Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32594 | 1 Fortinet | 1 Fortiportal | 2021-08-10 | 5.5 MEDIUM | 8.1 HIGH |
| An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files. | |||||
| CVE-2021-33337 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter. | |||||
| CVE-2021-33338 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-10 | 5.1 MEDIUM | 7.5 HIGH |
| The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the p_auth parameter. | |||||
| CVE-2021-35463 | 1 Liferay | 1 Liferay Portal | 2021-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. | |||||
| CVE-2021-36764 | 1 Codesys | 1 Gateway | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. | |||||
| CVE-2021-24010 | 1 Fortinet | 1 Fortisandbox | 2021-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests. | |||||
| CVE-2021-36765 | 1 Codesys | 1 Ethernetip | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system. | |||||
| CVE-2021-3678 | 1 Showdoc | 1 Showdoc | 2021-08-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | |||||
| CVE-2021-36168 | 1 Fortinet | 1 Fortiportal | 2021-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values. | |||||
| CVE-2020-29011 | 1 Fortinet | 1 Fortisandbox | 2021-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests. | |||||
| CVE-2021-26097 | 1 Fortinet | 1 Fortisandbox | 2021-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2021-32596 | 1 Fortinet | 1 Fortiportal | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables. | |||||
| CVE-2021-37557 | 1 Centreon | 1 Centreon | 2021-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter. | |||||
| CVE-2021-37558 | 1 Centreon | 1 Centreon | 2021-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only when a valid Knowledge Base URL is configured on the Knowledge Base configuration page and points to a MediaWiki instance. This relates to the proxy feature in class/centreon-knowledge/ProceduresProxy.class.php and include/configuration/configKnowledge/proxy/proxy.php. | |||||
| CVE-2021-37556 | 1 Centreon | 1 Centreon | 2021-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters. | |||||
| CVE-2021-22423 | 1 Huawei | 1 Harmonyos | 2021-08-10 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow. | |||||
| CVE-2021-22425 | 1 Huawei | 1 Harmonyos | 2021-08-10 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges. | |||||
| CVE-2021-35343 | 1 Seeddms | 1 Seeddms | 2021-08-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | |||||
| CVE-2021-36542 | 1 Seeddms | 1 Seeddms | 2021-08-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | |||||
| CVE-2021-36543 | 1 Seeddms | 1 Seeddms | 2021-08-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | |||||