CVE.report

CVE and Other Vulnerability Information

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


[rss]
Recent CVEs
CVE Description Date
CVE-2021-20208 A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container ... Mon, 19 Apr 2021 18:06:32
CVE-2021-3506 An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions befo... Mon, 19 Apr 2021 18:06:09
CVE-2021-27458 If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All ve... Mon, 19 Apr 2021 17:41:40
CVE-2021-3505 A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength ... Mon, 19 Apr 2021 17:07:25
CVE-2021-3498 GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. Mon, 19 Apr 2021 17:07:05
CVE-2021-3497 GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. Mon, 19 Apr 2021 17:06:47
CVE-2020-27241 An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber para... Mon, 19 Apr 2021 17:06:19
CVE-2020-27240 An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus p... Mon, 19 Apr 2021 17:06:07
CVE-2021-30199 In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first... Mon, 19 Apr 2021 16:06:29
CVE-2021-30022 There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a neg... Mon, 19 Apr 2021 16:06:15
CVE-2021-30020 In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with c... Mon, 19 Apr 2021 16:05:57
CVE-2021-30019 In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be ... Mon, 19 Apr 2021 16:05:37
CVE-2021-30015 There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The ... Mon, 19 Apr 2021 16:05:18
CVE-2021-30014 There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results ... Mon, 19 Apr 2021 16:04:57
CVE-2021-29279 There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg con... Mon, 19 Apr 2021 16:04:39
CVE-2021-29455 Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in lo... Mon, 19 Apr 2021 15:09:28
CVE-2021-31262 The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a... Mon, 19 Apr 2021 15:09:11
CVE-2021-31261 The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command. Mon, 19 Apr 2021 15:08:52
CVE-2021-31259 The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer... Mon, 19 Apr 2021 15:08:36
CVE-2021-31258 The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference... Mon, 19 Apr 2021 15:08:22
CVE-2021-31257 The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted fi... Mon, 19 Apr 2021 15:08:09
CVE-2021-31256 Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. Mon, 19 Apr 2021 15:07:49
CVE-2021-31255 Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execut... Mon, 19 Apr 2021 15:07:25
CVE-2021-31254 Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execut... Mon, 19 Apr 2021 15:07:07
CVE-2021-31260 The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted ... Mon, 19 Apr 2021 15:06:44
CVE-2021-29453 matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo... Mon, 19 Apr 2021 15:03:34
CVE-2021-29434 Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field... Mon, 19 Apr 2021 14:52:49
CVE-2021-29457 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A ... Mon, 19 Apr 2021 14:37:20
CVE-2021-29458 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An... Mon, 19 Apr 2021 14:32:41
CVE-2021-20527 IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another u... Mon, 19 Apr 2021 12:23:59
CVE-2021-27031 A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review caus... Mon, 19 Apr 2021 12:06:21
CVE-2021-27030 A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnera... Mon, 19 Apr 2021 12:06:08
CVE-2021-27029 The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's... Mon, 19 Apr 2021 12:05:54
CVE-2021-27028 A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously ... Mon, 19 Apr 2021 12:05:35
CVE-2021-27027 A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through malic... Mon, 19 Apr 2021 12:05:05
CVE-2020-28141 The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user ca... Mon, 19 Apr 2021 12:04:50
CVE-2021-21981 VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignm... Mon, 19 Apr 2021 11:01:45
CVE-2021-20992 In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP proto... Mon, 19 Apr 2021 10:09:11
CVE-2021-20991 In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root... Mon, 19 Apr 2021 10:08:40
CVE-2021-20990 In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible o... Mon, 19 Apr 2021 10:08:12
CVE-2021-20989 Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to p... Mon, 19 Apr 2021 10:07:50
CVE-2021-21070 Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lea... Mon, 19 Apr 2021 09:05:21
CVE-2020-7851 Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow... Mon, 19 Apr 2021 09:04:51
CVE-2021-29399 XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of... Mon, 19 Apr 2021 07:43:34
CVE-2021-23381 This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to e... Sun, 18 Apr 2021 14:52:18
CVE-2021-23380 This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this p... Sun, 18 Apr 2021 14:51:51
CVE-2021-23379 This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker... Sun, 18 Apr 2021 14:51:23
CVE-2021-23377 This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is ... Sun, 18 Apr 2021 14:51:01
CVE-2021-23376 This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is... Sun, 18 Apr 2021 14:50:41
CVE-2021-23375 This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible ... Sun, 18 Apr 2021 14:50:19
