Total
980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20736 | 1 Weseek | 1 Growi | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors. | |||||
| CVE-2021-20644 | 1 Elecom | 2 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. | |||||
| CVE-2021-20574 | 1 Ibm | 1 Security Identity Manager Adapter | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252. | |||||
| CVE-2021-20509 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243. | |||||
| CVE-2021-20101 | 1 Machform | 1 Machform | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content. | |||||
| CVE-2021-1432 | 1 Cisco | 2 Ios Xe, Ios Xe Sd-wan | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The commands are then executed on the device by the root user. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | |||||
| CVE-2021-1221 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link. | |||||
| CVE-2021-0594 | 1 Google | 1 Android | 2024-11-21 | 7.9 HIGH | 8.0 HIGH |
| In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224 | |||||
| CVE-2021-0567 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179461812 | |||||
| CVE-2021-0553 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169936038 | |||||
| CVE-2021-0551 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039 | |||||
| CVE-2021-0268 | 1 Juniper | 1 Junos | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1. | |||||
| CVE-2020-9757 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. | |||||
| CVE-2020-9495 | 1 Apache | 1 Archiva | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects. | |||||
| CVE-2020-9382 | 1 Widgets Project | 1 Widgets | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function. | |||||
| CVE-2020-9376 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-8800 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | |||||
| CVE-2020-8478 | 1 Abb | 4 Ac800m, Base Software, Mms Server and 1 more | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder. | |||||
| CVE-2020-8468 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. | |||||
| CVE-2020-8177 | 5 Debian, Fujitsu, Haxx and 2 more | 16 Debian Linux, M10-1, M10-1 Firmware and 13 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||||