Search Results (363359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3191 1 Hpe 2 Nonstop, Web Viewpoint 2024-11-21 8.8 High
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H).
CVE-2021-3190 1 Async-git Project 1 Async-git 2024-11-21 9.8 Critical
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.
CVE-2021-3189 1 Google 1 Slashify 2024-11-21 6.1 Medium
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
CVE-2021-3188 1 Phplist 1 Phplist 2024-11-21 9.8 Critical
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
CVE-2021-3185 1 Freedesktop 1 Gst-plugins-bad 2024-11-21 9.8 Critical
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
CVE-2021-3184 1 Misp 1 Misp 2024-11-21 6.1 Medium
MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.
CVE-2021-3183 1 Files 1 Fat Client 2024-11-21 7.5 High
Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.
CVE-2021-3182 2 D-link, Dlink 3 Dcs-5220 Firmware, Dcs-5220, Dcs-5220 Firmware 2024-11-21 8 High
D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-3181 4 Debian, Fedoraproject, Mutt and 1 more 4 Debian Linux, Fedora, Mutt and 1 more 2024-11-21 6.5 Medium
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.
CVE-2021-3179 1 Gglocker Project 1 Gglocker 2024-11-21 5.5 Medium
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.
CVE-2021-3178 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 6.5 Medium
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior
CVE-2021-3176 1 Mitel 1 Businesscti Enterprise 2024-11-21 8.0 High
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data.
CVE-2021-3169 1 Jumpserver 1 Jumpserver 2024-11-21 9.8 Critical
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2021-3167 1 Cloudera 1 Data Engineering 2024-11-21 6.5 Medium
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.
CVE-2021-3166 1 Asus 2 Dsl-n14u B1, Dsl-n14u B1 Firmware 2024-11-21 7.5 High
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services.
CVE-2021-3165 1 Missionlabs 1 Smartagent 2024-11-21 8.8 High
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
CVE-2021-3164 1 Churchdesk 1 Churchrota 2024-11-21 8.8 High
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
CVE-2021-3163 1 Slab 1 Quill 2024-11-21 6.1 Medium
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser
CVE-2021-3162 2 Apple, Docker 2 Macos, Docker 2024-11-21 7.8 High
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-3160 1 Aca 1 Assuweb 2024-11-21 9.8 Critical
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.