Search Results (366282 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45328 1 Gitea 1 Gitea 2024-11-21 6.1 Medium
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
CVE-2021-45327 1 Gitea 1 Gitea 2024-11-21 9.8 Critical
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
CVE-2021-45326 1 Gitea 1 Gitea 2024-11-21 8.8 High
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
CVE-2021-45325 1 Gitea 1 Gitea 2024-11-21 7.5 High
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.
CVE-2021-45310 1 Sangoma 1 Switchvox 2024-11-21 5.3 Medium
Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser.
CVE-2021-45297 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.
CVE-2021-45293 2 Fedoraproject, Webassembly 2 Fedora, Binaryen 2024-11-21 5.5 Medium
A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.
CVE-2021-45292 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.
CVE-2021-45291 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.
CVE-2021-45290 2 Fedoraproject, Webassembly 2 Fedora, Binaryen 2024-11-21 7.5 High
A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.
CVE-2021-45289 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL.
CVE-2021-45288 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command.
CVE-2021-45286 1 Zzcms 1 Zzcms 2024-11-21 5.3 Medium
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
CVE-2021-45281 1 Quickbox 1 Quickbox 2024-11-21 6.1 Medium
QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized.
CVE-2021-45268 1 Backdropcms 1 Backdrop 2024-11-21 8.8 High
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
CVE-2021-45267 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.
CVE-2021-45266 1 Gpac 1 Gpac 2024-11-21 7.5 High
A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.
CVE-2021-45263 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash.
CVE-2021-45262 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.
CVE-2021-45261 1 Gnu 1 Patch 2024-11-21 5.5 Medium
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.