Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29831 | 1 Ibm | 2 Jazz For Service Management, Tivoli Netcool\/omnibus Gui | 2021-09-29 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775. | |||||
| CVE-2021-20510 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | |||||
| CVE-2021-20499 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973 | |||||
| CVE-2021-20511 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 6.8 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. | |||||
| CVE-2021-20497 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | |||||
| CVE-2021-20496 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. | |||||
| CVE-2020-19554 | 1 Manageengine | 1 Opmanager | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. | |||||
| CVE-2021-32839 | 1 Sqlparse Project | 1 Sqlparse | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2. | |||||
| CVE-2021-31841 | 1 Mcafee | 1 Mcafee Agent | 2021-09-29 | 6.9 MEDIUM | 7.8 HIGH |
| A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature. | |||||
| CVE-2021-31836 | 1 Mcafee | 1 Mcafee Agent | 2021-09-29 | 3.6 LOW | 7.1 HIGH |
| Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user. | |||||
| CVE-2021-3806 | 1 Tubitak | 1 Pardus Software Center | 2021-09-29 | 7.1 HIGH | 5.9 MEDIUM |
| A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system. | |||||
| CVE-2021-41086 | 1 Jsuites | 1 Jsuites | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to `innerHTML` allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve. | |||||
| CVE-2021-30123 | 1 Ffmpeg | 1 Ffmpeg | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. | |||||
| CVE-2019-3820 | 3 Canonical, Gnome, Opensuse | 3 Ubuntu Linux, Gnome-shell, Leap | 2021-09-29 | 4.6 MEDIUM | 4.3 MEDIUM |
| It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. | |||||
| CVE-2014-3704 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2021-09-29 | 7.5 HIGH | N/A |
| The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. | |||||
| CVE-2020-21548 | 1 Libsixel Project | 1 Libsixel | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. | |||||
| CVE-2020-21547 | 1 Libsixel Project | 1 Libsixel | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. | |||||
| CVE-2021-41383 | 1 Netgear | 2 R6020, R6020 Firmware | 2021-09-29 | 9.0 HIGH | 7.2 HIGH |
| setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. | |||||
| CVE-2021-24398 | 1 Webpsilon | 1 Responsive 3d Slider | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice. | |||||
| CVE-2021-24401 | 1 Wp-domain-redirect Project | 1 Wp-domain-redirect | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||