Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39553 | 1 Swftools | 1 Swftools | 2021-09-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in gmem.cc. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39557 | 1 Swftools | 1 Swftools | 2021-09-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function copyString() located in gmem.cc. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39556 | 1 Swftools | 1 Swftools | 2021-09-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D1() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39555 | 1 Swftools | 1 Swftools | 2021-09-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D0() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39559 | 1 Swftools | 1 Swftools | 2021-09-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function GString::~GString() located in GString.cc. It allows an attacker to cause Denial of Service. | |||||
| CVE-2020-19148 | 1 Jflyfox | 1 Jfinal Cms | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'. | |||||
| CVE-2020-19156 | 1 Ari-soft | 1 Ari Adminer | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called. | |||||
| CVE-2020-19158 | 1 S-cms | 1 S-cms | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. | |||||
| CVE-2020-19157 | 1 Wenkucms Project | 1 Wenkucms | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'. | |||||
| CVE-2021-21489 | 1 Sap | 1 Netweaver Enterprise Portal | 2021-09-22 | 3.5 LOW | 4.8 MEDIUM |
| SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content. | |||||
| CVE-2021-32202 | 1 Cs-cart | 1 Cs-cart | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page. | |||||
| CVE-2021-39562 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function FileStream::makeSubStream() located in Stream.cc. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39563 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39575 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function dump_method() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2020-29075 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-39585 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39584 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() located in pool.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39583 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2() located in pool.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2020-27970 | 1 Yandex | 1 Yandex Browser | 2021-09-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar | |||||
| CVE-2021-40214 | 1 Gibbonedu | 1 Gibbon | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. | |||||
| CVE-2020-3222 | 1 Cisco | 1 Ios Xe | 2021-09-22 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass. | |||||
| CVE-2021-39587 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpABC() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-38325 | 1 User-activation-email Project | 1 User-activation-email | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0. | |||||
| CVE-2021-39588 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_ReadABC() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-25464 | 1 Samsung | 1 Capture | 2021-09-22 | 2.1 LOW | 5.5 MEDIUM |
| An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak. | |||||
| CVE-2021-39589 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parse_metadata() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-25450 | 1 Google | 1 Android | 2021-09-22 | 3.3 LOW | 6.5 MEDIUM |
| Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. | |||||
| CVE-2021-39591 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingBox() located in swfshape.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39590 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function params_dump() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39592 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_uint() located in pool.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32137 | 1 Gpac | 1 Gpac | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||||
| CVE-2021-32134 | 1 Gpac | 1 Gpac | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
| CVE-2021-32135 | 1 Gpac | 1 Gpac | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
| CVE-2021-39593 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_FontExtract_DefineFontInfo() located in swftext.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32132 | 1 Gpac | 1 Gpac | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
| CVE-2021-29643 | 1 Paessler | 1 Prtg Network Monitor | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a User Object in a connected Active Directory instance. | |||||
| CVE-2021-22526 | 1 Microfocus | 1 Access Manager | 2021-09-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-39594 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Other An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function updateusage() located in swftext.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39596 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_parse() located in code.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-22524 | 1 Microfocus | 1 Access Manager | 2021-09-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-39597 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_dump2() located in code.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39598 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function callcode() located in code.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-22528 | 1 Microfocus | 1 Access Manager | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-25459 | 1 Google | 1 Android | 2021-09-22 | 2.1 LOW | 5.5 MEDIUM |
| An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. | |||||
| CVE-2021-25454 | 1 Google | 1 Android | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. | |||||
| CVE-2021-38316 | 1 Wp Academic People List Project | 1 Wp Academic People List | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1. | |||||
| CVE-2021-38317 | 1 Kibokolabs | 1 Konnichiwa | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3. | |||||
| CVE-2021-38318 | 1 3d Cover Carousel Project | 1 3d Cover Carousel | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-38319 | 1 Windyroad | 1 More From Google | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2. | |||||
| CVE-2021-38320 | 1 Simplesamlphp Authentication Project | 1 Simplesamlphp Authentication | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0. | |||||