Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33938 | 1 Opensuse | 1 Libsolv | 2021-09-07 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | |||||
| CVE-2021-33930 | 1 Opensuse | 1 Libsolv | 2021-09-07 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | |||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | |||||
| CVE-2020-20345 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. | |||||
| CVE-2020-20344 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module. | |||||
| CVE-2020-20347 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module. | |||||
| CVE-2020-20348 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module. | |||||
| CVE-2020-20349 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module. | |||||
| CVE-2020-19049 | 1 Mybb | 1 Mybb | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. | |||||
| CVE-2021-36692 | 1 Libjxl Project | 1 Libjxl | 2021-09-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service. | |||||
| CVE-2020-19046 | 1 S-cms | 1 S-cms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. | |||||
| CVE-2021-32831 | 1 Totaljs | 1 Total.js | 2021-09-07 | 6.5 MEDIUM | 7.2 HIGH |
| Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9. | |||||
| CVE-2021-21680 | 1 Jenkins | 1 Nested View | 2021-09-07 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-22848 | 1 Chshcms | 1 Cscms | 2021-09-07 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. | |||||
| CVE-2021-37715 | 1 Arubanetworks | 1 Airwave | 2021-09-07 | 3.5 LOW | 4.8 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-39171 | 1 Passport-saml Project | 1 Passport-saml | 2021-09-07 | 5.0 MEDIUM | 7.5 HIGH |
| Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2. | |||||
| CVE-2021-27018 | 1 Puppet | 1 Remediate | 2021-09-07 | 4.3 MEDIUM | 7.5 HIGH |
| The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source. | |||||
| CVE-2021-28233 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2021-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c. | |||||
| CVE-2021-36531 | 1 Miniupnp Project | 1 Ngiflib | 2021-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. | |||||
| CVE-2021-36530 | 1 Miniupnp Project | 1 Ngiflib | 2021-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. | |||||