Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1612 | 1 Cisco | 1 Sd-wan | 2021-09-30 | 6.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. | |||||
| CVE-2021-24670 | 1 Status301 | 1 Coolclock | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-36841 | 1 Yithemes | 1 Yith Maintenance Mode | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. | |||||
| CVE-2021-23031 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-09-30 | 6.5 MEDIUM | 9.9 CRITICAL |
| On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-34723 | 1 Cisco | 21 Asr 1000-x, Asr 1001, Asr 1001-x and 18 more | 2021-09-30 | 6.9 MEDIUM | 6.7 MEDIUM |
| A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device. | |||||
| CVE-2021-22018 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-30 | 6.4 MEDIUM | 6.5 MEDIUM |
| The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. | |||||
| CVE-2021-22019 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. | |||||
| CVE-2021-22020 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-30 | 2.1 LOW | 5.5 MEDIUM |
| The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. | |||||
| CVE-2021-1546 | 1 Cisco | 20 Sd-wan Vbond Orchestrator, Sd-wan Vmanage, Vedge 100 and 17 more | 2021-09-30 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. | |||||
| CVE-2021-41581 | 1 Openbsd | 1 Libressl | 2021-09-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination. | |||||
| CVE-2021-31923 | 1 Pingidentity | 1 Pingaccess | 2021-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. | |||||
| CVE-2020-24327 | 1 Discourse | 1 Discourse | 2021-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. | |||||
| CVE-2020-19951 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | |||||
| CVE-2021-41584 | 1 Gradle | 1 Gradle | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header. | |||||
| CVE-2020-19950 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-19949 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2021-41394 | 1 Goteleport | 1 Teleport | 2021-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. | |||||
| CVE-2021-38863 | 1 Ibm | 1 Security Verify Bridge | 2021-09-29 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154. | |||||
| CVE-2021-38864 | 1 Ibm | 1 Security Verify Bridge | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. | |||||
| CVE-2021-41395 | 1 Goteleport | 1 Teleport | 2021-09-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. | |||||