CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-23394 The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .ph... Sun, 13 Jun 2021 07:08:15
CVE-2021-34682 Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. Sat, 12 Jun 2021 17:05:31
CVE-2021-31812 In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache... Sat, 12 Jun 2021 05:48:24
CVE-2021-31811 In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affect... Sat, 12 Jun 2021 05:48:11
CVE-2021-32557 It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. Fri, 11 Jun 2021 23:49:10
CVE-2021-32556 It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified pac... Fri, 11 Jun 2021 23:48:44
CVE-2021-32555 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... Fri, 11 Jun 2021 23:48:16
CVE-2021-32554 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... Fri, 11 Jun 2021 23:48:01
CVE-2021-32553 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... Fri, 11 Jun 2021 23:47:34
CVE-2021-32552 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... Fri, 11 Jun 2021 23:47:12
CVE-2021-32551 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... Fri, 11 Jun 2021 23:46:44
CVE-2021-32550 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... Fri, 11 Jun 2021 23:46:18
CVE-2021-32549 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... Fri, 11 Jun 2021 23:45:59
CVE-2021-32548 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... Fri, 11 Jun 2021 23:45:37
CVE-2021-32547 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is us... Fri, 11 Jun 2021 23:45:08
CVE-2021-34679 Thycotic Password Reset Server before 5.3.0 allows credential disclosure. Fri, 11 Jun 2021 17:04:18
CVE-2021-21382 Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback add... Fri, 11 Jun 2021 16:55:54
CVE-2021-3256 KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. Fri, 11 Jun 2021 16:03:37
CVE-2021-27200 In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The cod... Fri, 11 Jun 2021 14:04:31
CVE-2020-7860 UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific fil... Fri, 11 Jun 2021 14:04:11
CVE-2021-32932 The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on th... Fri, 11 Jun 2021 13:18:02
CVE-2021-32930 The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change con... Fri, 11 Jun 2021 13:17:38
CVE-2021-27410 The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the... Fri, 11 Jun 2021 13:17:25
CVE-2021-27408 The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code ex... Fri, 11 Jun 2021 13:17:05
CVE-2021-21833 An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGea... Fri, 11 Jun 2021 13:16:34
CVE-2021-21824 An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially c... Fri, 11 Jun 2021 13:16:09
CVE-2021-21808 A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially... Fri, 11 Jun 2021 13:15:46
CVE-2021-21795 A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. ... Fri, 11 Jun 2021 13:15:20
CVE-2021-0498 In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation ... Fri, 11 Jun 2021 13:14:56
CVE-2021-0497 In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalati... Fri, 11 Jun 2021 13:14:30
CVE-2021-0496 In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalati... Fri, 11 Jun 2021 13:14:04
CVE-2021-0495 In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local esca... Fri, 11 Jun 2021 13:13:47
CVE-2021-0494 In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local esc... Fri, 11 Jun 2021 13:13:26
CVE-2021-0493 In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local ... Fri, 11 Jun 2021 13:13:13
CVE-2021-0492 In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local ... Fri, 11 Jun 2021 13:12:46
CVE-2021-0491 In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead t... Fri, 11 Jun 2021 13:12:28
CVE-2021-0490 In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local ... Fri, 11 Jun 2021 13:12:04
CVE-2021-0489 In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local ... Fri, 11 Jun 2021 13:11:35
CVE-2021-0487 In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent... Fri, 11 Jun 2021 13:11:04
CVE-2021-0485 In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a per... Fri, 11 Jun 2021 13:10:48
CVE-2021-0484 In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This co... Fri, 11 Jun 2021 13:10:23
CVE-2021-0482 In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to lo... Fri, 11 Jun 2021 13:10:06
CVE-2021-0481 In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected UR... Fri, 11 Jun 2021 13:09:51
CVE-2021-0480 In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This cou... Fri, 11 Jun 2021 13:09:24
CVE-2021-0477 In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe Pe... Fri, 11 Jun 2021 13:08:57
CVE-2021-0476 In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escal... Fri, 11 Jun 2021 13:08:29
CVE-2021-0475 In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to r... Fri, 11 Jun 2021 13:08:12
CVE-2021-0474 In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to r... Fri, 11 Jun 2021 13:07:48
CVE-2021-0473 In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote co... Fri, 11 Jun 2021 13:07:18
CVE-2021-0472 In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissi... Fri, 11 Jun 2021 13:06:57
