1. Code Injection - MyBB (CVE-2021-27890) - Critical [661] Description: SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (MyBB 1.8.25 - Chained Remote Command Execution, MyBB 1.8.25 Remote Command Execution) |
Criticality of Vulnerability Type | 0.97 | 15 | Code Injection |
Vulnerable Product is Common | 0.6 | 14 | MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open-source forum software developed by the MyBB Group |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
2. Code Injection - MyBB (CVE-2021-27946) - Critical [661] Description: SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (MyBB 1.8.25 SQL Injection, MyBB 1.8.25 - Poll Vote Count SQL Injection) |
Criticality of Vulnerability Type | 0.97 | 15 | Code Injection |
Vulnerable Product is Common | 0.6 | 14 | MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open-source forum software developed by the MyBB Group |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
3. Code Injection - b2evolution (CVE-2021-28242) - Critical [661] Description: SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (b2evolution 7-2-2 SQL Injection, b2evolution 7-2-2 - 'cf_name' SQL Injection) |
Criticality of Vulnerability Type | 0.97 | 15 | Code Injection |
Vulnerable Product is Common | 0.6 | 14 | b2evolution is a content and community management system |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
4. Remote Code Execution - Facebook for WordPress plugin (CVE-2021-24217) - Critical [654] Description: The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain) |
Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
Vulnerable Product is Common | 0.6 | 14 | WordPress plugin |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on NVD data |
5. Code Injection - WP Google Map Plugin WordPress plugin (CVE-2021-24130) - Critical [634] Description: Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user (admin+).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (WP Google Map Plugin < 4.1.5 - Authenticated SQL Injection) |
Criticality of Vulnerability Type | 0.97 | 15 | Code Injection |
Vulnerable Product is Common | 0.6 | 14 | WordPress plugin |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on NVD data |
6. Elevation of Privilege - Envira Gallery Lite WordPress plugin (CVE-2021-24126) - High [512] Description: Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting) |
Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
Vulnerable Product is Common | 0.6 | 14 | WordPress plugin |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
7. Cross Site Scripting - MyBB (CVE-2021-27889) - High [505] Description: Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (MyBB 1.8.25 SQL Injection, MyBB 1.8.25 Remote Command Execution, MyBB 1.8.25 - Chained Remote Command Execution, MyBB 1.8.25 - Poll Vote Count SQL Injection) |
Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
Vulnerable Product is Common | 0.6 | 14 | MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open-source forum software developed by the MyBB Group |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on NVD data |
8. Unknown Vulnerability Type - Facebook for WordPress plugin (CVE-2021-24218) - High [464] Description: The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0.6 | 14 | WordPress plugin |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
9. Unknown Vulnerability Type - Windows (CVE-2021-28133) - High [454] Description: Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Zoom 5.4.3 (54779.1115) / 5.5.4 (13142.0301) Information Disclosure) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0.9 | 14 | Windows Kernel |
CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on NVD data |
10. Remote Code Execution - Microsoft Office ClickToRun (CVE-2021-27058) - High [424] Description: Microsoft Office ClickToRun Remote Code Execution Vulnerability
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
Vulnerable Product is Common | 0.6 | 14 | Microsoft Office ClickToRun |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on Microsoft data |
11. Code Injection - MyBB (CVE-2021-27947) - High [404] Description: SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.97 | 15 | Code Injection |
Vulnerable Product is Common | 0.6 | 14 | MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open-source forum software developed by the MyBB Group |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on NVD data |
12. Code Injection - MyBB (CVE-2021-27948) - High [404] Description: SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.97 | 15 | Code Injection |
Vulnerable Product is Common | 0.6 | 14 | MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open-source forum software developed by the MyBB Group |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on NVD data |
13. Information Disclosure - SMB (CVE-2021-3310) - Medium [378] Description: Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
Vulnerable Product is Common | 1 | 14 | SMB |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
14. Unknown Vulnerability Type - Unknown Product (CVE-2021-24139) - Medium [364] Description: Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
15. Unknown Vulnerability Type - Unknown Product (CVE-2021-27885) - Medium [351] Description: usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (e107 CMS 2.3.0 Cross Site Request Forgery, e107 CMS 2.3.0 - CSRF) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
