Total
1466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29961 | 1 Mozilla | 1 Firefox | 2021-09-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. | |||||
| CVE-2010-1435 | 1 Joomla | 1 Joomla\! | 2021-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | |||||
| CVE-2021-24379 | 1 Wphappycoders | 1 Comments Like Dislike | 2021-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side | |||||
| CVE-2021-1854 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| A call termination issue with was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A legacy cellular network can automatically answer an incoming call when an ongoing call ends or drops. . | |||||
| CVE-2020-19765 | 1 Proofofdiligencetoken Project | 1 Proofofdiligencetoken | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. | |||||
| CVE-2021-35949 | 1 Owncloud | 1 Owncloud | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. | |||||
| CVE-2016-4514 | 1 Moxa | 2 Pt-7728, Pt-7728 Firmware | 2021-09-13 | 4.6 MEDIUM | 7.7 HIGH |
| Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | |||||
| CVE-2020-9712 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 7.1 HIGH | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | |||||
| CVE-2021-36039 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2021-09-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive information. | |||||
| CVE-2021-22256 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | |||||
| CVE-2021-22247 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | |||||
| CVE-2021-22243 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 4.0 MEDIUM | 4.3 MEDIUM |
| Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | |||||
| CVE-2021-22236 | 1 Gitlab | 1 Gitlab | 2021-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. | |||||
| CVE-2021-26040 | 1 Joomla | 1 Joomla\! | 2021-08-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command. | |||||
| CVE-2021-22253 | 1 Gitlab | 1 Gitlab | 2021-08-30 | 4.9 MEDIUM | 5.4 MEDIUM |
| Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed | |||||
| CVE-2021-22251 | 1 Gitlab | 1 Gitlab | 2021-08-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings | |||||
| CVE-2021-37598 | 1 Wpcerber | 1 Wp Cerber | 2021-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character. | |||||
| CVE-2021-27793 | 1 Broadcom | 1 Fabric Operating System | 2021-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch. | |||||
| CVE-2019-11294 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2021-08-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. | |||||
| CVE-2021-22240 | 1 Gitlab | 1 Gitlab | 2021-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | |||||