Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23341 | 1 Atutor | 1 Atutor | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-38711 | 1 Gitit Project | 1 Gitit | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. | |||||
| CVE-2021-38709 | 1 Compo | 1 Composr Cms | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. | |||||
| CVE-2021-38315 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25. | |||||
| CVE-2021-23423 | 1 Bikeshed Project | 1 Bikeshed | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output. | |||||
| CVE-2021-34667 | 1 Calendar Plugin Project | 1 Calendar Plugin | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-21973 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | |||||
| CVE-2019-5538 | 1 Vmware | 1 Vcenter Server | 2021-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. | |||||
| CVE-2019-5537 | 1 Vmware | 1 Vcenter Server | 2021-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. | |||||
| CVE-2020-3994 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates. | |||||
| CVE-2017-4943 | 1 Vmware | 1 Vcenter Server | 2021-08-24 | 7.2 HIGH | 7.8 HIGH |
| VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. | |||||
| CVE-2021-34657 | 1 Typofr Project | 1 Typofr | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11. | |||||
| CVE-2021-34658 | 1 Keszites | 1 Simple Popup Newsletter | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7. | |||||
| CVE-2021-34659 | 1 Sizmic | 1 Plugmatter Pricing Table | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `email` parameter in the ~/license.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.32. | |||||
| CVE-2021-34534 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-08-23 | 5.1 MEDIUM | 7.5 HIGH |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2021-34535 | 1 Microsoft | 9 Remote Desktop, Windows 10, Windows 7 and 6 more | 2021-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2021-34530 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-08-23 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||
| CVE-2021-34533 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-23 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | |||||
| CVE-2020-18704 | 1 Fusionbox | 1 Widgy | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | |||||
| CVE-2021-34486 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34487. | |||||