Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32465 | 1 Trendmicro | 2 Apex One, Officescan | 2021-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-25445 | 1 Samsung | 1 Internet | 2021-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. | |||||
| CVE-2021-22241 | 1 Gitlab | 1 Gitlab | 2021-08-12 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. | |||||
| CVE-2020-23149 | 1 Rconfig | 1 Rconfig | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information. | |||||
| CVE-2020-23150 | 1 Rconfig | 1 Rconfig | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php. | |||||
| CVE-2021-32016 | 1 Jump-technology | 1 Asset Management | 2021-08-11 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via directory traversal, potentially leading to remote code and command execution. | |||||
| CVE-2021-36622 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2021-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell. | |||||
| CVE-2021-32018 | 1 Jump-technology | 1 Asset Management | 2021-08-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal. | |||||
| CVE-2021-33320 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails | |||||
| CVE-2021-36654 | 1 Cmsuno Project | 1 Cmsuno | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. | |||||
| CVE-2021-32813 | 1 Traefik | 1 Traefik | 2021-08-11 | 6.8 MEDIUM | 8.1 HIGH |
| Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-37231 | 1 Atomicparsley Project | 1 Atomicparsley | 2021-08-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check. | |||||
| CVE-2021-37232 | 1 Atomicparsley Project | 1 Atomicparsley | 2021-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64. | |||||
| CVE-2021-35397 | 1 Drogon | 1 Drogon | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending crafted HTTP request with specific path to read. Successful exploitation could allow the attacker to read files that should be restricted. | |||||
| CVE-2021-33336 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_journal_web_portlet_JournalPortlet_name parameter. | |||||
| CVE-2021-33339 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortlet_name parameter. | |||||
| CVE-2020-22392 | 1 Intelliants | 1 Subrion Cms | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file. | |||||
| CVE-2021-33791 | 2021-08-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability. | |||||
| CVE-2020-22732 | 1 Cmsmadesimple | 1 Cms Made Simple | 2021-08-11 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. | |||||
| CVE-2021-38095 | 1 Planview | 1 Spigit | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request. | |||||