Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40969 | 1 Spotweb Project | 1 Spotweb | 2021-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. | |||||
| CVE-2021-32275 | 1 Grame | 1 Faust | 2021-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function CosPrim::computeSigOutput() located in cosprim.hh. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32273 | 1 Faad2 Project | 1 Faad2 | 2021-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. | |||||
| CVE-2021-32281 | 1 Creolabs | 1 Gravity | 2021-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnode_function_add_upvalue located in gravity_ast.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32284 | 1 Creolabs | 1 Gravity | 2021-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_register_pop_context_protect() located in gravity_ircode.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32283 | 1 Creolabs | 1 Gravity | 2021-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function gravity_string_to_value() located in gravity_value.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32285 | 1 Creolabs | 1 Gravity | 2021-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32287 | 1 Nokia | 1 Heif | 2021-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32286 | 1 Hcxtools Project | 1 Hcxtoold | 2021-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32288 | 1 Nokia | 1 Heif | 2021-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. | |||||
| CVE-2021-39533 | 1 Juniper | 1 Libslax | 2021-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a heap-based buffer overflow. | |||||
| CVE-2021-32272 | 1 Faad2 Project | 1 Faad2 | 2021-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution. | |||||
| CVE-2021-32271 | 1 Gpac | 1 Gpac | 2021-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32270 | 1 Gpac | 1 Gpac | 2021-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32269 | 1 Gpac | 1 Gpac | 2021-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32289 | 1 Nokia | 1 Heif | 2021-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP() located in nalutil.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32294 | 1 Linuxsampler | 1 Libgig | 2021-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32297 | 1 Lief-project | 1 Lief | 2021-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32299 | 1 Pbrt Project | 1 Pbrt | 2021-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in pbrt through 20200627. A stack-buffer-overflow exists in the function pbrt::ParamSet::ParamSet() located in paramset.h. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32298 | 1 Libiff Project | 1 Libiff | 2021-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libiff through 20190123. A global-buffer-overflow exists in the function IFF_errorId located in error.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-39514 | 1 Jpeg | 1 Libjpeg | 2021-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39531 | 1 Juniper | 1 Libslax | 2021-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a stack-based buffer overflow. | |||||
| CVE-2021-39532 | 1 Juniper | 1 Libslax | 2021-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libslax through v0.22.1. A NULL pointer dereference exists in the function slaxLexer() located in slaxlexer.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39534 | 1 Juniper | 1 Libslax | 2021-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libslax through v0.22.1. slaxIsCommentStart() in slaxlexer.c has a heap-based buffer overflow. | |||||
| CVE-2021-39535 | 1 Libxsmm Project | 1 Libxsmm | 2021-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer dereference exists in JIT code. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39536 | 1 Libxsmm Project | 1 Libxsmm | 2021-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libxsmm through v1.16.1-93. The JIT code has a heap-based buffer overflow. | |||||
| CVE-2021-23444 | 1 Client | 1 Jointjs | 2021-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function. | |||||
| CVE-2020-23269 | 1 Gpac | 1 Gpac | 2021-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. | |||||
| CVE-2021-40868 | 1 Cloudron | 1 Cloudron | 2021-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. | |||||
| CVE-2021-39339 | 1 Telefication | 1 Telefication | 2021-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0. | |||||
| CVE-2021-0612 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2021-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834. | |||||
| CVE-2021-0611 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2021-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425810. | |||||
| CVE-2021-36218 | 1 Skale | 1 Sgxwallet | 2021-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0 | |||||
| CVE-2020-20902 | 1 Ffmpeg | 1 Ffmpeg | 2021-10-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. | |||||
| CVE-2021-0660 | 2 Google, Mediatek | 5 Android, Mt6779, Mt6853 and 2 more | 2021-10-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145. | |||||
| CVE-2021-36219 | 1 Skale | 1 Sgxwallet | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0. | |||||
| CVE-2021-38124 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. | |||||
| CVE-2021-40097 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. | |||||
| CVE-2021-40098 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. | |||||
| CVE-2021-24638 | 1 Ffw | 1 Omgf | 2021-10-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. | |||||
| CVE-2021-40103 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. | |||||
| CVE-2021-40105 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. | |||||
| CVE-2021-40349 | 1 Speed Test Project | 1 Speed Test | 2021-10-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring. | |||||
| CVE-2021-40106 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. | |||||
| CVE-2021-40981 | 1 Asus | 1 Armoury Crate Lite Service | 2021-10-01 | 4.4 MEDIUM | 7.3 HIGH |
| ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. | |||||
| CVE-2021-0422 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2021-10-01 | 2.1 LOW | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071. | |||||
| CVE-2021-0424 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2021-10-01 | 2.1 LOW | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787. | |||||
| CVE-2021-31604 | 1 Openvpn-monitor Project | 1 Openvpn-monitor | 2021-10-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. | |||||
| CVE-2021-0425 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2021-10-01 | 2.1 LOW | 5.5 MEDIUM |
| In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05400059. | |||||
| CVE-2021-0610 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2021-10-01 | 4.6 MEDIUM | 7.8 HIGH |
| In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05411456. | |||||