Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39161 | 1 Discourse | 1 Discourse | 2021-09-01 | 2.1 LOW | 5.4 MEDIUM |
| Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse's default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | |||||
| CVE-2020-19705 | 1 Thinkphp-zcms Project | 1 Thinkphp-zcms | 2021-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add. | |||||
| CVE-2021-29772 | 1 Ibm | 1 Api Connect | 2021-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. | |||||
| CVE-2021-33884 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2021-09-01 | 5.0 MEDIUM | 9.1 CRITICAL |
| An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten. | |||||
| CVE-2021-33883 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2021-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. The exposed data includes critical values for a pump's internal configuration. | |||||
| CVE-2019-6804 | 1 Pagerduty | 1 Rundeck | 2021-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. | |||||
| CVE-2021-3734 | 1 Yourls | 1 Yourls | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | |||||
| CVE-2021-33882 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2021-09-01 | 5.0 MEDIUM | 8.6 HIGH |
| A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to reconfigure the device from an unknown source because of lack of authentication on proprietary networking commands. | |||||
| CVE-2021-37154 | 1 Forgerock | 1 Access Management | 2021-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | |||||
| CVE-2021-1582 | 1 Cisco | 2 Application Policy Infrastructure Controller, Cloud Application Policy Infrastructure Controller | 2021-09-01 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information. | |||||
| CVE-2021-1578 | 1 Cisco | 2 Application Policy Infrastructure Controller, Cloud Application Policy Infrastructure Controller | 2021-09-01 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is due to an improper policy default setting. An attacker could exploit this vulnerability by using a non-privileged credential for Cisco ACI Multi-Site Orchestrator (MSO) to send a specific API request to a managed Cisco APIC or Cloud APIC device. A successful exploit could allow the attacker to obtain Administrator credentials on the affected device. | |||||
| CVE-2021-36931 | 1 Microsoft | 1 Edge Chromium | 2021-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36928. | |||||
| CVE-2021-36929 | 1 Microsoft | 1 Edge Chromium | 2021-09-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2021-36352 | 1 Care2x | 1 Hospital Information Management | 2021-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters. | |||||
| CVE-2021-32263 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2021-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| ok-file-formats through 2021-04-29 has a heap-based buffer overflow in the ok_csv_circular_buffer_read function in ok_csv.c. | |||||
| CVE-2020-21064 | 2021-09-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15048. Reason: This candidate is a reservation duplicate of CVE-2019-15048. Notes: All CVE users should reference CVE-2019-15048 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-39367 | 1 Canon | 1 Oce Print Exec Workgroup | 2021-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. | |||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2021-09-01 | 3.5 LOW | 5.3 MEDIUM |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | |||||
| CVE-2021-33015 | 1 Hornerautomation | 1 Cscape | 2021-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2010-4756 | 1 Gnu | 1 Glibc | 2021-09-01 | 4.0 MEDIUM | N/A |
| The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. | |||||