Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1167 | 1 Cisco | 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more | 2021-10-05 | 7.1 HIGH | N/A |
| Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558. | |||||
| CVE-2013-1166 | 1 Cisco | 8 Asr 1001, Asr 1002, Asr 1002-x and 5 more | 2021-10-05 | 7.8 HIGH | N/A |
| Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609. | |||||
| CVE-2013-1165 | 1 Cisco | 8 Asr 1001, Asr 1002, Asr 1002-x and 5 more | 2021-10-05 | 7.8 HIGH | N/A |
| Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. | |||||
| CVE-2013-1164 | 1 Cisco | 7 Asr 1001, Asr 1002, Asr 1002-x and 4 more | 2021-10-05 | 7.8 HIGH | N/A |
| Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563. | |||||
| CVE-2019-16651 | 1 Virginmedia | 2 Super Hub 3, Super Hub 3 Firmware | 2021-10-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them). | |||||
| CVE-2021-36878 | 1 Stylemixthemes | 1 Ulisting | 2021-10-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. | |||||
| CVE-2021-24569 | 1 Hu-manity | 1 Cookie Notice \& Compliance For Gdpr \/ Ccpa | 2021-10-04 | 3.5 LOW | 4.8 MEDIUM |
| The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24610 | 1 Cozmoslabs | 1 Translatepress | 2021-10-04 | 3.5 LOW | 4.8 MEDIUM |
| The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. | |||||
| CVE-2021-24632 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24634 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2021-24643 | 1 Wp Map Block Project | 1 Wp Map Block | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-39823 | 2 Adobe, Linux | 2 Svg-native-viewer, Linux Kernel | 2021-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-36134 | 2 Microsoft, Netop | 2 Windows, Vision Pro | 2021-10-04 | 3.3 LOW | 6.5 MEDIUM |
| Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS). | |||||
| CVE-2021-39229 | 1 Nuxref | 1 Apprise | 2021-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack on an inefficient regular expression. The vulnerable regular expression is [here](https://github.com/caronc/apprise/blob/0007eade20934ddef0aba38b8f1aad980cfff253/apprise/plugins/NotifyIFTTT.py#L356-L359). The problem has been patched in release version 0.9.5.1. Users who are unable to upgrade are advised to remove `apprise/plugins/NotifyIFTTT.py` to eliminate the service. | |||||
| CVE-2021-38406 | 1 Deltaww | 1 Dopsoft | 2021-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-38404 | 1 Deltaww | 1 Dopsoft | 2021-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-38402 | 1 Deltaww | 1 Dopsoft | 2021-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-23054 | 1 F5 | 1 Big-ip Access Policy Manager | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-41082 | 1 Discourse | 1 Discourse | 2021-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch. | |||||
| CVE-2021-34352 | 1 Qnap | 1 Qvr | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later | |||||