Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41297 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 4.0 MEDIUM | 8.8 HIGH |
| ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. | |||||
| CVE-2021-41106 | 1 Jwt Project | 1 Jwt | 2021-10-07 | 2.1 LOW | 3.3 LOW |
| JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms (HS256, HS384, and HS512) combined with `Lcobucci\JWT\Signer\Key\LocalFileReference` as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users can issue and validate tokens, users are lead to believe that everything works properly. Versions 3.4.6, 4.0.4, and 4.1.5 have been patched to always load the file contents, deprecated the `Lcobucci\JWT\Signer\Key\LocalFileReference`, and suggest `Lcobucci\JWT\Signer\Key\InMemory` as the alternative. As a workaround, use `Lcobucci\JWT\Signer\Key\InMemory` instead of `Lcobucci\JWT\Signer\Key\LocalFileReference` to create the instances of one's keys. | |||||
| CVE-2021-33923 | 1 Confluent | 1 Cp-ansible | 2021-10-07 | 2.1 LOW | 5.5 MEDIUM |
| Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). | |||||
| CVE-2020-21386 | 1 Maccms | 1 Maccms | 2021-10-07 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | |||||
| CVE-2021-33924 | 1 Confluent | 1 Ansible | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. | |||||
| CVE-2021-40651 | 1 Os4ed | 1 Opensis | 2021-10-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file. | |||||
| CVE-2021-34414 | 1 Zoom | 4 Meeting Connector, Recording Connector, Virtual Room Connector and 1 more | 2021-10-07 | 6.5 MEDIUM | 7.2 HIGH |
| The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator. | |||||
| CVE-2020-21434 | 1 Maccms | 1 Maccms | 2021-10-07 | 3.5 LOW | 5.4 MEDIUM |
| Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. | |||||
| CVE-2020-21387 | 1 Maccms | 1 Maccms | 2021-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | |||||
| CVE-2021-38098 | 1 Corel | 1 Pdf Fusion | 2021-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | |||||
| CVE-2021-38100 | 1 Corel | 1 Photopaint 2020 | 2021-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. | |||||
| CVE-2021-38102 | 1 Corel | 1 Presentations 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38105. | |||||
| CVE-2021-38101 | 1 Corel | 1 Photopaint 2020 | 2021-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38099. | |||||
| CVE-2021-38105 | 1 Corel | 1 Presentations 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. This is different from CVE-2021-38102. | |||||
| CVE-2021-38110 | 1 Corel | 1 Wordperfect 2020 | 2021-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. | |||||
| CVE-2021-38106 | 1 Corel | 1 Presentations 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | |||||
| CVE-2021-41299 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 10.0 HIGH | 9.8 CRITICAL |
| ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. | |||||
| CVE-2021-38108 | 1 Corel | 1 Wordperfect 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. | |||||
| CVE-2021-38107 | 1 Corel | 1 Coreldraw 2020 | 2021-10-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. | |||||
| CVE-2021-34416 | 1 Zoom | 4 Meeting Connector, Recording Connector, Virtual Room Connector and 1 more | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. | |||||