Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38499 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93. | |||||
| CVE-2021-38495 | 1 Mozilla | 2 Firefox Esr, Thunderbird | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1. | |||||
| CVE-2021-38494 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92. | |||||
| CVE-2021-38493 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. | |||||
| CVE-2021-43266 | 1 Mahara | 1 Mahara | 2022-05-03 | 4.6 MEDIUM | 7.3 HIGH |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution | |||||
| CVE-2021-36183 | 1 Fortinet | 1 Forticlient | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. | |||||
| CVE-2021-36993 | 1 Huawei | 2 Emui, Magic Ui | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Memory leaks vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-36985 | 1 Huawei | 2 Emui, Magic Ui | 2022-05-03 | 7.8 HIGH | 7.5 HIGH |
| There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart. | |||||
| CVE-2021-41306 | 1 Atlassian | 3 Jira, Jira Server, Jira Software Data Center | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. | |||||
| CVE-2021-41305 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.. | |||||
| CVE-2021-42836 | 1 Gjson Project | 1 Gjson | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. | |||||
| CVE-2021-30829 | 1 Apple | 2 Mac Os X, Macos | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files. | |||||
| CVE-2021-20599 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. | |||||
| CVE-2021-37777 | 1 Gilacms | 1 Gila Cms | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure. | |||||
| CVE-2021-37106 | 1 Huawei | 1 Fusioncompute | 2022-05-03 | 9.0 HIGH | 7.2 HIGH |
| There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. | |||||
| CVE-2021-23243 | 2 Google, Oppo | 36 Android, Oppo A12, Oppo A15 and 33 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. | |||||
| CVE-2021-30665 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-30772 | 1 Apple | 2 Mac Os X, Macos | 2022-05-03 | 9.3 HIGH | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-30724 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges. | |||||
| CVE-2021-33285 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2022-05-03 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild. | |||||
| CVE-2021-36232 | 1 Unit4 | 1 Mik.starlight | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. | |||||
| CVE-2021-35062 | 1 Testzentrum-odw | 1 Testerfassung | 2022-05-03 | 9.3 HIGH | 8.1 HIGH |
| A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server. | |||||
| CVE-2021-36690 | 2 Oracle, Sqlite | 2 Zfs Storage Appliance Kit, Sqlite | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. | |||||
| CVE-2021-39282 | 1 Live555 | 1 Live555 | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. | |||||
| CVE-2021-29990 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91. | |||||
| CVE-2021-29989 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29984 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-27790 | 1 Broadcom | 1 Fabric Operating System | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account. | |||||
| CVE-2021-36770 | 3 Fedoraproject, P5-encode Project, Perl | 3 Fedora, P5-encode, Perl | 2022-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. | |||||
| CVE-2021-38085 | 1 Canon | 2 Pixma Tr150, Pixma Tr150 Firmware | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process). | |||||
| CVE-2021-38387 | 1 Contiki-os | 1 Contiki | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption. | |||||
| CVE-2021-22385 | 1 Huawei | 2 Emui, Magic Ui | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | |||||
| CVE-2020-36458 | 1 Lexer Project | 1 Lexer | 2022-05-03 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T: Send, E: Send. | |||||
| CVE-2020-36447 | 1 V9 Project | 1 V9 | 2022-05-03 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef<T>. | |||||
| CVE-2021-32577 | 1 Acronis | 1 True Image | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. | |||||
| CVE-2021-22420 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing.. | |||||
| CVE-2021-31630 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2022-05-03 | 9.0 HIGH | 8.8 HIGH |
| Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. | |||||
| CVE-2021-22413 | 1 Huawei | 2 Emui, Magic Ui | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | |||||
| CVE-2021-25803 | 1 Videolan | 1 Vlc Media Player | 2022-05-03 | 5.8 MEDIUM | 7.1 HIGH |
| A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | |||||
| CVE-2021-25802 | 1 Videolan | 1 Vlc Media Player | 2022-05-03 | 5.8 MEDIUM | 7.1 HIGH |
| A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | |||||
| CVE-2021-25801 | 1 Videolan | 1 Vlc Media Player | 2022-05-03 | 5.8 MEDIUM | 7.1 HIGH |
| A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | |||||
| CVE-2021-22125 | 1 Fortinet | 1 Fortisandbox | 2022-05-03 | 9.0 HIGH | 7.2 HIGH |
| An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. | |||||
| CVE-2021-36716 | 1 Segment | 1 Is-email | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU. | |||||
| CVE-2020-23219 | 1 Monstra | 1 Monstra Cms | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | |||||
| CVE-2021-23275 | 1 Tibco | 4 Enterprise Runtime For R, Spotfire Analytics Platform, Spotfire Server and 1 more | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0. | |||||
| CVE-2021-29967 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. | |||||
| CVE-2021-29966 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. | |||||
| CVE-2021-29947 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. | |||||
| CVE-2021-22361 | 1 Huawei | 4 Ecns280, Ecns280 Firmware, Ese620x Vess and 1 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service. | |||||
| CVE-2020-25755 | 1 Enphase | 2 Envoy, Envoy Firmware | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter. | |||||