Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39584 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() located in pool.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39583 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2() located in pool.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2020-27970 | 1 Yandex | 1 Yandex Browser | 2021-09-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar | |||||
| CVE-2021-40214 | 1 Gibbonedu | 1 Gibbon | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. | |||||
| CVE-2020-3319 | 1 Cisco | 2 Webex Network Recording Player, Webex Player | 2021-09-22 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3. | |||||
| CVE-2020-3286 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2021-09-22 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | |||||
| CVE-2020-3317 | 1 Cisco | 1 Firepower Threat Defense | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspection component. An attacker could exploit this vulnerability by sending a malformed TLS packet through a Cisco Adaptive Security Appliance (ASA). A successful exploit could allow the attacker to crash a Snort instance, resulting in a denial of service (DoS) condition. | |||||
| CVE-2020-3327 | 4 Canonical, Cisco, Debian and 1 more | 4 Ubuntu Linux, Clam Antivirus, Debian Linux and 1 more | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | |||||
| CVE-2020-3222 | 1 Cisco | 1 Ios Xe | 2021-09-22 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass. | |||||
| CVE-2021-32531 | 1 Qsan | 1 Xevo | 2021-09-22 | 7.5 HIGH | 9.8 CRITICAL |
| OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. | |||||
| CVE-2021-23358 | 4 Debian, Fedoraproject, Tenable and 1 more | 4 Debian Linux, Fedora, Tenable.sc and 1 more | 2021-09-22 | 6.5 MEDIUM | 7.2 HIGH |
| The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | |||||
| CVE-2021-39587 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpABC() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-38325 | 1 User-activation-email Project | 1 User-activation-email | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0. | |||||
| CVE-2020-19280 | 1 Jeesns | 1 Jeesns | 2021-09-22 | 6.8 MEDIUM | 8.8 HIGH |
| Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. | |||||
| CVE-2021-39588 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_ReadABC() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-25465 | 1 Samsung | 1 Themes | 2021-09-22 | 4.4 MEDIUM | 7.0 HIGH |
| An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. | |||||
| CVE-2020-27969 | 1 Yandex | 1 Yandex Browser | 2021-09-22 | 7.5 HIGH | 7.3 HIGH |
| Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing | |||||
| CVE-2021-39589 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parse_metadata() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-25450 | 1 Google | 1 Android | 2021-09-22 | 3.3 LOW | 6.5 MEDIUM |
| Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. | |||||
| CVE-2021-39591 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingBox() located in swfshape.c. It allows an attacker to cause Denial of Service. | |||||