Search Results (366603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-46782 1 Supsystic 1 Price Table 2024-11-21 6.1 Medium
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-46781 1 Subsystic 1 Coming Soon 2024-11-21 6.1 Medium
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-46780 1 Supsystic 1 Easy Google Maps 2024-11-21 6.1 Medium
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-46778 1 Amd 358 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 355 more 2024-11-21 5.6 Medium
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
CVE-2021-46774 1 Amd 274 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 271 more 2024-11-21 6.7 Medium
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVE-2021-46771 1 Amd 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more 2024-11-21 7.8 High
Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.
CVE-2021-46766 1 Amd 56 Epyc 9124, Epyc 9124 Firmware, Epyc 9174f and 53 more 2024-11-21 2.5 Low
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
CVE-2021-46758 1 Amd 122 Ryzen 3 4300u, Ryzen 3 4300u Firmware, Ryzen 3 5125c and 119 more 2024-11-21 6.1 Medium
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.
CVE-2021-46754 1 Amd 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more 2024-11-21 9.1 Critical
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.
CVE-2021-46744 1 Amd 198 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 195 more 2024-11-21 6.5 Medium
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.
CVE-2021-46743 1 Google 1 Firebase Php-jwt 2024-11-21 9.1 Critical
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.
CVE-2021-46742 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 9.1 Critical
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.
CVE-2021-46741 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 7.5 High
The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.
CVE-2021-46740 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-46709 1 Phpliteadmin 1 Phpliteadmin 2024-11-21 6.1 Medium
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).
CVE-2021-46708 1 Smartbear 1 Swagger-ui-dist 2024-11-21 6.1 Medium
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVE-2021-46705 3 Gnu, Opensuse, Suse 3 Grub2, Factory, Linux Enterprise Server 2024-11-21 5.1 Medium
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
CVE-2021-46704 1 Genieacs 1 Genieacs 2024-11-21 9.8 Critical
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
CVE-2021-46703 1 Razorengine Project 1 Razorengine 2024-11-21 9.8 Critical
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-46702 2 Microsoft, Torproject 2 Windows, Tor 2024-11-21 5.5 Medium
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory.