.5 MEDIUM | 8.8 HIGH |
| VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access. | |||||
| CVE-2007-5277 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. | |||||
| CVE-2007-5158 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 4.3 MEDIUM | N/A |
| The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. | |||||
| CVE-2006-7066 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2021-12-13 | 7.1 HIGH | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. | |||||