Search Results (364234 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-4192 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2024-11-21 7.8 High
vim is vulnerable to Use After Free
CVE-2021-4191 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.
CVE-2021-4188 1 Mruby 1 Mruby 2024-11-21 7.5 High
mruby is vulnerable to NULL Pointer Dereference
CVE-2021-4183 3 Fedoraproject, Oracle, Wireshark 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more 2024-11-21 5.5 Medium
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
CVE-2021-4180 2 Openstack, Redhat 2 Tripleo Heat Templates, Openstack 2024-11-21 4.3 Medium
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.
CVE-2021-4179 1 Livehelperchat 1 Live Helper Chat 2024-11-21 5.4 Medium
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4178 1 Redhat 13 A-mq Streams, Amq Streams, Build Of Quarkus and 10 more 2024-11-21 6.7 Medium
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
CVE-2021-4177 1 Livehelperchat 1 Live Helper Chat 2024-11-21 5.3 Medium
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information
CVE-2021-4176 1 Livehelperchat 1 Live Helper Chat 2024-11-21 6.1 Medium
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4175 1 Livehelperchat 1 Live Helper Chat 2024-11-21 5.4 Medium
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4172 1 Showdoc 1 Showdoc 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
CVE-2021-4171 1 Janeczku 1 Calibre-web 2024-11-21 9.8 Critical
calibre-web is vulnerable to Business Logic Errors
CVE-2021-4170 1 Janeczku 1 Calibre-web 2024-11-21 5.4 Medium
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4169 1 Livehelperchat 1 Live Helper Chat 2024-11-21 6.1 Medium
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4168 1 Showdoc 1 Showdoc 2024-11-21 8.8 High
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4166 7 Apple, Debian, Fedoraproject and 4 more 8 Mac Os X, Macos, Debian Linux and 5 more 2024-11-21 7.1 High
vim is vulnerable to Out-of-bounds Read
CVE-2021-4164 1 Janeczku 1 Calibre-web 2024-11-21 8.8 High
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4162 1 Archivy Project 1 Archivy 2024-11-21 4.3 Medium
archivy is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4161 1 Moxa 6 Mgate Mb3180, Mgate Mb3180 Firmware, Mgate Mb3280 and 3 more 2024-11-21 9.8 Critical
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.
CVE-2021-4160 4 Debian, Openssl, Oracle and 1 more 8 Debian Linux, Openssl, Enterprise Manager Ops Center and 5 more 2024-11-21 5.9 Medium
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).