Search Results (365339 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35368 3 Debian, Fedoraproject, Owasp 3 Debian Linux, Fedora, Owasp Modsecurity Core Rule Set 2024-11-21 9.8 Critical
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
CVE-2021-35361 1 Dotcms 1 Dotcms 2024-11-21 4.8 Medium
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
CVE-2021-35360 1 Dotcms 1 Dotcms 2024-11-21 4.8 Medium
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
CVE-2021-35358 1 Dotcms 1 Dotcms 2024-11-21 4.8 Medium
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters.
CVE-2021-35346 1 Tsmuxer Project 1 Tsmuxer 2024-11-21 9.8 Critical
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp.
CVE-2021-35344 1 Tsmuxer Project 1 Tsmuxer 2024-11-21 9.8 Critical
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.
CVE-2021-35343 1 Seeddms 1 Seeddms 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
CVE-2021-35342 1 Northern.tech 2 Mender, Useradm 2024-11-21 7.5 High
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
CVE-2021-35337 1 Phone Shop Sales Management System Project 1 Phone Shop Sales Management System 2024-11-21 4.3 Medium
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
CVE-2021-35336 1 Tieline 2 Ip Audtio Gateway, Ip Audtio Gateway Firmware 2024-11-21 9.8 Critical
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.
CVE-2021-35331 1 Tcl 1 Tcl 2024-11-21 7.8 High
In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding
CVE-2021-35327 1 Totolink 2 A720r, A720r Firmware 2024-11-21 9.8 Critical
A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.
CVE-2021-35326 1 Totolink 2 A720r, A720r Firmware 2024-11-21 7.5 High
A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.
CVE-2021-35325 1 Totolink 2 A720r, A720r Firmware 2024-11-21 7.5 High
A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).
CVE-2021-35324 1 Totolink 2 A720r, A720r Firmware 2024-11-21 9.8 Critical
A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.
CVE-2021-35323 1 Bludit 1 Bludit 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
CVE-2021-35312 1 Gestionaleamica 1 Amica Prodigy 2024-11-21 7.8 High
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.
CVE-2021-35309 1 Samsung 1 Syncthru Web Service 2024-11-21 7.5 High
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
CVE-2021-35307 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the AP4_DescriptorFinder::Test component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).
CVE-2021-35306 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the function AP4_StszAtom::WriteFields located in Ap4StszAtom.cpp. It allows an attacker to cause a denial of service (DOS).