Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4094 | 1 Thycotic | 1 Secret Server | 2021-11-09 | 5.8 MEDIUM | N/A |
| The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-8756 | 1 Panasonic | 2 Network Camera Recorder, Network Camera Recorder Firmware | 2021-11-09 | 6.8 MEDIUM | N/A |
| The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address. | |||||
| CVE-2021-39182 | 1 Enrocrypt Project | 1 Enrocrypt | 2021-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`. | |||||
| CVE-2012-6555 | 1 Vanillaforums | 1 Latestcomment | 2021-11-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title. | |||||
| CVE-2021-24809 | 1 Wordplus | 1 Better Messages | 2021-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions | |||||
| CVE-2021-24808 | 1 Wordplus | 1 Better Messages | 2021-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-21691 | 1 Jenkins | 1 Jenkins | 2021-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2021-21692 | 1 Jenkins | 1 Jenkins | 2021-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. | |||||
| CVE-2021-43265 | 1 Mahara | 1 Mahara | 2021-11-09 | 3.5 LOW | 5.4 MEDIUM |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element. | |||||
| CVE-2021-43264 | 1 Mahara | 1 Mahara | 2021-11-09 | 2.1 LOW | 3.3 LOW |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character. | |||||
| CVE-2021-42077 | 1 Kaysongroup | 1 Php Event Calendar | 2021-11-09 | 10.0 HIGH | 9.8 CRITICAL |
| PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form. | |||||
| CVE-2021-21694 | 1 Jenkins | 1 Jenkins | 2021-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2021-43406 | 1 Fusionpbx | 1 Fusionpbx | 2021-11-09 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). | |||||
| CVE-2021-43405 | 1 Fusionpbx | 1 Fusionpbx | 2021-11-09 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). | |||||
| CVE-2021-43404 | 1 Fusionpbx | 1 Fusionpbx | 2021-11-09 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. | |||||
| CVE-2021-43414 | 1 Gnu | 1 Hurd | 2021-11-09 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. | |||||
| CVE-2021-41218 | 1 Google | 1 Tensorflow | 2021-11-09 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41209 | 1 Google | 1 Tensorflow | 2021-11-09 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41208 | 1 Google | 1 Tensorflow | 2021-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. We will deprecate TensorFlow's boosted trees APIs in subsequent releases. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41207 | 1 Google | 1 Tensorflow | 2021-11-09 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||