Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31813 | 1 Zohocorp | 1 Manageengine Applications Manager | 2021-09-21 | 3.5 LOW | 5.4 MEDIUM |
| Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | |||||
| CVE-2021-28690 | 1 Xen | 1 Xen | 2021-09-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend. | |||||
| CVE-2021-30757 | 1 Apple | 1 Imovie | 2021-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. | |||||
| CVE-2021-35061 | 1 Drk-odenwaldkreis | 1 Testerfassung | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components. | |||||
| CVE-2020-24723 | 1 User Registration \& Login And User Management System Project | 1 User Registration \& Login And User Management System | 2021-09-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. | |||||
| CVE-2021-26765 | 1 Student Record System Project | 1 Student Record System | 2021-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | |||||
| CVE-2021-26764 | 1 Student Record System Project | 1 Student Record System | 2021-09-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. | |||||
| CVE-2021-26762 | 1 Student Record System Project | 1 Student Record System | 2021-09-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | |||||
| CVE-2020-35427 | 1 Employee Record Management System Project | 1 Employee Record Management System | 2021-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
| CVE-2021-30658 | 1 Apple | 1 Macos | 2021-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks. | |||||
| CVE-2021-40373 | 1 Playsms | 1 Playsms | 2021-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | |||||
| CVE-2021-1812 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-21 | 9.3 HIGH | 7.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2021-30804 | 1 Apple | 1 Iphone Os | 2021-09-21 | 4.3 MEDIUM | 3.3 LOW |
| A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data. | |||||
| CVE-2021-1814 | 1 Apple | 2 Macos, Watchos | 2021-09-21 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30802 | 1 Apple | 2 Iphone Os, Tvos | 2021-09-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-30786 | 1 Apple | 2 Iphone Os, Macos | 2021-09-21 | 5.1 MEDIUM | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-38360 | 1 Wp-publications Project | 1 Wp-publications | 2021-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. | |||||
| CVE-2020-27940 | 1 Apple | 1 Apple Tv | 2021-09-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app. | |||||
| CVE-2021-38358 | 1 Kibokolabs | 1 Moolamojo | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. | |||||
| CVE-2021-38355 | 1 Bug Library Project | 1 Bug Library | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3. | |||||