Total
65423 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-27641 | 1 Sap | 1 3d Visual Enterprise Viewer | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
CVE-2021-28658 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. | |||||
CVE-2021-30582 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2021-0556 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172716941 | |||||
CVE-2021-31731 | 1 Kitesky | 1 Kitecms | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. | |||||
CVE-2021-3279 | 1 Fortics | 1 Szchat | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
sz.chat version 4 allows injection of web scripts and HTML in the message box. | |||||
CVE-2021-34333 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295) | |||||
CVE-2021-31505 | 1 Arlo | 2 Q Plus, Q Plus Firmware | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890. | |||||
CVE-2021-30002 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | 2.1 LOW | 6.2 MEDIUM |
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. | |||||
CVE-2021-24231 | 1 Patreon | 1 Patreon Wordpress | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link. | |||||
CVE-2021-24407 | 1 Tielabs | 1 Jannah | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability. | |||||
CVE-2021-31643 | 1 Chiyu-tech | 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. | |||||
CVE-2021-3507 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. | |||||
CVE-2021-20752 | 1 Ikalka Rss Reader Project | 1 Ikalka Rss Reader | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
CVE-2021-21483 | 1 Sap | 1 Solution Manager | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application. | |||||
CVE-2021-32613 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | |||||
CVE-2021-23395 | 1 Nedb Project | 1 Nedb | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload. | |||||
CVE-2010-4264 | 1 Vanillaforums | 1 Vanilla Forums | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. | |||||
CVE-2021-27455 | 1 Deltaww | 1 Dopsoft | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. | |||||
CVE-2021-2173 | 1 Oracle | 1 Database Server | 2023-12-10 | 4.0 MEDIUM | 4.1 MEDIUM |
Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). |