Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41463 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter. | |||||
| CVE-2020-20664 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2021-10-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| libiec_iccp_mod v1.5 contains a segmentation violation in the component server_example1.c. | |||||
| CVE-2021-41467 | 1 Justwriting Project | 1 Justwriting | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. | |||||
| CVE-2021-41465 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | |||||
| CVE-2020-20663 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2021-10-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c. | |||||
| CVE-2020-20662 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2021-10-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c. | |||||
| CVE-2021-40825 | 1 Acuitybrands | 2 Nlight Eclypse System Controller, Nlight Eclypse System Controller Firmware | 2021-10-04 | 5.0 MEDIUM | 8.6 HIGH |
| nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM configuration and monitoring software and nECY to nECY communications. Impacted devices are at risk of exploitation. A remote attacker with IP access to an impacted device could submit lighting control commands to the nECY by leveraging the default key. A successful attack may result in the attacker gaining the ability to modify lighting conditions or gain the ability to update the software on lighting devices. The impacted key is referred to as the SensorView Password in the nECY nLight Explorer Interface and the Gateway Password in the SensorView application. An attacker cannot authenticate to or modify the configuration or software of the nECY system controller. | |||||
| CVE-2021-40697 | 1 Adobe | 1 Framemaker | 2021-10-04 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40708 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2021-10-04 | 6.0 MEDIUM | 7.3 HIGH |
| Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this vulnerability. | |||||
| CVE-2021-34354 | 1 Qnap | 2 Nas, Photo Station | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
| CVE-2020-20796 | 1 Flamecms Project | 1 Flamecms | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter. | |||||
| CVE-2020-20797 | 1 Flamecms Project | 1 Flamecms | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php. | |||||
| CVE-2021-34356 | 1 Qnap | 2 Nas, Photo Station | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
| CVE-2021-38675 | 1 Qnap | 2 Image2pdf, Nas | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later | |||||
| CVE-2021-34355 | 1 Qnap | 2 Nas, Photo Station | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
| CVE-2020-20799 | 1 Jeecms | 1 Jeecms | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter. | |||||
| CVE-2021-39862 | 1 Adobe | 1 Framemaker | 2021-10-04 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36366 | 1 Nagios | 1 Nagios Xi | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. | |||||
| CVE-2021-36364 | 1 Nagios | 1 Nagios Xi | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. | |||||
| CVE-2021-36283 | 1 Dell | 170 Chengming 3990, Chengming 3990 Firmware, Chengming 3991 and 167 more | 2021-10-04 | 7.2 HIGH | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||