Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31970 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-09-13 | 2.1 LOW | 5.5 MEDIUM |
| Windows TCP/IP Driver Security Feature Bypass Vulnerability | |||||
| CVE-2021-22789 | 1 Schneider-electric | 49 Modicon M340 Bmxp341000, Modicon M340 Bmxp342010, Modicon M340 Bmxp342020 and 46 more | 2021-09-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). | |||||
| CVE-2021-22792 | 1 Schneider-electric | 49 Modicon M340 Bmxp341000, Modicon M340 Bmxp342010, Modicon M340 Bmxp342020 and 46 more | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). | |||||
| CVE-2021-31610 | 2 Bluetrum, Mi | 6 Ab5376t, Ab5376t Firmware, Bt8896a and 3 more | 2021-09-13 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data. | |||||
| CVE-2021-38154 | 1 Canon | 1 - | 2021-09-13 | 4.3 MEDIUM | 7.5 HIGH |
| Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021. | |||||
| CVE-2021-25735 | 1 Kubernetes | 1 Kubernetes | 2021-09-13 | 5.5 MEDIUM | 6.5 MEDIUM |
| A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. | |||||
| CVE-2020-19282 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. | |||||
| CVE-2020-19281 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. | |||||
| CVE-2020-19284 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. | |||||
| CVE-2020-19283 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-19285 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. | |||||
| CVE-2021-38841 | 1 Simple Water Refilling Station Management System Project | 1 Simple Water Refilling Station Management System | 2021-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. | |||||
| CVE-2021-33484 | 1 Onyaktech Comments Pro Project | 1 Onyaktech Comments Pro | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user. | |||||
| CVE-2020-19286 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. | |||||
| CVE-2020-19288 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message. | |||||
| CVE-2020-19287 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. | |||||
| CVE-2020-19290 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section. | |||||
| CVE-2020-19289 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab. | |||||
| CVE-2020-19292 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. | |||||
| CVE-2020-19291 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo. | |||||