Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33721 | 1 Siemens | 1 Sinec Network Management System | 2021-08-17 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges. | |||||
| CVE-2021-22674 | 1 Advantech | 1 Webaccess\/scada | 2021-08-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
| CVE-2021-31731 | 1 Kitesky | 1 Kitecms | 2021-08-17 | 5.5 MEDIUM | 6.5 MEDIUM |
| A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. | |||||
| CVE-2020-23172 | 1 Kuba Project | 1 Kuba | 2021-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. | |||||
| CVE-2020-23171 | 1 Nim-lang | 1 Nim-lang | 2021-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. | |||||
| CVE-2021-33706 | 1 Sap | 1 Infrabox | 2021-08-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Due to improper input validation in InfraBox, logs can be modified by an authenticated user. | |||||
| CVE-2021-38386 | 1 Contiki-os | 1 Contiki | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names. | |||||
| CVE-2021-22676 | 1 Advantech | 1 Webaccess\/scada | 2021-08-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
| CVE-2021-38383 | 1 Owntone Project | 1 Owntone | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. | |||||
| CVE-2021-38140 | 1 Set User Project | 1 Set User | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). | |||||
| CVE-2021-38305 | 1 23andme | 1 Yamale | 2021-08-17 | 9.3 HIGH | 7.8 HIGH |
| 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each line is run through Python's eval function to make the validator available. A well-constructed string within the schema rules can execute system commands; thus, by exploiting the vulnerability, an attacker can run arbitrary code on the image that invokes Yamale. | |||||
| CVE-2021-32943 | 1 Advantech | 1 Webaccess\/scada | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
| CVE-2021-33699 | 1 Sap | 1 Fiori Client | 2021-08-17 | 3.3 LOW | 6.5 MEDIUM |
| Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information. | |||||
| CVE-2020-18458 | 1 Damicms | 1 Damicms | 2021-08-17 | 6.0 MEDIUM | 8.0 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | |||||
| CVE-2020-18460 | 1 711cms | 1 711cms | 2021-08-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. | |||||
| CVE-2020-18462 | 1 Aikcms | 1 Aikcms | 2021-08-17 | 6.5 MEDIUM | 7.2 HIGH |
| File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. | |||||
| CVE-2021-38311 | 1 Contiki-os | 1 Contiki | 2021-08-17 | 4.3 MEDIUM | 7.5 HIGH |
| In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of service, and excessive CPU consumption. | |||||
| CVE-2021-21501 | 1 Apache | 1 Servicecomb | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. | |||||
| CVE-2020-25565 | 1 Sapphireims | 1 Sapphireims | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. | |||||
| CVE-2020-18463 | 1 Aikcms | 1 Aikcms | 2021-08-17 | 3.5 LOW | 2.4 LOW |
| Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message. | |||||