Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20896 | 1 Ffmpeg | 1 Ffmpeg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. | |||||
| CVE-2020-20898 | 1 Ffmpeg | 1 Ffmpeg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||||
| CVE-2021-39515 | 1 Jpeg | 1 Libjpeg | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU() located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39516 | 1 Jpeg | 1 Libjpeg | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get() located in huffmandecoder.hpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39517 | 1 Jpeg | 1 Libjpeg | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39518 | 1 Jpeg | 1 Libjpeg | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow. | |||||
| CVE-2021-39519 | 1 Jpeg | 1 Libjpeg | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39520 | 1 Jpeg | 1 Libjpeg | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39544 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. file::WavFile::writeToFile() in wav_file.c has a heap-based buffer overflow. | |||||
| CVE-2021-39546 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. rice::RiceDecoder::process() in rice_decoder.cpp has a heap-based buffer overflow. | |||||
| CVE-2021-39551 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.c has a heap-based buffer overflow. | |||||
| CVE-2021-39550 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.cpp has a heap-based buffer overflow. | |||||
| CVE-2021-39552 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a heap-based buffer overflow. | |||||
| CVE-2021-39521 | 1 Gnu | 1 Libredwg | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39522 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow. | |||||
| CVE-2021-39523 | 1 Gnu | 1 Libredwg | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39525 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow. | |||||
| CVE-2021-39527 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow. | |||||
| CVE-2021-39528 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. | |||||
| CVE-2021-39530 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow. | |||||
| CVE-2021-39538 | 1 Pdftools Project | 1 Pdftools | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function node::ObjNode::Value() located in objnode.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39540 | 1 Pdftools Project | 1 Pdftools | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in pdftools through 20200714. A stack-buffer-overflow exists in the function Analyze::AnalyzePages() located in analyze.cpp. It allows an attacker to cause code Execution. | |||||
| CVE-2021-39539 | 1 Pdftools Project | 1 Pdftools | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function node::BDCNode::~BDCNode() located in bdcnode.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39542 | 1 Pdftools Project | 1 Pdftools | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function Font::Size() located in font.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39541 | 1 Pdftools Project | 1 Pdftools | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function Analyze::AnalyzeXref() located in analyze.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39543 | 1 Pdftools Project | 1 Pdftools | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the function Analyze::AnalyzeRoot() located in analyze.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39548 | 1 Sela Project | 1 Sela | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function frame::FrameDecoder::process() located in frame_decoder.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39547 | 1 Sela Project | 1 Sela | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function lpc::SampleGenerator::process() located in sample_generator.cpp. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39545 | 1 Sela Project | 1 Sela | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function rice::RiceDecoder::process() located in rice_decoder.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39549 | 1 Sela Project | 1 Sela | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function file::WavFile::WavFile() located in wav_file.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-3706 | 1 Pi-hole | 1 Web Interface | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | |||||
| CVE-2020-35340 | 1 Expertpdf | 1 Expertpdf | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | |||||
| CVE-2021-23028 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-09-24 | 4.3 MEDIUM | 7.5 HIGH |
| On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-3751 | 1 Libmobi Project | 1 Libmobi | 2021-09-24 | 7.5 HIGH | 9.8 CRITICAL |
| libmobi is vulnerable to Out-of-bounds Write | |||||
| CVE-2021-23036 | 1 F5 | 3 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager, Big-ip Datasafe | 2021-09-24 | 4.3 MEDIUM | 7.5 HIGH |
| On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-20569 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2021-09-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243. | |||||
| CVE-2021-20508 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2021-09-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322. | |||||
| CVE-2020-20671 | 1 Kitesky | 1 Kitecms | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | |||||
| CVE-2021-39391 | 1 Beego | 1 Beego | 2021-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page. | |||||
| CVE-2021-29841 | 2 Ibm, Linux | 5 Aix, Financial Transaction Manager, Linux On Zseries and 2 more | 2021-09-24 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. | |||||
| CVE-2021-23041 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 8 more | 2021-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23040 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2021-09-24 | 6.5 MEDIUM | 8.8 HIGH |
| On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23046 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2021-09-24 | 3.5 LOW | 4.9 MEDIUM |
| On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-41033 | 1 Eclipse | 1 Equinox | 2021-09-24 | 6.8 MEDIUM | 8.1 HIGH |
| In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code. | |||||
| CVE-2021-23042 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-09-24 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-35313 | 2021-09-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-23043 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-09-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2020-21049 | 1 Libsixel Project | 1 Libsixel | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. | |||||
| CVE-2020-21048 | 1 Libsixel Project | 1 Libsixel | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file. | |||||
| CVE-2021-38175 | 1 Sap | 1 Analysis For Microsoft Office | 2021-09-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality. | |||||