Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3581 | 1 Zephyrproject | 1 Zephyr | 2021-10-14 | 5.8 MEDIUM | 8.8 HIGH |
| Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5 | |||||
| CVE-2021-42092 | 1 Zammad | 1 Zammad | 2021-10-14 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. | |||||
| CVE-2021-33602 | 1 F-secure | 4 Atlant, Cloud Protection, Internet Gatekeeper and 1 more | 2021-10-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | |||||
| CVE-2021-34740 | 1 Cisco | 71 6300 Series Access Points, Aironet 1540, Aironet 1542d and 68 more | 2021-10-14 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device. | |||||
| CVE-2021-36170 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-10-14 | 2.1 LOW | 3.2 LOW |
| An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext. | |||||
| CVE-2021-42084 | 1 Zammad | 1 Zammad | 2021-10-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service. | |||||
| CVE-2021-41124 | 1 Zyte | 1 Scrapy-splash | 2021-10-14 | 4.3 MEDIUM | 7.5 HIGH |
| Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth) (i.e. the `http_user` and `http_pass` spider attributes) for Splash authentication will have any non-Splash request expose your credentials to the request target. This includes `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`. Upgrade to scrapy-splash 0.8.0 and use the new `SPLASH_USER` and `SPLASH_PASS` settings instead to set your Splash authentication credentials safely. If you cannot upgrade, set your Splash request credentials on a per-request basis, [using the `splash_headers` request parameter](https://github.com/scrapy-plugins/scrapy-splash/tree/0.8.x#http-basic-auth), instead of defining them globally using the [`HttpAuthMiddleware`](http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth). Alternatively, make sure all your requests go through Splash. That includes disabling the [robots.txt middleware](https://docs.scrapy.org/en/latest/topics/downloader-middleware.html#topics-dlmw-robots). | |||||
| CVE-2021-42091 | 1 Zammad | 1 Zammad | 2021-10-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. | |||||
| CVE-2021-3510 | 1 Zephyrproject | 1 Zephyr | 2021-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 | |||||
| CVE-2021-42090 | 1 Zammad | 1 Zammad | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled. | |||||
| CVE-2020-21505 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2021-10-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. | |||||
| CVE-2021-42089 | 1 Zammad | 1 Zammad | 2021-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. | |||||
| CVE-2020-21506 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2021-10-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. | |||||
| CVE-2020-21503 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2021-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. | |||||
| CVE-2020-21504 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2021-10-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login. | |||||
| CVE-2021-42088 | 1 Zammad | 1 Zammad | 2021-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. | |||||
| CVE-2021-42085 | 1 Zammad | 1 Zammad | 2021-10-13 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar. | |||||
| CVE-2021-31986 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2021-10-13 | 4.0 MEDIUM | 6.8 MEDIUM |
| User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | |||||
| CVE-2020-21495 | 1 Xiuno | 1 Xiunobbs | 2021-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. | |||||
| CVE-2020-21494 | 1 Xiuno | 1 Xiunobbs | 2021-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. | |||||