Search Results (363357 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-30057 1 Eng 1 Knowage 2024-11-21 4.8 Medium
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
CVE-2021-30056 1 Eng 1 Knowage 2024-11-21 5.4 Medium
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.
CVE-2021-30055 1 Eng 1 Knowage 2024-11-21 8.8 High
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.
CVE-2021-30049 1 Sysaid 1 Sysaid 2024-11-21 6.1 Medium
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
CVE-2021-30048 1 Novel Boutique House-plus Project 1 Novel Boutique House-plus 2024-11-21 5.3 Medium
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.
CVE-2021-30047 1 Vsftpd Project 1 Vsftpd 2024-11-21 7.5 High
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
CVE-2021-30046 1 Vigra Computer Vision Library Project 1 Vigra Computer Vision Library 2024-11-21 6.5 Medium
VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.
CVE-2021-30045 1 Serenityos 1 Serenityos 2024-11-21 9.1 Critical
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function.
CVE-2021-30044 1 Remoteclinic 1 Remote Clinic 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
CVE-2021-30042 1 Remoteclinic 1 Remote Clinic 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php
CVE-2021-30039 1 Remoteclinic 1 Remote Clinic 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php.
CVE-2021-30034 1 Remoteclinic 1 Remote Clinic 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
CVE-2021-30030 1 Remoteclinic 1 Remote Clinic 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
CVE-2021-30028 1 Sooteway Wi-fi Range Extender Project 1 Sooteway Wi-fi Range Extender 2024-11-21 7.2 High
SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely.
CVE-2021-30027 1 Md4c Project 1 Md4c 2024-11-21 5.5 Medium
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.
CVE-2021-30020 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop.
CVE-2021-30019 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.
CVE-2021-30015 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.
CVE-2021-30006 1 Jetbrains 1 Intellij Idea 2024-11-21 7.5 High
In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.
CVE-2021-30005 1 Jetbrains 1 Pycharm 2024-11-21 7.8 High
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.