CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2021-31791 2021-04-23 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.
1502 CVE-2021-31795 2021-04-24 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.
1503 CVE-2021-31802 Exec Code Overflow 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.
1504 CVE-2021-31803 XSS 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
1505 CVE-2021-31815 +Info 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment "began several weeks ago and will be complete in the coming days."
1506 CVE-2021-31826 2021-04-27 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.
1507 CVE-2021-31856 Exec Code Sql 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).
1508 CVE-2021-31919 2021-04-30 2021-04-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.
1509 CVE-2021-31934 XSS 2021-04-30 2021-05-01
0.0
None ??? ??? ??? ??? ??? ???
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
1510 CVE-2021-31935 XSS 2021-04-30 2021-05-01
0.0
None ??? ??? ??? ??? ??? ???
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
1511 CVE-2021-32428 Sql 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.
1512 CVE-2021-33647 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers.
1513 CVE-2021-33648 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.
1514 CVE-2021-33649 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.
1515 CVE-2021-33650 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.
1516 CVE-2021-33651 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.
1517 CVE-2021-33652 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception.
1518 CVE-2021-33653 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.
1519 CVE-2021-33654 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.
1520 CVE-2021-33805 2021-06-03 2021-06-03
0.0
None ??? ??? ??? ??? ??? ???
In the reference implementation of FUSE before 2.9.8 and 3.x before 3.2.5, local attackers were able to specify the allow_other option even if forbidden in /etc/fuse.conf, leading to exposure of FUSE filesystems to other users. This issue only affects systems with SELinux active.
1521 CVE-2021-35036 Exec Code 2022-03-01 2022-03-01
0.0
None ??? ??? ??? ??? ??? ???
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.
1522 CVE-2021-37524 XSS 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php.
1523 CVE-2021-37770 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.
1524 CVE-2021-37778 Exec Code Overflow 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution.
1525 CVE-2021-37791 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.
1526 CVE-2021-38941 Exec Code +Info 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048.
1527 CVE-2021-38954 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414.
1528 CVE-2021-39047 XSS 2022-06-24 2022-06-24
0.0
None ??? ??? ??? ??? ??? ???
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.
1529 CVE-2021-39074 XSS 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
1530 CVE-2021-39330 XSS 2021-10-14 2021-11-10
0.0
None ??? ??? ??? ??? ??? ???
The Formidable Form Builder WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found in the ~/classes/helpers/FrmAppHelper.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 5.0.06. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
1531 CVE-2021-40553 Exec Code 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.
1532 CVE-2021-40597 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.
1533 CVE-2021-40606 DoS 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
1534 CVE-2021-40607 DoS 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
1535 CVE-2021-40608 DoS 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
1536 CVE-2021-40609 DoS 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
1537 CVE-2021-40642 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
1538 CVE-2021-40643 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").
1539 CVE-2021-40663 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').
1540 CVE-2021-40893 DoS 2022-06-24 2022-06-24
0.0
None ??? ??? ??? ??? ??? ???
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails.
1541 CVE-2021-40894 DoS 2022-06-24 2022-06-25
0.0
None ??? ??? ??? ??? ??? ???
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.
1542 CVE-2021-40895 DoS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements.
1543 CVE-2021-40896 DoS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails.
1544 CVE-2021-40897 DoS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls.
1545 CVE-2021-40898 DoS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files.
1546 CVE-2021-40899 DoS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.
1547 CVE-2021-40900 DoS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.
1548 CVE-2021-40901 DoS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.
1549 CVE-2021-40941 DoS 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS).
1550 CVE-2021-40942 DoS Overflow 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).
Total number of vulnerabilities : 2011   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.