CVE-2021-0466 In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lea... Fri, 11 Jun 2021 13:06:29
CVE-2019-9475 In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to l... Fri, 11 Jun 2021 13:06:14
CVE-2021-23230 A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre ... Fri, 11 Jun 2021 12:19:08
CVE-2021-23211 Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end... Fri, 11 Jun 2021 12:18:53
CVE-2021-23205 Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration ... Fri, 11 Jun 2021 12:18:23
CVE-2021-23204 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key m... Fri, 11 Jun 2021 12:18:07
CVE-2021-23182 Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader mast... Fri, 11 Jun 2021 12:17:48
CVE-2021-23140 Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unaut... Fri, 11 Jun 2021 12:17:31
CVE-2021-23136 Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivil... Fri, 11 Jun 2021 12:17:18
CVE-2021-22915 Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnet... Fri, 11 Jun 2021 12:16:57
CVE-2021-22913 Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the... Fri, 11 Jun 2021 12:16:34
CVE-2021-22912 Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup ... Fri, 11 Jun 2021 12:16:18
CVE-2021-22906 Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permittin... Fri, 11 Jun 2021 12:15:52
CVE-2021-22905 Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for share... Fri, 11 Jun 2021 12:15:34
CVE-2021-22904 The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in th... Fri, 11 Jun 2021 12:15:20
CVE-2021-22903 The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in... Fri, 11 Jun 2021 12:14:59
CVE-2021-22902 The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers fr... Fri, 11 Jun 2021 12:14:46
CVE-2021-22901 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TL... Fri, 11 Jun 2021 12:14:29
CVE-2021-22898 curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPT... Fri, 11 Jun 2021 12:14:05
CVE-2021-22897 curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SS... Fri, 11 Jun 2021 12:13:53
CVE-2021-22896 Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticat... Fri, 11 Jun 2021 12:13:25
CVE-2021-22895 Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verific... Fri, 11 Jun 2021 12:13:12
CVE-2021-22769 A CWE-269: Improper Privilege Management vulnerability exists in EnerlinÕX ComÕX versions prior to V6.8.4 that could cause ... Fri, 11 Jun 2021 12:12:45
CVE-2021-22768 ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0... Fri, 11 Jun 2021 12:12:28
CVE-2021-22767 ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0... Fri, 11 Jun 2021 12:12:05
CVE-2021-22766 ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0... Fri, 11 Jun 2021 12:11:44
CVE-2021-22765 ** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0... Fri, 11 Jun 2021 12:11:16
CVE-2021-22764 A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerL... Fri, 11 Jun 2021 12:10:46
CVE-2021-22763 A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8E... Fri, 11 Jun 2021 12:10:26
CVE-2021-22762 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.... Fri, 11 Jun 2021 12:10:11
CVE-2021-22761 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (De... Fri, 11 Jun 2021 12:09:53
CVE-2021-22760 A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior t... Fri, 11 Jun 2021 12:09:25
CVE-2021-22759 A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss ... Fri, 11 Jun 2021 12:09:08
CVE-2021-22758 A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that coul... Fri, 11 Jun 2021 12:08:39
CVE-2021-22757 A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in d... Fri, 11 Jun 2021 12:08:08
CVE-2021-22756 A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in d... Fri, 11 Jun 2021 12:07:40
CVE-2021-22755 A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in ... Fri, 11 Jun 2021 12:07:24
CVE-2021-22754 A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in ... Fri, 11 Jun 2021 12:06:59
CVE-2021-22753 A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in l... Fri, 11 Jun 2021 12:06:33
CVE-2021-22752 A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in ... Fri, 11 Jun 2021 12:06:09
CVE-2021-22751 A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in ... Fri, 11 Jun 2021 12:05:47
CVE-2021-22750 A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in ... Fri, 11 Jun 2021 12:05:16
CVE-2021-22749 A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1... Fri, 11 Jun 2021 12:05:01
CVE-2021-22181 A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive ... Fri, 11 Jun 2021 12:04:42
CVE-2021-22175 When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecti... Fri, 11 Jun 2021 12:04:30
CVE-2021-20591 Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versi... Fri, 11 Jun 2021 12:04:15
CVE-2021-28213 Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. Fri, 11 Jun 2021 11:25:32
CVE-2021-28211 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Fri, 11 Jun 2021 11:25:05
CVE-2021-28210 An unlimited recursion in DxeCore in EDK II. Fri, 11 Jun 2021 11:24:48
CVE-2020-13663 Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site ... Fri, 11 Jun 2021 11:24:19
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report