16. Unknown Vulnerability Type - Unknown Product (CVE-2021-24144) - Medium [337] Description: Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
17. Remote Code Execution - Unknown Product (CVE-2021-28797) - Medium [337] Description: A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
18. Unknown Vulnerability Type - Unknown Product (CVE-2021-3138) - Medium [337] Description: In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Discourse 2.7.0 2FA Bypass, Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
19. Authentication Bypass - Unknown Product (CVE-2021-27514) - Medium [327] Description: EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.95 | 15 | Authentication Bypass |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
20. Unknown Vulnerability Type - Unknown Product (CVE-2021-24131) - Medium [324] Description: Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on NVD data |
21. Unknown Vulnerability Type - Unknown Product (CVE-2021-24142) - Medium [324] Description: Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on NVD data |
22. Remote Code Execution - Unknown Product (CVE-2021-27248) - Medium [324] Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
23. Remote Code Execution - Unknown Product (CVE-2021-27249) - Medium [324] Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
24. Code Injection - Unknown Product (CVE-2021-26751) - Medium [318] Description: NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.97 | 15 | Code Injection |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
25. Remote Code Execution - Unknown Product (CVE-2021-20095) - Medium [310] Description: Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
26. Unknown Vulnerability Type - Unknown Product (CVE-2021-24241) - Medium [310] Description: The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on NVD data |
27. Command Injection - Unknown Product (CVE-2021-31607) - Medium [304] Description: In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.97 | 15 | Command Injection |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
28. Remote Code Execution - Unknown Product (CVE-2021-23879) - Medium [297] Description: Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.7. Based on NVD data |
29. Unknown Vulnerability Type - Unknown Product (CVE-2021-28935) - Medium [297] Description: CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (CMS Made Simple 2.2.15 Cross Site Scripting, CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
30. Unknown Vulnerability Type - Unknown Product (CVE-2021-3111) - Medium [297] Description: The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Concrete5 8.5.4 Cross Site Scripting, Concrete5 8.5.4 Cross Site Scripting, Concrete5 8.5.4 - 'name' Stored XSS) |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.8. Based on NVD data |
31. Cross Site Scripting - MyBB (CVE-2021-27949) - Medium [275] Description: Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
Vulnerable Product is Common | 0.6 | 14 | MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open-source forum software developed by the MyBB Group |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on NVD data |
32. Remote Code Execution - Unknown Product (CVE-2021-28116) - Medium [270] Description: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on NVD data |
33. Denial of Service - Unknown Product (CVE-2021-21252) - Medium [250] Description: The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
34. Denial of Service - Unknown Product (CVE-2021-22320) - Medium [250] Description: There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS Module, NGFW Module, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
35. Denial of Service - Unknown Product (CVE-2021-22882) - Medium [250] Description: UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
36. Denial of Service - Unknown Product (CVE-2021-27358) - Medium [250] Description: The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
37. Denial of Service - Unknown Product (CVE-2021-28148) - Medium [250] Description: One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
38. Denial of Service - Unknown Product (CVE-2021-28543) - Medium [250] Description: Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
39. Denial of Service - Unknown Product (CVE-2021-3382) - Medium [250] Description: Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
40. Denial of Service - Unknown Product (CVE-2021-20205) - Medium [236] Description: Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
41. Denial of Service - Unknown Product (CVE-2021-20326) - Medium [236] Description: A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
42. Denial of Service - Unknown Product (CVE-2021-29470) - Medium [236] Description: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
43. Denial of Service - Unknown Product (CVE-2021-31553) - Medium [236] Description: An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
44. Denial of Service - Unknown Product (CVE-2021-29458) - Medium [222] Description: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
45. Cross Site Scripting - Unknown Product (CVE-2021-31761) - Medium [216] Description: Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.6. Based on NVD data |
46. Denial of Service - Unknown Product (CVE-2021-20185) - Medium [209] Description: It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on NVD data |
