Search Results (363397 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-29295 1 Dlink 2 Dsp-w215, Dsp-w215 Firmware 2024-11-21 7.5 High
Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched
CVE-2021-29294 1 Dlink 2 Dsl-2740r, Dsl-2740r Firmware 2024-11-21 7.5 High
Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware revisions are considered End of Life and as such this issue will not be patched
CVE-2021-29281 1 Gfi 1 Archiver 2024-11-21 9.8 Critical
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.
CVE-2021-29280 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-11-21 6.4 Medium
In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow
CVE-2021-29279 1 Gpac 1 Gpac 2024-11-21 7.8 High
There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.
CVE-2021-29274 1 Redmine 1 Redmine 2024-11-21 6.1 Medium
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
CVE-2021-29272 1 Microco 1 Bluemonday 2024-11-21 6.1 Medium
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.
CVE-2021-29271 1 Remark42 1 Remark42 2024-11-21 6.1 Medium
remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.
CVE-2021-29267 1 Sherlockim 1 Sherlockim 2024-11-21 6.1 Medium
Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.
CVE-2021-29266 1 Linux 1 Linux Kernel 2024-11-21 7.8 High
An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.
CVE-2021-29265 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 4.7 Medium
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.
CVE-2021-29264 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.
CVE-2021-29263 1 Jetbrains 1 Intellij Idea 2024-11-21 7.8 High
In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS.
CVE-2021-29262 1 Apache 1 Solr 2024-11-21 7.5 High
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
CVE-2021-29261 1 Svelte 1 Svelte 2024-11-21 7.8 High
The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.
CVE-2021-29258 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 7.5 High
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
CVE-2021-29255 1 Microseven 2 Mym71080i-b, Mym71080i-b Firmware 2024-11-21 7.5 High
MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials.
CVE-2021-29253 1 Rsa 1 Archer 2024-11-21 5.1 Medium
The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks.
CVE-2021-29252 1 Rsa 1 Archer 2024-11-21 5.4 Medium
RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to modify link name fields could potentially exploit this vulnerability to execute code in a victim's browser.
CVE-2021-29251 1 Btcpayserver 1 Btcpay Server 2024-11-21 6.5 Medium
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.