Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4825 | 1 Collne | 1 Welcart E-commerce | 2021-08-31 | 6.8 MEDIUM | 5.6 MEDIUM |
| The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | |||||
| CVE-2016-9261 | 1 Tenable | 1 Log Correlation Engine | 2021-08-31 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-10224 | 1 Sauter-controls | 1 Novaweb Web Hmi | 2021-08-31 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. | |||||
| CVE-2018-12998 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Opmanager and 2 more | 2021-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | |||||
| CVE-2015-7260 | 1 Vertiv | 1 Liebert Multilink Automated Shutdown | 2021-08-31 | 7.2 HIGH | 7.8 HIGH |
| Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file. | |||||
| CVE-2018-12997 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Opmanager and 2 more | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | |||||
| CVE-2017-5160 | 1 Aveva | 1 Wonderware Intouch Access Anywhere | 2021-08-31 | 3.5 LOW | 5.3 MEDIUM |
| An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. | |||||
| CVE-2015-8079 | 1 Qt | 1 Qtwebkit | 2021-08-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. | |||||
| CVE-2017-5159 | 1 Phoenixcontact | 1 Mguard Firmware | 2021-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value. | |||||
| CVE-2021-28633 | 1 Adobe | 1 Creative Cloud Desktop Application | 2021-08-31 | 3.6 LOW | 6.1 MEDIUM |
| Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system. | |||||
| CVE-2017-7251 | 1 Piengine | 1 Pi | 2021-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data (preview) passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2021-39155 | 1 Istio | 1 Istio | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The proxy will route the request hostname in a case-insensitive way which means the authorization policy could be bypassed. As an example, the user may have an authorization policy that rejects request with hostname "httpbin.foo" for some source IPs, but the attacker can bypass this by sending the request with hostname "Httpbin.Foo". Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize Host header before the authorization check. This is similar to the Path normalization presented in the [Security Best Practices](https://istio.io/latest/docs/ops/best-practices/security/#case-normalization) guide. | |||||
| CVE-2021-22256 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | |||||
| CVE-2021-22247 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | |||||
| CVE-2021-22245 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 4.0 MEDIUM | 2.7 LOW |
| Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | |||||
| CVE-2021-22243 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 4.0 MEDIUM | 4.3 MEDIUM |
| Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | |||||
| CVE-2021-21778 | 1 Mz-automation | 1 Lib60870 | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability. | |||||
| CVE-2021-22237 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2 | |||||
| CVE-2021-22242 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | |||||
| CVE-2021-22236 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. | |||||