Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37271 | 1 Baidu | 1 Ueditor | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-37267 | 1 Kindsoft | 1 Kindeditor | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-30086 | 1 Kindsoft | 1 Kindeditor | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2020-26301 | 2 Microsoft, Ssh2 Project | 2 Windows, Ssh2 | 2021-10-01 | 7.5 HIGH | 10.0 CRITICAL |
| ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0. | |||||
| CVE-2021-41540 | 1 Siemens | 1 Solid Edge | 2021-10-01 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776). | |||||
| CVE-2021-41539 | 1 Siemens | 1 Solid Edge | 2021-10-01 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13773). | |||||
| CVE-2021-41537 | 1 Siemens | 1 Solid Edge | 2021-10-01 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789). | |||||
| CVE-2021-41536 | 1 Siemens | 1 Solid Edge | 2021-10-01 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778). | |||||
| CVE-2020-20514 | 1 Maccms | 1 Maccms | 2021-10-01 | 4.9 MEDIUM | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. | |||||
| CVE-2020-20696 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. | |||||
| CVE-2020-20693 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. | |||||
| CVE-2020-20695 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | |||||
| CVE-2020-20692 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 6.5 MEDIUM | 7.2 HIGH |
| GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. | |||||
| CVE-2021-37761 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution. | |||||
| CVE-2021-40713 | 1 Adobe | 1 Experience Manager | 2021-10-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information. | |||||
| CVE-2021-40712 | 1 Adobe | 1 Experience Manager | 2021-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service. | |||||
| CVE-2021-31844 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2021-10-01 | 4.6 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. | |||||
| CVE-2021-31845 | 1 Mcafee | 1 Data Loss Prevention Discover | 2021-10-01 | 6.0 MEDIUM | 7.3 HIGH |
| A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. | |||||
| CVE-2021-41588 | 1 Gradle | 1 Gradle | 2021-10-01 | 6.8 MEDIUM | 8.1 HIGH |
| In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. | |||||
| CVE-2021-39246 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2021-10-01 | 3.6 LOW | 6.1 MEDIUM |
| Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). | |||||