Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21687 | 1 Jenkins | 1 Jenkins | 2021-11-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. | |||||
| CVE-2021-25874 | 1 Youphptube | 1 Youphptube | 2021-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. | |||||
| CVE-2021-25875 | 1 Youphptube | 1 Youphptube | 2021-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | |||||
| CVE-2021-25876 | 1 Youphptube | 1 Youphptube | 2021-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | |||||
| CVE-2021-39897 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred | |||||
| CVE-2021-39905 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with | |||||
| CVE-2021-25878 | 1 Youphptube | 1 Youphptube | 2021-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | |||||
| CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2021-11-08 | 5.0 MEDIUM | N/A |
| The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2021-11-08 | 5.0 MEDIUM | N/A |
| OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||||
| CVE-2004-0112 | 23 4d, Apple, Avaya and 20 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2021-11-08 | 5.0 MEDIUM | N/A |
| The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | |||||
| CVE-2001-1105 | 2 Cisco, Dell | 2 Icdn, Bsafe Ssl-j | 2021-11-08 | 7.5 HIGH | N/A |
| RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. | |||||
| CVE-2021-42568 | 1 Sonatype | 1 Nexus Repository Manager | 2021-11-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. | |||||
| CVE-2021-36925 | 1 Realtek | 1 Rtsupx Usb Utility Driver | 2021-11-08 | 7.2 HIGH | 7.8 HIGH |
| RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | |||||
| CVE-2021-42763 | 1 Couchbase | 1 Couchbase Server | 2021-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request. | |||||
| CVE-2021-37842 | 1 Couchbase | 1 Couchbase Server | 2021-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it. | |||||
| CVE-2021-21686 | 1 Jenkins | 1 Jenkins | 2021-11-08 | 5.8 MEDIUM | 8.1 HIGH |
| File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. | |||||
| CVE-2021-21685 | 1 Jenkins | 1 Jenkins | 2021-11-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. | |||||
| CVE-2021-34597 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2021-11-08 | 6.8 MEDIUM | 7.8 HIGH |
| Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. | |||||
| CVE-2021-42624 | 1 Miniftpd Project | 1 Miniftpd | 2021-11-08 | 4.6 MEDIUM | 7.8 HIGH |
| A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function. | |||||
| CVE-2020-25368 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2021-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. | |||||