Search Results (366603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-46836 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-46830 1 Helpsystems 1 Goanywhere Managed File Transfer 2024-11-21 6.5 Medium
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.
CVE-2021-46829 4 Debian, Fedoraproject, Gnome and 1 more 4 Debian Linux, Fedora, Gdk-pixbuf and 1 more 2024-11-21 7.8 High
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
CVE-2021-46827 1 Sync 5 Oxygen Publishing Engine, Oxygen Xml Author, Oxygen Xml Developer and 2 more 2024-11-21 6.1 Medium
An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.
CVE-2021-46825 1 Broadcom 2 Advanced Secure Gateway, Proxysg 2024-11-21 9.1 Critical
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2021-46824 1 School File Management System Project 1 School File Management System 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.
CVE-2021-46823 1 Python-ldap 1 Python-ldap 2024-11-21 6.5 Medium
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2021-46822 2 Libjpeg-turbo, Redhat 2 Libjpeg-turbo, Enterprise Linux 2024-11-21 5.5 Medium
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.
CVE-2021-46820 1 Xos-shop 1 Xos Shop System 2024-11-21 8.1 High
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php
CVE-2021-46814 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 7.5 High
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
CVE-2021-46813 1 Huawei 2 Emui, Magic Ui 2024-11-21 7.5 High
Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46812 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.
CVE-2021-46811 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 5.3 Medium
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.
CVE-2021-46790 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 7.8 High
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE-2021-46789 1 Huawei 2 Emui, Magic Ui 2024-11-21 7.5 High
Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability.
CVE-2021-46788 1 Huawei 2 Emui, Magic Ui 2024-11-21 7.5 High
Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.
CVE-2021-46787 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 7.5 High
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.
CVE-2021-46786 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 9.8 Critical
The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2021-46785 1 Huawei 2 Emui, Harmonyos 2024-11-21 5.3 Medium
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.
CVE-2021-46784 3 Debian, Redhat, Squid-cache 5 Debian Linux, Enterprise Linux, Rhel E4s and 2 more 2024-11-21 6.5 Medium
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.