47. Elevation of Privilege - Unknown Product (CVE-2021-29449) - Medium [209] Description: Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
48. Unknown Vulnerability Type - Teams (CVE-2021-28146) - Medium [208] Description: The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0.6 | 14 | MS Office product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
49. Path Traversal - Unknown Product (CVE-2021-3019) - Low [189] Description: ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.4 | 15 | Path Traversal |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
50. Unknown Vulnerability Type - MyBB (CVE-2021-27279) - Low [181] Description: MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0.6 | 14 | MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open-source forum software developed by the MyBB Group |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
51. Denial of Service - Unknown Product (CVE-2021-27645) - Low [168] Description: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.2 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 2.5. Based on NVD data |
52. Denial of Service - Unknown Product (CVE-2021-29473) - Low [168] Description: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.2 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 2.5. Based on NVD data |
53. Information Disclosure - Unknown Product (CVE-2021-22132) - Low [148] Description: Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.8. Based on NVD data |
54. Path Traversal - Unknown Product (CVE-2021-29425) - Low [148] Description: In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..oo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.4 | 15 | Path Traversal |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on NVD data |
55. Denial of Service - Unknown Product (CVE-2021-3402) - Low [141] Description: An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
56. Unknown Vulnerability Type - Unknown Product (CVE-2021-26753) - Low [135] Description: NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.9. Based on NVD data |
57. Unknown Vulnerability Type - Unknown Product (CVE-2021-29462) - Low [135] Description: The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
58. Unknown Vulnerability Type - Unknown Product (CVE-2021-3466) - Low [135] Description: A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 1.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.8. Based on NVD data |
59. Unknown Vulnerability Type - Unknown Product (CVE-2021-21355) - Low [121] Description: TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.6. Based on NVD data |
60. Unknown Vulnerability Type - Unknown Product (CVE-2021-21372) - Low [121] Description: Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
61. Unknown Vulnerability Type - Unknown Product (CVE-2021-21380) - Low [121] Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
62. Unknown Vulnerability Type - Unknown Product (CVE-2021-21389) - Low [121] Description: BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
63. Unknown Vulnerability Type - Unknown Product (CVE-2021-22879) - Low [121] Description: Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
64. Unknown Vulnerability Type - Unknown Product (CVE-2021-26528) - Low [121] Description: The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.1. Based on NVD data |
65. Unknown Vulnerability Type - Unknown Product (CVE-2021-26529) - Low [121] Description: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.1. Based on NVD data |
66. Unknown Vulnerability Type - Unknown Product (CVE-2021-26530) - Low [121] Description: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 9.1. Based on NVD data |
67. Unknown Vulnerability Type - Unknown Product (CVE-2021-26752) - Low [121] Description: NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
68. Unknown Vulnerability Type - Unknown Product (CVE-2021-27513) - Low [121] Description: The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
69. Unknown Vulnerability Type - Unknown Product (CVE-2021-29448) - Low [121] Description: Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
70. Unknown Vulnerability Type - Unknown Product (CVE-2021-31760) - Low [121] Description: Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
71. Unknown Vulnerability Type - Unknown Product (CVE-2021-31762) - Low [121] Description: Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
72. Unknown Vulnerability Type - Unknown Product (CVE-2021-32102) - Low [121] Description: A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
73. Unknown Vulnerability Type - Unknown Product (CVE-2021-32104) - Low [121] Description: A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.9 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.8. Based on NVD data |
74. Unknown Vulnerability Type - Unknown Product (CVE-2021-21339) - Low [108] Description: TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
75. Unknown Vulnerability Type - Unknown Product (CVE-2021-21357) - Low [108] Description: TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.3. Based on NVD data |
76. Unknown Vulnerability Type - Unknown Product (CVE-2021-21359) - Low [108] Description: TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
77. Unknown Vulnerability Type - Unknown Product (CVE-2021-21374) - Low [108] Description: Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.1. Based on NVD data |
