Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33056 | 1 Linphone | 1 Belle-sip | 2021-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. | |||||
| CVE-2021-27794 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST. | |||||
| CVE-2021-38708 | 1 Compo | 1 Composr Cms | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. | |||||
| CVE-2021-28002 | 1 Textpattern | 1 Textpattern | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page. | |||||
| CVE-2021-28001 | 1 Textpattern | 1 Textpattern | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head. | |||||
| CVE-2021-39302 | 1 Misp | 1 Misp | 2021-08-23 | 6.8 MEDIUM | 9.8 CRITICAL |
| MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. | |||||
| CVE-2021-28000 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2021-08-23 | 3.5 LOW | 4.8 MEDIUM |
| A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields. | |||||
| CVE-2020-18748 | 1 Typora | 1 Typora | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221. | |||||
| CVE-2021-27822 | 1 Vehicle Parking Management System Project | 1 Vehicle Parking Management System | 2021-08-23 | 3.5 LOW | 4.8 MEDIUM |
| A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field. | |||||
| CVE-2020-20645 | 1 Eyoucms | 1 Eyoucms | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area. | |||||
| CVE-2020-20642 | 1 Eyoucms | 1 Eyoucms | 2021-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. | |||||
| CVE-2021-27793 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch. | |||||
| CVE-2020-15387 | 1 Broadcom | 2 Brocade Sannav, Fabric Operating System | 2021-08-23 | 5.8 MEDIUM | 7.4 HIGH |
| The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. | |||||
| CVE-2020-15374 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. | |||||
| CVE-2020-15373 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. | |||||
| CVE-2020-15371 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. | |||||
| CVE-2020-15369 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 4.0 MEDIUM | 8.8 HIGH |
| Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. | |||||
| CVE-2018-6447 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account. | |||||
| CVE-2021-37700 | 1 Paste-markdown Project | 1 Paste-markdown | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| @github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string `<table>`, a **div** is dynamically created, and the clipboard content is copied into its **innerHTML** property without any sanitization, resulting in improper execution of JavaScript in the browser of the victim (the user who pasted the code). Users directed to copy text from a malicious website and paste it into pages that utilize this library are affected. This is fixed in version 0.3.4. Refer the to the referenced GitHub Advisory for more details including an example exploit. | |||||
| CVE-2021-33199 | 1 Expressionengine | 1 Expressionengine | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. | |||||