Search Results (364285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-4146 1 Pimcore 1 Pimcore 2024-11-21 4.3 Medium
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.
CVE-2021-4145 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2024-11-21 6.5 Medium
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
CVE-2021-4144 1 Tp-link 2 Tl-wr802n, Tl-wr802n Firmware 2024-11-21 8.8 High
TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.
CVE-2021-4143 1 Bigbluebutton 1 Bigbluebutton 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0.
CVE-2021-4142 2 Candlepinproject, Redhat 4 Candlepin, Satellite, Satellite Capsule and 1 more 2024-11-21 5.5 Medium
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.
CVE-2021-4139 1 Pimcore 1 Pimcore 2024-11-21 9.0 Critical
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4138 1 Mozilla 1 Geckodriver 2024-11-21 5.3 Medium
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.
CVE-2021-4136 3 Apple, Fedoraproject, Vim 4 Mac Os X, Macos, Fedora and 1 more 2024-11-21 7.8 High
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-4135 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.
CVE-2021-4133 1 Redhat 3 Keycloak, Red Hat Single Sign On, Rhosemc 2024-11-21 8.8 High
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.
CVE-2021-4132 1 Livehelperchat 1 Live Helper Chat 2024-11-21 5.4 Medium
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4131 1 Livehelperchat 1 Live Helper Chat 2024-11-21 8.8 High
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4130 1 Snipeitapp 1 Snipe-it 2024-11-21 8.8 High
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4125 1 Redhat 1 Openshift 2024-11-21 8.1 High
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
CVE-2021-4124 1 Meetecho 1 Janus 2024-11-21 6.1 Medium
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4123 1 Livehelperchat 1 Live Helper Chat 2024-11-21 6.5 Medium
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4122 2 Cryptsetup Project, Redhat 2 Cryptsetup, Enterprise Linux 2024-11-21 4.3 Medium
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.
CVE-2021-4121 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 6.1 Medium
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4120 2 Canonical, Fedoraproject 3 Snapd, Ubuntu Linux, Fedora 2024-11-21 8.2 High
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVE-2021-4119 1 Bookstackapp 1 Bookstack 2024-11-21 9.8 Critical
bookstack is vulnerable to Improper Access Control