Search Results (366572 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45408 1 Seeddms 1 Seeddms 2024-11-21 6.1 Medium
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.
CVE-2021-45406 1 Salonerp Project 1 Salonerp 2024-11-21 8.8 High
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
CVE-2021-45402 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
CVE-2021-45401 1 Tendacn 2 Ac10u, Ac10u Firmware 2024-11-21 9.8 Critical
A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused because the client controlled "deviceName" value is passed directly to the "doSystemCmd" function.
CVE-2021-45394 1 Html2pdf Project 1 Html2pdf 2024-11-21 8.8 High
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document.
CVE-2021-45392 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.5 High
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.
CVE-2021-45391 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.5 High
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.
CVE-2021-45389 1 Starwind 2 Command Center, San\&nas 2024-11-21 9.8 Critical
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
CVE-2021-45387 1 Broadcom 1 Tcpreplay 2024-11-21 5.5 Medium
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.
CVE-2021-45386 1 Broadcom 1 Tcpreplay 2024-11-21 5.5 Medium
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c
CVE-2021-45385 1 Rockcarry 1 Ffjpeg 2024-11-21 6.5 Medium
A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438.
CVE-2021-45380 1 Appcms 1 Appcms 2024-11-21 6.1 Medium
AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php
CVE-2021-45379 1 Glewlwyd Project 1 Glewlwyd 2024-11-21 8.8 High
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
CVE-2021-45364 1 Statamic 1 Statamic 2024-11-21 9.8 Critical
A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product
CVE-2021-45357 1 Piwigo 1 Piwigo 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.
CVE-2021-45348 1 Attendance Management System Project 1 Attendance Management System 2024-11-21 7.5 High
An Arbitrary File Deletion vulnerability exists in SourceCodester Attendance Management System v1.0 via the csv parameter in admin/pageUploadCSV.php, which can cause a Denial of Service (crash).
CVE-2021-45347 1 Zzcms 1 Zzcms 2024-11-21 7.5 High
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
CVE-2021-45346 2 Netapp, Sqlite 2 Ontap Select Deploy Administration Utility, Sqlite 2024-11-21 4.3 Medium
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
CVE-2021-45343 3 Debian, Fedoraproject, Librecad 3 Debian Linux, Fedora, Librecad 2024-11-21 5.5 Medium
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.
CVE-2021-45342 3 Debian, Fedoraproject, Librecad 3 Debian Linux, Fedora, Librecad 2024-11-21 7.8 High
A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.