Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13038 | 1 Opendesa | 1 Opensid | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type. | |||||
| CVE-2018-13039 | 1 Opendesa | 1 Opensid | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. | |||||
| CVE-2018-13040 | 1 Opendesa | 1 Opensid | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. | |||||
| CVE-2021-34270 | 1 Doft | 1 Doftcoin | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses. | |||||
| CVE-2021-32793 | 1 Pi-hole | 1 Pi-hole | 2021-08-12 | 3.5 LOW | 4.8 MEDIUM |
| Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-scripting vulnerability. User input added as a wildcard domain to a blocklist or allowlist is unfiltered in the web interface. Since the payload is stored permanently as a wildcard domain, this is a persistent XSS vulnerability. A remote attacker can therefore attack administrative user accounts through client-side attacks. Pi-hole Web Interface version 5.5.1 contains a patch for this vulnerability. | |||||
| CVE-2020-28430 | 2021-08-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-31867 | 1 Pimcore | 1 Customer Management Framework | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product. | |||||
| CVE-2021-27952 | 1 Ecobee | 2 Ecobee3 Lite, Ecobee3 Lite Firmware | 2021-08-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console. | |||||
| CVE-2021-31869 | 1 Pimcore | 1 Adminbundle | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product. | |||||
| CVE-2021-21738 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09> | |||||
| CVE-2021-21739 | 1 Zte | 2 Zxctn 6120h, Zxctn 6120h Firmware | 2021-08-12 | 2.1 LOW | 4.6 MEDIUM |
| A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and detection, thus affecting signal transmission. This affects: <ZXCTN 6120H><V5.10.00B24> | |||||
| CVE-2018-1037 | 1 Microsoft | 2 Visual Studio, Visual Studio 2017 | 2021-08-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. | |||||
| CVE-2021-1610 | 1 Cisco | 5 Small Business Rv340, Small Business Rv340w, Small Business Rv345 and 2 more | 2021-08-12 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2021-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | |||||
| CVE-2021-38200 | 1 Linux | 1 Linux Kernel | 2021-08-12 | 2.1 LOW | 5.5 MEDIUM |
| arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command. | |||||
| CVE-2021-32017 | 1 Jump-technology | 1 Asset Management | 2021-08-12 | 4.0 MEDIUM | 7.7 HIGH |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files. | |||||
| CVE-2021-1609 | 1 Cisco | 5 Small Business Rv340, Small Business Rv340w, Small Business Rv345 and 2 more | 2021-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-22124 | 1 Fortinet | 2 Fortiauthenticator, Fortisandbox | 2021-08-12 | 7.8 HIGH | 7.5 HIGH |
| An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters. | |||||
| CVE-2021-38206 | 1 Linux | 1 Linux Kernel | 2021-08-12 | 2.1 LOW | 5.5 MEDIUM |
| The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates. | |||||
| CVE-2021-32464 | 1 Trendmicro | 2 Apex One, Officescan | 2021-08-12 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||