78. Unknown Vulnerability Type - Unknown Product (CVE-2021-22309) - Low [108] Description: There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
79. Unknown Vulnerability Type - Unknown Product (CVE-2021-27576) - Low [108] Description: If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
80. Unknown Vulnerability Type - Unknown Product (CVE-2021-28117) - Low [108] Description: libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
81. Unknown Vulnerability Type - Unknown Product (CVE-2021-28899) - Low [108] Description: Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
82. Unknown Vulnerability Type - Unknown Product (CVE-2021-29457) - Low [108] Description: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.8. Based on NVD data |
83. Unknown Vulnerability Type - Unknown Product (CVE-2021-31555) - Low [108] Description: An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.5. Based on NVD data |
84. Unknown Vulnerability Type - Unknown Product (CVE-2021-32101) - Low [108] Description: The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.8 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 8.2. Based on NVD data |
85. Unknown Vulnerability Type - Unknown Product (CVE-2021-20187) - Low [94] Description: It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.2. Based on NVD data |
86. Unknown Vulnerability Type - Unknown Product (CVE-2021-20714) - Low [94] Description: Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
87. Unknown Vulnerability Type - Unknown Product (CVE-2021-21435) - Low [94] Description: Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
88. Unknown Vulnerability Type - Unknown Product (CVE-2021-22877) - Low [94] Description: A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
89. Unknown Vulnerability Type - Unknown Product (CVE-2021-25920) - Low [94] Description: In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
90. Unknown Vulnerability Type - Unknown Product (CVE-2021-26271) - Low [94] Description: It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
91. Unknown Vulnerability Type - Unknown Product (CVE-2021-26272) - Low [94] Description: It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
92. Unknown Vulnerability Type - Unknown Product (CVE-2021-26713) - Low [94] Description: A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
93. Unknown Vulnerability Type - Unknown Product (CVE-2021-27250) - Low [94] Description: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
94. Unknown Vulnerability Type - Unknown Product (CVE-2021-27962) - Low [94] Description: Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 7.1. Based on NVD data |
95. Unknown Vulnerability Type - Unknown Product (CVE-2021-28147) - Low [94] Description: The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
96. Unknown Vulnerability Type - Unknown Product (CVE-2021-31548) - Low [94] Description: An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
97. Unknown Vulnerability Type - Unknown Product (CVE-2021-3482) - Low [94] Description: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.7 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.5. Based on NVD data |
98. Unknown Vulnerability Type - Unknown Product (CVE-2021-21338) - Low [81] Description: TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on NVD data |
99. Unknown Vulnerability Type - Unknown Product (CVE-2021-21373) - Low [81] Description: Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.9. Based on NVD data |
100. Unknown Vulnerability Type - Unknown Product (CVE-2021-25922) - Low [81] Description: In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on NVD data |
101. Unknown Vulnerability Type - Unknown Product (CVE-2021-28280) - Low [81] Description: CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on NVD data |
102. Unknown Vulnerability Type - Unknown Product (CVE-2021-28657) - Low [81] Description: A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
103. Unknown Vulnerability Type - Unknown Product (CVE-2021-29155) - Low [81] Description: An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
104. Unknown Vulnerability Type - Unknown Product (CVE-2021-31551) - Low [81] Description: An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 6.1. Based on NVD data |
105. Unknown Vulnerability Type - Unknown Product (CVE-2021-3446) - Low [81] Description: A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
106. Unknown Vulnerability Type - Unknown Product (CVE-2021-3505) - Low [81] Description: A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.6 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.5. Based on NVD data |
107. Unknown Vulnerability Type - Unknown Product (CVE-2021-20183) - Low [67] Description: It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
108. Unknown Vulnerability Type - Unknown Product (CVE-2021-20186) - Low [67] Description: It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
109. Unknown Vulnerability Type - Unknown Product (CVE-2021-21318) - Low [67] Description: Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
110. Unknown Vulnerability Type - Unknown Product (CVE-2021-21340) - Low [67] Description: TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
111. Unknown Vulnerability Type - Unknown Product (CVE-2021-21358) - Low [67] Description: TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
