CVE-2021-20087
- Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.
Published:
April 23, 2021; 2:15:08 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-20088
- Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.
Published:
April 23, 2021; 2:15:08 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-20086
- Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.
Published:
April 23, 2021; 3:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-20089
- Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype.
Published:
April 23, 2021; 3:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-31540
- Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the applicat...
read CVE-2021-31540
Published:
April 23, 2021; 1:15:08 PM -0400
CVE-2021-31539
- Wowza Streaming Engine through 4.8.5 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
Published:
April 23, 2021; 1:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-2273
- Vulnerability in the Oracle Legal Entity Configurator product of Oracle E-Business Suite (component: Create Contracts). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with ne...
read CVE-2021-2273
Published:
April 22, 2021; 6:15:16 PM -0400
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2021-31794
- Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.
Published:
April 24, 2021; 4:15:07 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-27933
- pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
Published:
April 28, 2021; 3:15:07 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-20515
- IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. ...
read CVE-2021-20515
Published:
April 30, 2021; 12:15:07 PM -0400
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2021-27973
- SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
Published:
April 02, 2021; 3:15:20 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-11857
- An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user
Published:
September 22, 2020; 10:15:12 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-22502
- Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
Published:
February 08, 2021; 5:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-22664
- CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
Published:
April 27, 2021; 9:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-35430
- SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.
Published:
April 29, 2021; 1:15:08 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-21341
- XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execu...
read CVE-2021-21341
Published:
March 22, 2021; 8:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-21342
- XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. X...
read CVE-2021-21342
Published:
March 22, 2021; 8:15:12 PM -0400
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2021-21343
- XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. X...
read CVE-2021-21343
Published:
March 22, 2021; 8:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-21344
- XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the proce...
read CVE-2021-21344
Published:
March 22, 2021; 8:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-21345
- XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the p...
read CVE-2021-21345
Published:
March 22, 2021; 8:15:12 PM -0400
V3.1: 9.9 CRITICAL
V2.0: 6.5 MEDIUM