Search Results (366888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3799 1 Getgrav 1 Grav-plugin-admin 2024-11-21 5.4 Medium
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
CVE-2021-3798 2 Opencryptoki Project, Redhat 2 Opencryptoki, Enterprise Linux 2024-11-21 5.5 Medium
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
CVE-2021-3797 1 Hestiacp 1 Control Panel 2024-11-21 9.8 Critical
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
CVE-2021-3796 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more 2024-11-21 7.3 High
vim is vulnerable to Use After Free
CVE-2021-3795 2 Redhat, Semver-regex Project 2 Acm, Semver-regex 2024-11-21 7.5 High
semver-regex is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3793 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2024-11-21 6.5 Medium
An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware.
CVE-2021-3792 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2024-11-21 5.3 Medium
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.
CVE-2021-3791 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2024-11-21 6.5 Medium
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.
CVE-2021-3790 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2024-11-21 6.5 Medium
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.
CVE-2021-3789 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2024-11-21 4.2 Medium
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
CVE-2021-3788 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2024-11-21 6.8 Medium
An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device.
CVE-2021-3787 1 Binatoneglobal 42 Cn28, Cn28 Firmware, Cn40 and 39 more 2024-11-21 6.4 Medium
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.
CVE-2021-3786 1 Lenovo 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more 2024-11-21 4.4 Medium
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.
CVE-2021-3785 1 Yourls 1 Yourls 2024-11-21 5.4 Medium
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3783 1 Yourls 1 Yourls 2024-11-21 6.1 Medium
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3781 2 Artifex, Fedoraproject 2 Ghostscript, Fedora 2024-11-21 9.9 Critical
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3780 1 Framasoft 1 Peertube 2024-11-21 6.1 Medium
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3779 1 Ruby-mysql Project 1 Ruby-mysql 2024-11-21 6.5 Medium
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.
CVE-2021-3778 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more 2024-11-21 7.8 High
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3777 1 Tmpl Project 1 Tmpl 2024-11-21 7.5 High
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity