Search Results (363163 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38602 1 Pluxml 1 Pluxml 2024-11-21 4.8 Medium
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
CVE-2021-38599 1 Wal-g Project 1 Wal-g 2024-11-21 7.5 High
WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to encrypt all file activity."
CVE-2021-38598 1 Openstack 1 Neutron 2024-11-21 9.1 Critical
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
CVE-2021-38597 1 Wolfssl 1 Wolfssl 2024-11-21 5.9 Medium
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.
CVE-2021-38593 3 Fedoraproject, Qt, Redhat 3 Fedora, Qt, Enterprise Linux 2024-11-21 7.5 High
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
CVE-2021-38592 1 Wasm3 Project 1 Wasm3 2024-11-21 7.5 High
Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).
CVE-2021-38591 1 Google 1 Android 2024-11-21 3.3 Low
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).
CVE-2021-38590 1 Cpanel 1 Cpanel 2024-11-21 5.5 Medium
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
CVE-2021-38589 1 Cpanel 1 Cpanel 2024-11-21 8.1 High
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
CVE-2021-38588 1 Cpanel 1 Cpanel 2024-11-21 8.1 High
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
CVE-2021-38587 1 Cpanel 1 Cpanel 2024-11-21 7.5 High
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
CVE-2021-38586 1 Cpanel 1 Cpanel 2024-11-21 4.4 Medium
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
CVE-2021-38585 1 Cpanel 1 Cpanel 2024-11-21 7.2 High
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
CVE-2021-38584 1 Cpanel 1 Cpanel 2024-11-21 7.2 High
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
CVE-2021-38583 1 Openbaraza 1 Openbaraza Human Capital Management 2024-11-21 6.1 Medium
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).
CVE-2021-38574 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 9.8 Critical
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.
CVE-2021-38573 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 9.8 Critical
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.
CVE-2021-38572 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 9.8 Critical
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.
CVE-2021-38571 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2024-11-21 7.8 High
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.
CVE-2021-38570 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 9.1 Critical
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.