Search Results (36908 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-4146 1 Pimcore 1 Pimcore 2024-11-21 4.3 Medium
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.
CVE-2021-4133 1 Redhat 3 Keycloak, Red Hat Single Sign On, Rhosemc 2024-11-21 8.8 High
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.
CVE-2021-4117 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 4.3 Medium
yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4111 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 4.3 Medium
yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4089 1 Snipeitapp 1 Snipe-it 2024-11-21 4.3 Medium
snipe-it is vulnerable to Improper Access Control
CVE-2021-4088 1 Mcafee 1 Data Loss Prevention 2024-11-21 8.4 High
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
CVE-2021-4078 2 Debian, Google 2 Debian Linux, Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4061 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4056 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 8.8 High
Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4044 3 Netapp, Nodejs, Openssl 26 500f, 500f Firmware, A250 and 23 more 2024-11-21 7.5 High
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).
CVE-2021-4026 1 Bookstackapp 1 Bookstack 2024-11-21 4.3 Medium
bookstack is vulnerable to Improper Access Control
CVE-2021-4021 1 Radare 1 Radare2 2024-11-21 7.5 High
A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS.
CVE-2021-46891 1 Huawei 2 Emui, Harmonyos 2024-11-21 9.8 Critical
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2021-46890 1 Huawei 2 Emui, Harmonyos 2024-11-21 9.8 Critical
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2021-46820 1 Xos-shop 1 Xos Shop System 2024-11-21 8.1 High
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php
CVE-2021-46743 1 Google 1 Firebase Php-jwt 2024-11-21 9.1 Critical
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.
CVE-2021-46561 1 Mitre 1 Cve Services 2024-11-21 7.2 High
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization.
CVE-2021-46463 1 F5 1 Njs 2024-11-21 9.8 Critical
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
CVE-2021-46459 1 Victor Cms Project 1 Victor Cms 2024-11-21 7.5 High
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters.
CVE-2021-46458 1 Victor Cms Project 1 Victor Cms 2024-11-21 7.5 High
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter.