Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42076 | 1 Barrier Project | 1 Barrier | 2021-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages. | |||||
| CVE-2021-42074 | 1 Barrier Project | 1 Barrier | 2021-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session. | |||||
| CVE-2021-42073 | 1 Barrier Project | 1 Barrier | 2021-11-09 | 5.8 MEDIUM | 8.2 HIGH |
| An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server. | |||||
| CVE-2021-34685 | 1 Hitachi | 1 Vantara Pentaho | 2021-11-09 | 6.5 MEDIUM | 7.2 HIGH |
| UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution). | |||||
| CVE-2021-34684 | 1 Hitachi | 1 Vantara Pentaho | 2021-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. | |||||
| CVE-2021-31600 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2021-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames. | |||||
| CVE-2019-0015 | 1 Juniper | 22 Junos, Srx100, Srx110 and 19 more | 2021-11-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. | |||||
| CVE-2021-31599 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2021-11-09 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code. | |||||
| CVE-2019-0005 | 1 Juniper | 14 Ex2300, Ex2300-c, Ex3400 and 11 more | 2021-11-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2. | |||||
| CVE-2021-43413 | 1 Gnu | 1 Hurd | 2021-11-09 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access. | |||||
| CVE-2021-43412 | 1 Gnu | 1 Hurd | 2021-11-09 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. | |||||
| CVE-2021-24816 | 1 Phoenix Media Rename Project | 1 Phoenix Media Rename | 2021-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. | |||||
| CVE-2015-1239 | 3 Debian, Google, Uclouvain | 4 Debian Linux, Chrome, Pdfium and 1 more | 2021-11-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. | |||||
| CVE-2015-5013 | 1 Ibm | 6 Security Access Manager 9.0, Security Access Manager 9.0 Firmware, Security Access Manager For Mobile and 3 more | 2021-11-09 | 2.1 LOW | 5.5 MEDIUM |
| The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. | |||||
| CVE-2017-7852 | 2 D-link, Dlink | 52 Dcs-2132l, Dcs-2132l Firmware, Dcs-2136l and 49 more | 2021-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to *, thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. | |||||
| CVE-2021-24807 | 1 Schiocco | 1 Support Board | 2021-11-09 | 3.5 LOW | 5.4 MEDIUM |
| The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed. | |||||
| CVE-2021-24806 | 1 Gvectors | 1 Wpdiscuz | 2021-11-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment. | |||||
| CVE-2020-4153 | 1 Ibm | 1 Qradar Network Security | 2021-11-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269. | |||||
| CVE-2020-4152 | 1 Ibm | 1 Qradar Network Security | 2021-11-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467. | |||||
| CVE-2021-41733 | 1 Oppia | 1 Oppia | 2021-11-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. | |||||