Search Results (363429 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33490 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.
CVE-2021-33489 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.
CVE-2021-33488 1 Open-xchange 1 Ox App Suite 2024-11-21 6.1 Medium
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.
CVE-2021-33486 1 Codesys 1 Runtime Toolkit 2024-11-21 7.5 High
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
CVE-2021-33484 1 Onyaktech Comments Pro Project 1 Onyaktech Comments Pro 2024-11-21 7.5 High
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user.
CVE-2021-33483 1 Onyaktech Comments Pro Project 1 Onyaktech Comments Pro 2024-11-21 5.4 Medium
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.
CVE-2021-33481 1 Optical Character Recognition Project 1 Optical Character Recognition 2024-11-21 7.8 High
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.
CVE-2021-33480 1 Optical Character Recognition Project 1 Optical Character Recognition 2024-11-21 5.5 Medium
An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.
CVE-2021-33479 1 Optical Character Recognition Project 1 Optical Character Recognition 2024-11-21 7.8 High
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.
CVE-2021-33478 1 Cisco 15 Ip Phone 8800 Firmware, Ip Phone 8800 Series With Multiplatform Firmware, Ip Phone 8811 Firmware and 12 more 2024-11-21 6.8 Medium
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.
CVE-2021-33477 6 Debian, Eterm Project, Fedoraproject and 3 more 6 Debian Linux, Eterm, Fedora and 3 more 2024-11-21 8.8 High
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
CVE-2021-33473 1 Dragonfly Project 1 Dragonfly 2024-11-21 9.1 Critical
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
CVE-2021-33470 1 Phpgurukul 1 Covid19 Testing Management System 2024-11-21 9.8 Critical
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.
CVE-2021-33469 1 Phpgurukul 1 Covid19 Testing Management System 2024-11-21 4.8 Medium
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter.
CVE-2021-33468 1 Tortall 1 Yasm 2024-11-21 5.5 Medium
An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33467 1 Tortall 1 Yasm 2024-11-21 5.5 Medium
An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33466 1 Tortall 1 Yasm 2024-11-21 5.5 Medium
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33465 1 Tortall 1 Yasm 2024-11-21 5.5 Medium
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33464 1 Tortall 1 Yasm 2024-11-21 5.5 Medium
An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c.
CVE-2021-33463 1 Tortall 1 Yasm 2024-11-21 5.5 Medium
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.