CVE-2021-23374 This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possi... Sun, 18 Apr 2021 14:50:00
CVE-2021-23378 This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible ... Sun, 18 Apr 2021 14:43:57
CVE-2021-3493 The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of fil... Sat, 17 Apr 2021 00:25:41
CVE-2021-3492 Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring durin... Sat, 17 Apr 2021 00:25:21
CVE-2020-36195 An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on.... Fri, 16 Apr 2021 23:52:58
CVE-2020-2509 A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows atta... Fri, 16 Apr 2021 23:52:28
CVE-2021-29446 jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the A... Fri, 16 Apr 2021 18:03:26
CVE-2021-29445 jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the A... Fri, 16 Apr 2021 17:54:48
CVE-2021-29444 jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AE... Fri, 16 Apr 2021 17:48:43
CVE-2021-29451 Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature o... Fri, 16 Apr 2021 17:45:49
CVE-2021-29452 a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing... Fri, 16 Apr 2021 17:37:41
CVE-2021-31348 An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while... Fri, 16 Apr 2021 16:35:36
CVE-2021-31347 An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while... Fri, 16 Apr 2021 16:35:24
CVE-2021-29443 jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A1... Fri, 16 Apr 2021 16:34:54
CVE-2021-26830 SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. Thi... Fri, 16 Apr 2021 16:34:42
CVE-2020-9681 Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenti... Fri, 16 Apr 2021 16:34:22
CVE-2020-9668 Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symboli... Fri, 16 Apr 2021 16:33:53
CVE-2020-9667 Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenti... Fri, 16 Apr 2021 16:33:23
CVE-2021-27394 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications usin... Fri, 16 Apr 2021 16:00:54
CVE-2021-20491 IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during... Fri, 16 Apr 2021 15:53:51
CVE-2021-22539 An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows... Fri, 16 Apr 2021 15:53:35
CVE-2021-31414 The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted works... Fri, 16 Apr 2021 15:53:05
CVE-2021-27692 Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remot... Fri, 16 Apr 2021 15:52:51
CVE-2021-27691 Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G... Fri, 16 Apr 2021 15:52:35
CVE-2021-26074 Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spri... Fri, 16 Apr 2021 15:52:14
CVE-2021-26073 Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express i... Fri, 16 Apr 2021 15:51:46
CVE-2018-19942 A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this v... Fri, 16 Apr 2021 15:51:33
CVE-2021-21405 Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method... Thu, 15 Apr 2021 17:37:50
CVE-2021-29450 Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-pr... Thu, 15 Apr 2021 17:23:54
CVE-2021-29447 Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in... Thu, 15 Apr 2021 17:11:35
CVE-2021-29431 Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lac... Thu, 15 Apr 2021 17:04:28
CVE-2021-29432 Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Syden... Thu, 15 Apr 2021 16:47:37
CVE-2021-29430 Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A mal... Thu, 15 Apr 2021 16:37:28
CVE-2021-30245 The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The probl... Thu, 15 Apr 2021 15:35:29
CVE-2021-31402 The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerabili... Thu, 15 Apr 2021 15:06:02
CVE-2021-28055 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which mi... Thu, 15 Apr 2021 15:05:34
CVE-2020-28898 In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a serve... Thu, 15 Apr 2021 14:44:56
CVE-2021-26582 A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on H... Thu, 15 Apr 2021 14:04:15
CVE-2021-29433 ### Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause e... Thu, 15 Apr 2021 13:59:44
CVE-2021-3243 Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with ... Thu, 15 Apr 2021 13:04:46
CVE-2021-27112 LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during th... Thu, 15 Apr 2021 11:41:46
CVE-2021-29448 Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hol... Thu, 15 Apr 2021 11:29:49
CVE-2021-31229 An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling wh... Thu, 15 Apr 2021 11:04:42
CVE-2021-20288 An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requ... Thu, 15 Apr 2021 10:40:25
CVE-2021-30209 Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without an... Thu, 15 Apr 2021 10:14:56
CVE-2021-28549 Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when par... Thu, 15 Apr 2021 10:14:33
CVE-2021-28548 Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when par... Thu, 15 Apr 2021 10:14:13
CVE-2021-28242 SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database... Thu, 15 Apr 2021 10:13:46
CVE-2021-27673 Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote att... Thu, 15 Apr 2021 10:13:29
CVE-2021-27672 SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obt... Thu, 15 Apr 2021 10:13:07
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report