Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41072 | 2 Debian, Squashfs-tools Project | 2 Debian Linux, Squashfs-tools | 2021-11-05 | 5.8 MEDIUM | 8.1 HIGH |
| squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem. | |||||
| CVE-2021-38833 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE. | |||||
| CVE-2021-23807 | 1 Jsonpointer Project | 1 Jsonpointer | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. | |||||
| CVE-2021-35212 | 1 Solarwinds | 1 Orion Platform | 2021-11-05 | 9.0 HIGH | 8.8 HIGH |
| An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user. | |||||
| CVE-2021-23820 | 1 Jsonpointer Project | 1 Jsonpointer | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays. | |||||
| CVE-2021-22376 | 1 Huawei | 1 Harmonyos | 2021-11-05 | 7.2 HIGH | 8.4 HIGH |
| A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions. | |||||
| CVE-2021-41134 | 1 Jupyter | 2 Nbdime, Nbdime-jupyterlab | 2021-11-05 | 3.5 LOW | 5.4 MEDIUM |
| nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs before returning it to be displayed. The diffNotebookCheckpoint function within nbdime causes this issue. When attempting to display the name of the local notebook (diffNotebookCheckpoint), nbdime appears to simply append .ipynb to the name of the input file. The NbdimeWidget is then created, and the base string is passed through to the request API function. From there, the frontend simply renders the HTML tag and anything along with it. Users are advised to patch to the most recent version of the affected product. | |||||
| CVE-2021-35458 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter. | |||||
| CVE-2021-43082 | 1 Apache | 1 Traffic Server | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0. | |||||
| CVE-2021-41585 | 1 Apache | 1 Traffic Server | 2021-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0. | |||||
| CVE-2020-23680 | 1 Text2pdf Project | 1 Text2pdf | 2021-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts. | |||||
| CVE-2020-23109 | 1 Struktur | 1 Libheif | 2021-11-05 | 5.8 MEDIUM | 8.1 HIGH |
| Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file. | |||||
| CVE-2016-5330 | 3 Apple, Microsoft, Vmware | 7 Mac Os X, Windows, Esxi and 4 more | 2021-11-05 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2020-23679 | 1 Linux Network Project | 1 Linux Network Project | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field. | |||||
| CVE-2021-38424 | 1 Deltaww | 1 Dialink | 2021-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application. | |||||
| CVE-2021-41562 | 1 Snowsoftware | 1 Snow Inventory Agent | 2021-11-05 | 3.6 LOW | 6.1 MEDIUM |
| A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows. | |||||
| CVE-2021-43032 | 1 Xenforo | 1 Xenforo | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side. | |||||
| CVE-2020-25367 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. | |||||
| CVE-2021-33800 | 1 Alibaba | 1 Druid | 2021-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | |||||
| CVE-2021-38416 | 1 Deltaww | 1 Dialink | 2021-11-05 | 4.4 MEDIUM | 7.8 HIGH |
| Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | |||||