Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34487 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34486. | |||||
| CVE-2021-3635 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2021-08-23 | 4.9 MEDIUM | 4.4 MEDIUM |
| A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands. | |||||
| CVE-2020-18705 | 1 Quokka Project | 1 Quokka | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. | |||||
| CVE-2021-38619 | 1 Openbaraza | 1 Openbaraza Human Capital Management | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=). | |||||
| CVE-2021-1104 | 1 Risc-v | 1 Instruction Set Manual | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service. | |||||
| CVE-2021-34484 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||
| CVE-2020-18897 | 1 Libpff Project | 1 Libpff | 2021-08-23 | 4.4 MEDIUM | 7.8 HIGH |
| An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file. | |||||
| CVE-2021-34641 | 1 Seopress | 1 Seopress | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3. | |||||
| CVE-2021-34643 | 1 Skaut-bazar Project | 1 Skaut-bazar | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2. | |||||
| CVE-2021-34642 | 1 Followistic | 1 Smart Email Alerts | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the api_key in the ~/views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10. | |||||
| CVE-2021-34644 | 1 Multiplayer-plugin Project | 1 Multiplayer-plugin | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7. | |||||
| CVE-2021-34651 | 1 Scribblemaps | 1 Scribble Maps | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-34649 | 1 Simple-behace-portfolio Project | 1 Simple-behace-portfolio | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2. | |||||
| CVE-2021-34652 | 1 Meowapps | 1 Media Usage | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | |||||
| CVE-2020-18702 | 1 Quokka Project | 1 Quokka | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'. | |||||
| CVE-2020-18703 | 1 Quokka Project | 1 Quokka | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. | |||||
| CVE-2021-38713 | 1 Imgurl Project | 1 Imgurl | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. | |||||
| CVE-2020-25351 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script. | |||||
| CVE-2020-27464 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 6.8 MEDIUM | 7.8 HIGH |
| An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2020-25352 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving. | |||||