Search Results (364785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3394 1 Millewin 1 Millewin 2024-11-21 8.8 High
Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.
CVE-2021-3393 2 Postgresql, Redhat 5 Postgresql, Enterprise Linux, Rhel Eus and 2 more 2024-11-21 4.3 Medium
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
CVE-2021-3392 3 Debian, Fedoraproject, Qemu 3 Debian Linux, Fedora, Qemu 2024-11-21 3.2 Low
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
CVE-2021-3391 1 Mobileiron 1 Mobile\@work 2024-11-21 5.3 Medium
MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message
CVE-2021-3384 1 Stormshield 1 Stormshield Network Security 2024-11-21 5.3 Medium
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.
CVE-2021-3382 1 Gitea 1 Gitea 2024-11-21 7.5 High
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.
CVE-2021-3380 1 Height8tech 1 H8 Ssrms 2024-11-21 6.5 Medium
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.
CVE-2021-3378 1 Fortilogger 1 Fortilogger 2024-11-21 9.8 Critical
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
CVE-2021-3376 1 Cuppacms 1 Cuppacms 2024-11-21 8.8 High
An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter.
CVE-2021-3375 1 Atomisystems 1 Activepresenter 2024-11-21 9.8 Critical
ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution.
CVE-2021-3374 1 Rstudio 1 Shiny Server 2024-11-21 5.3 Medium
Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.
CVE-2021-3370 1 Douco 1 Douphp 2024-11-21 6.1 Medium
DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.
CVE-2021-3355 1 Lightcms Project 1 Lightcms 2024-11-21 5.4 Medium
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
CVE-2021-3352 1 Mitel 1 Micontact Center Business 2024-11-21 9.1 Critical
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.
CVE-2021-3351 1 Openplcproject 1 Openplc 2024-11-21 5.4 Medium
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page.
CVE-2021-3350 1 Delete Account Project 1 Delete Account 2024-11-21 6.1 Medium
deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter.
CVE-2021-3349 1 Gnome 1 Evolution 2024-11-21 3.3 Low
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior
CVE-2021-3348 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 7.0 High
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.
CVE-2021-3346 1 Nic 1 Foris 2024-11-21 9.8 Critical
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.
CVE-2021-3345 2 Gnupg, Oracle 2 Libgcrypt, Communications Billing And Revenue Management 2024-11-21 7.8 High
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.