Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22891 | 1 Citrix | 1 Sharefile Storagezones Controller | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller. | |||||
| CVE-2017-16629 | 1 Sapphireims | 1 Sapphireims | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again." | |||||
| CVE-2021-38151 | 1 Chikitsa | 1 Patient Management System | 2021-08-12 | 3.5 LOW | 5.4 MEDIUM |
| index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS. | |||||
| CVE-2021-33794 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2021-08-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. | |||||
| CVE-2021-38569 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects. | |||||
| CVE-2021-20115 | 1 Tecnick | 1 Tcexam | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the f, d, and dir parameters in tce_filemanager.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf. | |||||
| CVE-2021-20116 | 1 Tecnick | 1 Tcexam | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the f, d, and dir parameters in tce_select_mediafile.php were not properly validated and could cause reflected XSS via the unsanitized output of the path supplied. An attacker could craft a malicious link which, if triggered by an administrator, could result in the attacker hijacking the victim's session or performing actions on their behalf. | |||||
| CVE-2021-36454 | 1 Naviwebs | 1 Navigate Cms | 2021-08-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10) orders\orders.php, 11) payment_methods\payment_methods.php, 12) products\products.php, 13) profiles\profiles.php, 14) shipping_methods\shipping_methods.php, 15) templates\templates.php, 16) users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php, and 19) webusers\webusers.php because the initial_url function is built in these files. | |||||
| CVE-2021-37554 | 1 Jetbrains | 1 Youtrack | 2021-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. | |||||
| CVE-2021-37552 | 1 Jetbrains | 1 Youtrack | 2021-08-12 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. | |||||
| CVE-2021-37544 | 1 Jetbrains | 1 Teamcity | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. | |||||
| CVE-2021-37545 | 1 Jetbrains | 1 Teamcity | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. | |||||
| CVE-2021-36351 | 1 Care2x | 1 Hospital Information Management System | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php. | |||||
| CVE-2021-37543 | 1 Jetbrains | 1 Rubymine | 2021-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. | |||||
| CVE-2021-37541 | 1 Jetbrains | 1 Hub | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | |||||
| CVE-2021-37542 | 1 Jetbrains | 1 Teamcity | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, XSS was possible. | |||||
| CVE-2021-38570 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2021-08-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink. | |||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2021-08-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | |||||
| CVE-2021-32603 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests. | |||||
| CVE-2021-32598 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | |||||