Search Results (363423 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33347 1 Jpress 1 Jpress 2024-11-21 5.4 Medium
An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur.
CVE-2021-33346 1 Dlink 2 Dsl-2888a, Dsl-2888a Firmware 2024-11-21 9.8 Critical
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization.
CVE-2021-33321 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 7.5 High
Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.
CVE-2021-33318 2 Ipmatcher Project, Watsonwebserver Project 2 Ipmatcher, Watsonwebserver 2024-11-21 9.8 Critical
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.
CVE-2021-33317 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 7.5 High
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
CVE-2021-33316 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 9.8 Critical
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
CVE-2021-33315 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 9.8 Critical
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
CVE-2021-33295 1 Joplin Project 1 Joplin 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.
CVE-2021-33294 1 Elfutils Project 1 Elfutils 2024-11-21 5.5 Medium
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.
CVE-2021-33293 2 Debian, Libpano13 Project 2 Debian Linux, Libpano13 2024-11-21 9.1 Critical
Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c.
CVE-2021-33286 3 Debian, Redhat, Tuxera 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more 2024-11-21 7.8 High
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.
CVE-2021-33274 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.
CVE-2021-33271 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.
CVE-2021-33270 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.
CVE-2021-33269 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request.
CVE-2021-33268 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request.
CVE-2021-33267 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request.
CVE-2021-33266 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request.
CVE-2021-33265 1 Dlink 2 Dir-809, Dir-809 Firmware 2024-11-21 9.8 Critical
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.
CVE-2021-33259 2 D-link, Dlink 2 Dir-868lw Firmware, Dir-868lw 2024-11-21 5.3 Medium
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.