Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7069 | 8 Canonical, Debian, Fedoraproject and 5 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2021-12-02 | 6.4 MEDIUM | 6.5 MEDIUM |
| In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. | |||||
| CVE-2021-30641 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2021-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | |||||
| CVE-2019-17567 | 3 Apache, Fedoraproject, Oracle | 5 Http Server, Fedora, Enterprise Manager Ops Center and 2 more | 2021-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. | |||||
| CVE-2021-36919 | 1 Getawesomesupport | 1 Awesome Support | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). | |||||
| CVE-2020-19144 | 3 Debian, Netapp, Simplesystems | 3 Debian Linux, Ontap Select Deploy Administration Utility, Libtiff | 2021-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. | |||||
| CVE-2021-40346 | 3 Debian, Fedoraproject, Haproxy | 3 Debian Linux, Fedora, Haproxy | 2021-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | |||||
| CVE-2020-19752 | 2 Fedoraproject, Gifsicle Project | 2 Fedora, Gifsicle | 2021-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. | |||||
| CVE-2021-38165 | 3 Debian, Fedoraproject, Lynx Project | 3 Debian Linux, Fedora, Lynx | 2021-12-02 | 2.6 LOW | 5.3 MEDIUM |
| Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. | |||||
| CVE-2021-38685 | 1 Qnap | 1 Qvr | 2021-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later | |||||
| CVE-2021-3983 | 1 Kimai2 Project | 1 Kimai2 | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3993 | 1 Showdoc | 1 Showdoc | 2021-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3994 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2021-12-02 | 6.8 MEDIUM | 9.6 CRITICAL |
| django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4015 | 1 Firefly-iii | 1 Firefly Iii | 2021-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-4017 | 1 Showdoc | 1 Showdoc | 2021-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-20851 | 1 Browser And Operating System Finder Project | 1 Browser And Operating System Finder | 2021-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors. | |||||
| CVE-2021-20854 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 5.2 MEDIUM | 6.8 MEDIUM |
| ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-20853 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 5.2 MEDIUM | 6.8 MEDIUM |
| ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-20852 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 5.2 MEDIUM | 6.8 MEDIUM |
| Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. | |||||
| CVE-2017-20005 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2021-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. | |||||
| CVE-2021-3444 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2021-12-02 | 4.6 MEDIUM | 7.8 HIGH |
| The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. | |||||