CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2021-40943 DoS 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).
1552 CVE-2021-40944 DoS 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).
1553 CVE-2021-41460 Sql +Info 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
1554 CVE-2021-41506 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.
1555 CVE-2021-41559 2022-06-28 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
1556 CVE-2021-41687 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.
1557 CVE-2021-41688 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.
1558 CVE-2021-41689 Overflow 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
1559 CVE-2021-41690 +Info 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.
1560 CVE-2021-41995 Bypass 2022-06-30 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
1561 CVE-2021-42056 Exec Code 2022-06-24 2022-06-24
0.0
None ??? ??? ??? ??? ??? ???
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.
1562 CVE-2021-43085 2022-03-24 2022-03-24
0.0
None ??? ??? ??? ??? ??? ???
An Insecure Permissions vulnerability exists in the OpenSSL Project 3.0 due to an error in the implementation of the CMAC_Final() function.
1563 CVE-2021-43116 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
1564 CVE-2021-43702 XSS 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
1565 CVE-2021-44915 Sql 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
1566 CVE-2021-45774 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A NULL pointer dereference in help() at inetutils/telnet/commands.c of GNU Inetutils v2.2.16-cf091 can lead to a segmentation fault or application crash.
1567 CVE-2021-45775 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
GNU Inetutils 2.2.16-cf091 was discovered to contain an infinite loop in domacro at domacro.c.
1568 CVE-2021-45778 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A NULL pointer dereference in setnmap() at cmds.c of GNU Inetutils v2.2.16-cf091 can lead to a segmentation fault or application crash.
1569 CVE-2021-45779 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A NULL pointer dereference in unsetcmd() at inetutils/telnet/commands.c of GNU Inetutils v2.2.16-cf091 can lead to a segmentation fault or application crash.
1570 CVE-2021-45780 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
GNU Inetutils commit cf091 was discovered to contain a memory leak via the ifconfig function.
1571 CVE-2021-45781 Overflow 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
GNU Inetutils 2.2.16-cf091 was discovered to contain a heap-based buffer overflow via the component logger at inetutils/src/logger.c.
1572 CVE-2021-45782 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
An untrusted pointer dereference in getcmd() at inetutils/src/tftp.c of GNU Inetutils v2.2.16-cf091 can lead to a segmentation fault or application crash.
1573 CVE-2021-45817 XSS 2022-01-03 2022-01-03
0.0
None ??? ??? ??? ??? ??? ???
Web Viewer for Hanwha DVR version 2.17 is affected by a Cross Site Scripting (XSS) vulnerability that allows an attacker to inject malicious JavaScript codes.
1574 CVE-2021-45959 Overflow 2022-01-01 2022-01-02
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** {fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8::detail::dragonbox::umul192_upper64 (called from fmt::v8::detail::dragonbox::cache_accessor<double>::compute_mul and fmt::v8::detail::dragonbox::decimal_fp<double> fmt::v8::detail::dragonbox::to_de). NOTE: the vendor states that "This is one of a series of false positives [caused by a] fuzzing infra issue."
1575 CVE-2021-46439 2022-03-31 2022-04-01
0.0
None ??? ??? ??? ??? ??? ???
The WinSEGAV AutoConfig service in EG Free Antivirus v2020 suffers from a local privilege escalation vulnerability, due to unquoted paths in the service's executable path.
1576 CVE-2021-46443 2022-04-01 2022-04-01
0.0
None ??? ??? ??? ??? ??? ???
Spoofer 1.4.6 suffers from unquoted service paths vulnerability. An attacker as a low privileged local user can hijack the execution flow of the application to escalate privileges by inserting a malicious executable in a higher level directory with the vulnerable path.
1577 CVE-2022-0085 918 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
1578 CVE-2022-0167 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.
1579 CVE-2022-0177 79 XSS 2022-01-24 2022-01-25
0.0
None ??? ??? ??? ??? ??? ???
Cross-site Scripting (XSS) - DOM in GitHub repository mrdoob/three.js prior to 0.137.0.
1580 CVE-2022-0250 79 XSS 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting
1581 CVE-2022-0444 862 CSRF 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.
1582 CVE-2022-0624 639 Bypass 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.
1583 CVE-2022-0722 200 +Info 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.
1584 CVE-2022-0875 352 XSS CSRF 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
1585 CVE-2022-0987 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
1586 CVE-2022-1010 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
1587 CVE-2022-1028 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
1588 CVE-2022-1029 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
1589 CVE-2022-1095 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1590 CVE-2022-1113 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Flower Delivery by Florist One WordPress plugin through 3.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups)
1591 CVE-2022-1301 79 XSS 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
1592 CVE-2022-1321 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
1593 CVE-2022-1326 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
1594 CVE-2022-1327 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Image Gallery - Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
1595 CVE-2022-1470 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
1596 CVE-2022-1572 862 CSRF 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file
1597 CVE-2022-1573 352 CSRF 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them
1598 CVE-2022-1574 434 CSRF 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server
1599 CVE-2022-1593 352 XSS CSRF 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack
1600 CVE-2022-1625 Bypass CSRF 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.
Total number of vulnerabilities : 2011   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.