CVE-2021-38149
index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS.
Source: CVE-2021-38149
[월:] 2021년 08월
CVE-2021-32587
CVE-2021-32587
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.
Source: CVE-2021-32587
CVE-2021-32597
CVE-2021-32597
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
Source: CVE-2021-32597
CVE-2020-22392
CVE-2020-22392
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
Source: CVE-2020-22392
CVE-2021-3591
CVE-2021-3591
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Source: CVE-2021-3591
CVE-2021-3655
CVE-2021-3655
A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
Source: CVE-2021-3655
CVE-2021-3642
CVE-2021-3642
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.
Source: CVE-2021-3642
CVE-2021-32003
CVE-2021-32003
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
Source: CVE-2021-32003
CVE-2021-37156
CVE-2021-37156
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user’s account, but the intended behavior is for those sessions to be terminated.
Source: CVE-2021-37156
CVE-2021-35325
CVE-2021-35325
A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).
Source: CVE-2021-35325