CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-5791 1 Exec Code Overflow 2013-10-16 2018-10-12
1.5
None Local Medium ??? None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.
2 CVE-2012-2425 20 1 DoS 2012-04-25 2021-07-23
1.8
None Local Network High Not required None None Partial
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) via a long URI.
3 CVE-2011-5204 255 1 +Info 2012-10-04 2012-10-05
1.9
None Local Medium Not required Partial None None
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.
4 CVE-2021-42369 Sql 2021-10-14 2021-10-14
0.0
None ??? ??? ??? ??? ??? ???
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.
5 CVE-2021-42342 2021-10-14 2021-10-14
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
6 CVE-2021-42341 Mem. Corr. 2021-10-14 2021-10-14
0.0
None ??? ??? ??? ??? ??? ???
checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.
7 CVE-2021-42340 DoS 2021-10-14 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
8 CVE-2021-42336 285 Bypass +Info 2021-10-15 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters.
9 CVE-2021-42335 79 XSS 2021-10-15 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack.
10 CVE-2021-42334 89 Sql 2021-10-15 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.
11 CVE-2021-42333 89 Sql 2021-10-15 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions.
12 CVE-2021-42332 285 2021-10-15 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.
13 CVE-2021-42331 285 2021-10-15 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.
14 CVE-2021-42330 285 2021-10-15 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters.
15 CVE-2021-42329 79 XSS 2021-10-15 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.
16 CVE-2021-42326 2021-10-12 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
17 CVE-2021-42325 Sql 2021-10-12 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
18 CVE-2021-42260 DoS 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
19 CVE-2021-42257 2021-10-11 2021-10-14
0.0
None ??? ??? ??? ??? ??? ???
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
20 CVE-2021-42252 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
21 CVE-2021-42228 CSRF 2021-10-14 2021-10-15
0.0
None ??? ??? ??? ??? ??? ???
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
22 CVE-2021-42227 XSS 2021-10-14 2021-10-14
0.0
None ??? ??? ??? ??? ??? ???
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
23 CVE-2021-42224 Sql 2021-10-13 2021-10-14
0.0
None ??? ??? ??? ??? ??? ???
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
24 CVE-2021-42223 XSS 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.
25 CVE-2021-42139 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
Deno before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations.
26 CVE-2021-42137 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
27 CVE-2021-42135 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
28 CVE-2021-42134 XSS 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
29 CVE-2021-42112 XSS 2021-10-08 2021-10-09
0.0
None ??? ??? ??? ??? ??? ???
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
30 CVE-2021-42109 2021-10-08 2021-10-09
0.0
None ??? ??? ??? ??? ??? ???
VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.
31 CVE-2021-42009 2021-10-12 2021-10-14
0.0
None ??? ??? ??? ??? ??? ???
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
32 CVE-2021-41832 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.
33 CVE-2021-41831 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.
34 CVE-2021-41830 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.
35 CVE-2021-41802 2021-10-08 2021-10-08
0.0
None ??? ??? ??? ??? ??? ???
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
36 CVE-2021-41801 2021-10-11 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)
37 CVE-2021-41800 DoS 2021-10-11 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.
38 CVE-2021-41799 DoS 2021-10-11 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.
39 CVE-2021-41592 2021-10-04 2021-10-04
0.0
None ??? ??? ??? ??? ??? ???
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.
40 CVE-2021-41591 2021-10-04 2021-10-04
0.0
None ??? ??? ??? ??? ??? ???
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.
41 CVE-2021-41546 400 2021-10-12 2021-10-12
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.
42 CVE-2021-41363 Bypass 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
Intune Management Extension Security Feature Bypass Vulnerability
43 CVE-2021-41361 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
Active Directory Federation Server Spoofing Vulnerability
44 CVE-2021-41357 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450.
45 CVE-2021-41355 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
.NET Core and Visual Studio Information Disclosure Vulnerability
46 CVE-2021-41354 XSS 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
47 CVE-2021-41353 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
48 CVE-2021-41352 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
SCOM Information Disclosure Vulnerability
49 CVE-2021-41350 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
Microsoft Exchange Server Spoofing Vulnerability
50 CVE-2021-41348 2021-10-13 2021-10-13
0.0
None ??? ??? ??? ??? ??? ???
Microsoft Exchange Server Elevation of Privilege Vulnerability
Total number of vulnerabilities : 1738   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.