112. Unknown Vulnerability Type - Unknown Product (CVE-2021-21370) - Low [67] Description: TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
113. Unknown Vulnerability Type - Unknown Product (CVE-2021-21379) - Low [67] Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has Programming rights). Fortunately, no such macro exists by default in XWiki Standard but one could have been created or installed with an extension. This vulnerability has been patched in versions XWiki 12.6.3, 11.10.11 and 12.8-rc-1. There is no easy workaround other than disabling the affected macros. Inserting content in a safe way or knowing what is the user who called the wiki macro is not easy.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
114. Unknown Vulnerability Type - Unknown Product (CVE-2021-22321) - Low [67] Description: There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on NVD data |
115. Unknown Vulnerability Type - Unknown Product (CVE-2021-22878) - Low [67] Description: Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.8. Based on NVD data |
116. Unknown Vulnerability Type - Unknown Product (CVE-2021-25917) - Low [67] Description: In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.8. Based on NVD data |
117. Unknown Vulnerability Type - Unknown Product (CVE-2021-25918) - Low [67] Description: In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.8. Based on NVD data |
118. Unknown Vulnerability Type - Unknown Product (CVE-2021-25919) - Low [67] Description: In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.8. Based on NVD data |
119. Unknown Vulnerability Type - Unknown Product (CVE-2021-25921) - Low [67] Description: In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
120. Unknown Vulnerability Type - Unknown Product (CVE-2021-28145) - Low [67] Description: Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
121. Unknown Vulnerability Type - Unknown Product (CVE-2021-28378) - Low [67] Description: Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
122. Unknown Vulnerability Type - Unknown Product (CVE-2021-3137) - Low [67] Description: XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
123. Unknown Vulnerability Type - Unknown Product (CVE-2021-31545) - Low [67] Description: An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.3. Based on NVD data |
124. Unknown Vulnerability Type - Unknown Product (CVE-2021-31550) - Low [67] Description: An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
125. Unknown Vulnerability Type - Unknown Product (CVE-2021-31552) - Low [67] Description: An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
126. Unknown Vulnerability Type - Unknown Product (CVE-2021-31554) - Low [67] Description: An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 5.4. Based on NVD data |
127. Unknown Vulnerability Type - Unknown Product (CVE-2021-32103) - Low [67] Description: A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.5 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.8. Based on NVD data |
128. Unknown Vulnerability Type - Unknown Product (CVE-2021-20184) - Low [54] Description: It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on NVD data |
129. Unknown Vulnerability Type - Unknown Product (CVE-2021-21438) - Low [54] Description: Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on NVD data |
130. Unknown Vulnerability Type - Unknown Product (CVE-2021-22134) - Low [54] Description: A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on NVD data |
131. Unknown Vulnerability Type - Unknown Product (CVE-2021-22310) - Low [54] Description: There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.4. Based on NVD data |
132. Unknown Vulnerability Type - Unknown Product (CVE-2021-30156) - Low [54] Description: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on NVD data |
133. Unknown Vulnerability Type - Unknown Product (CVE-2021-31546) - Low [54] Description: An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on NVD data |
134. Unknown Vulnerability Type - Unknown Product (CVE-2021-31547) - Low [54] Description: An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on NVD data |
135. Unknown Vulnerability Type - Unknown Product (CVE-2021-31549) - Low [54] Description: An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.4 | 10 | Vulnerability Severity Rating based on CVSS Base Score is 4.3. Based on NVD data |
136. Unknown Vulnerability Type - Unknown Product (CVE-2021-2792) - Low [0] Description:
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
137. Unknown Vulnerability Type - Unknown Product (CVE-2021-28073) - Low [0] Description:
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
138. Unknown Vulnerability Type - Unknown Product (CVE-2021-32052) - Low [0] Description: In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
139. Unknown Vulnerability Type - Unknown Product (CVE-2021-3445) - Low [0] Description:
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |
140. Unknown Vulnerability Type - Unknown Product (CVE-2021-3500) - Low [0] Description:
component | value | weight | comment |
---|---|---|---|
Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
Criticality of Vulnerability Type | 0 | 15 | Unknown Vulnerability Type |
Vulnerable Product is Common | 0 | 14 | Unclassified product |
CVSS Base Score | 0.0 | 10 | Vulnerability Severity Rating based on CVSS Base Score is NA. No data. |