Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41867 | 1 Onionshare | 1 Onionshare | 2021-10-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature. | |||||
| CVE-2021-41868 | 1 Onionshare | 1 Onionshare | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. | |||||
| CVE-2021-39872 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. | |||||
| CVE-2013-3630 | 1 Moodle | 1 Moodle | 2021-10-12 | 4.6 MEDIUM | N/A |
| Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor. | |||||
| CVE-2021-39894 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. | |||||
| CVE-2021-41797 | 2021-10-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | |||||
| CVE-2021-41796 | 2021-10-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | |||||
| CVE-2021-41071 | 2021-10-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. | |||||
| CVE-2021-41070 | 2021-10-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | |||||
| CVE-2021-39878 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 3.5 LOW | 5.4 MEDIUM |
| A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code. | |||||
| CVE-2021-39486 | 1 Gilacms | 1 Gila Cms | 2021-10-12 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser. | |||||
| CVE-2021-39879 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 4.0 MEDIUM | 3.5 LOW |
| Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication | |||||
| CVE-2021-39877 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. | |||||
| CVE-2021-36845 | 1 Yithemes | 1 Yith Maintenance Mode | 2021-10-12 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin. | |||||
| CVE-2021-23445 | 1 Datatables | 1 Datatables.net | 2021-10-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. | |||||
| CVE-2021-40329 | 1 Pingidentity | 1 Pingfederate | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. | |||||
| CVE-2021-41821 | 1 Wazuh | 1 Wazuh | 2021-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager. | |||||
| CVE-2021-39874 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. | |||||
| CVE-2021-35504 | 1 Afian | 1 Filerun | 2021-10-12 | 6.5 MEDIUM | 7.2 HIGH |
| Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | |||||
| CVE-2021-35505 | 1 Afian | 1 Filerun | 2021-10-12 | 6.5 MEDIUM | 7.2 HIGH |
| Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | |||||