Search Results (364967 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36692 1 Libjxl Project 1 Libjxl 2024-11-21 6.5 Medium
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.
CVE-2021-36691 1 Libjxl Project 1 Libjxl 2024-11-21 7.5 High
libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.
CVE-2021-36668 1 Druva 1 Insync Client 2024-11-21 7.8 High
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.
CVE-2021-36667 1 Druva 1 Insync Client 2024-11-21 7.8 High
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.
CVE-2021-36666 1 Druva 1 Insync Client 2024-11-21 7.8 High
An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.
CVE-2021-36665 1 Druva 1 Insync Client 2024-11-21 7.8 High
An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon.
CVE-2021-36654 1 Cmsuno Project 1 Cmsuno 2024-11-21 5.4 Medium
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.
CVE-2021-36646 1 Kodcloud 1 Kodexplorer 2024-11-21 6.1 Medium
A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.
CVE-2021-36625 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 8.8 High
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
CVE-2021-36624 1 Phone Shop Sales Management System Project 1 Phone Shop Sales Management System 2024-11-21 9.8 Critical
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVE-2021-36623 1 Phone Shop Sales Management System Project 1 Phone Shop Sales Management System 2024-11-21 9.8 Critical
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
CVE-2021-36622 1 Online Covid Vaccination Scheduler System Project 1 Online Covid Vaccination Scheduler System 2024-11-21 9.8 Critical
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.
CVE-2021-36621 1 Online Covid Vaccination Scheduler System Project 1 Online Covid Vaccination Scheduler System 2024-11-21 8.1 High
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.
CVE-2021-36614 1 Mikrotik 1 Routeros 2024-11-21 6.5 Medium
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2021-36613 1 Mikrotik 1 Routeros 2024-11-21 6.5 Medium
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2021-36609 1 Webtareas Project 1 Webtareas 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.
CVE-2021-36608 1 Webtareas Project 1 Webtareas 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.
CVE-2021-36605 1 Engineercms Project 1 Engineercms 2024-11-21 5.4 Medium
engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser.
CVE-2021-36601 1 Get-simple 1 Getsimplecms 2024-11-21 6.1 Medium
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.
CVE-2021-36584 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial of service (DOS).