Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36800 | 1 Akaunting | 1 Akaunting | 2021-08-11 | 9.0 HIGH | 9.1 CRITICAL |
| Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] that includes a PHP callable function is executed directly. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-36801 | 1 Akaunting | 1 Akaunting | 2021-08-11 | 5.5 MEDIUM | 8.1 HIGH |
| Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-36802 | 1 Akaunting | 1 Akaunting | 2021-08-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-37843 | 1 Atlassian | 1 Saml Single Sign On | 2021-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for Bitbucket 2.5.9, 3.6.6, 4.0.12, 5.0.5; for Bamboo 2.5.9, 3.6.6, 4.0.12, 5.0.5; and for Fisheye 2.5.9. | |||||
| CVE-2021-36803 | 1 Akaunting | 1 Akaunting | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-36805 | 1 Akaunting | 1 Akaunting | 2021-08-11 | 3.5 LOW | 4.8 MEDIUM |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-22421 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges. | |||||
| CVE-2021-22422 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | |||||
| CVE-2021-22419 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos. | |||||
| CVE-2021-22418 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | |||||
| CVE-2021-22417 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage. | |||||
| CVE-2021-22416 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | |||||
| CVE-2021-27499 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2021-08-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages. | |||||
| CVE-2021-22424 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. | |||||
| CVE-2021-27942 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2021-08-11 | 7.2 HIGH | 6.8 MEDIUM |
| Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed. | |||||
| CVE-2019-14453 | 1 Comelitgroup | 1 Away From Home | 2021-08-11 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges (installer or administrator) for the graphical interface via a 1C000000000S value for domus, in conjunction with a zero value for logged. | |||||
| CVE-2021-29979 | 1 Mozilla | 1 Hubs Cloud | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210618012634. | |||||
| CVE-2020-4707 | 1 Ibm | 1 Api Connect | 2021-08-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370. | |||||
| CVE-2021-26098 | 1 Fortinet | 1 Fortisandbox | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs. | |||||
| CVE-2021-32590 | 1 Fortinet | 1 Fortiportal | 2021-08-10 | 9.0 HIGH | 8.8 HIGH |
| Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests. | |||||