CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2021-39339 The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due t... Wed, 22 Sep 2021 07:03:49
CVE-2021-38153 Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that... Wed, 22 Sep 2021 05:09:59
CVE-2021-38112 In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces:// URI handler can lead to ... Tue, 21 Sep 2021 22:02:41
CVE-2021-31819 In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems... Tue, 21 Sep 2021 21:50:52
CVE-2021-41382 Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. Tue, 21 Sep 2021 20:06:23
CVE-2020-23273 Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial... Tue, 21 Sep 2021 19:44:58
CVE-2020-23269 An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overfl... Tue, 21 Sep 2021 19:44:29
CVE-2020-23267 An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based b... Tue, 21 Sep 2021 19:44:15
CVE-2020-23266 An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which ca... Tue, 21 Sep 2021 19:43:56
CVE-2021-41087 in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versio... Tue, 21 Sep 2021 17:10:53
CVE-2021-41086 jsuites is an open source collection of common required javascript web components. In affected versions users are subject to ... Tue, 21 Sep 2021 17:04:37
CVE-2020-19554 Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based X... Tue, 21 Sep 2021 15:43:14
CVE-2020-19553 Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app... Tue, 21 Sep 2021 15:04:47
CVE-2020-19551 Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote... Tue, 21 Sep 2021 15:04:24
CVE-2021-40847 The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remot... Tue, 21 Sep 2021 13:40:19
CVE-2021-41084 http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request... Tue, 21 Sep 2021 13:23:18
CVE-2021-40868 In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. Tue, 21 Sep 2021 13:06:51
CVE-2021-23444 This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the... Tue, 21 Sep 2021 13:03:39
CVE-2021-39230 Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recomme... Tue, 21 Sep 2021 12:56:51
CVE-2021-23443 This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when t... Tue, 21 Sep 2021 12:50:59
CVE-2021-29831 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection... Tue, 21 Sep 2021 12:08:32
CVE-2021-29795 IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hype... Tue, 21 Sep 2021 12:08:10
CVE-2021-41525 An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inv... Tue, 21 Sep 2021 10:39:20
CVE-2021-41531 NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length para... Tue, 21 Sep 2021 09:32:20
CVE-2021-37741 ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. Tue, 21 Sep 2021 09:04:58
CVE-2021-37424 ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. Tue, 21 Sep 2021 09:04:41
CVE-2021-37420 ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Tue, 21 Sep 2021 09:04:28
CVE-2021-37419 ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Tue, 21 Sep 2021 09:04:10
CVE-2021-28960 ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Not... Tue, 21 Sep 2021 09:03:51
CVE-2021-0869 In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This ... Tue, 21 Sep 2021 09:03:24
CVE-2021-31917 A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker ... Tue, 21 Sep 2021 07:03:30
CVE-2021-26333 An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary acc... Tue, 21 Sep 2021 07:03:12
CVE-2021-20829 Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote... Tue, 21 Sep 2021 05:26:43
CVE-2021-20037 SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to pri... Tue, 21 Sep 2021 04:59:06
CVE-2021-41083 Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully craft... Mon, 20 Sep 2021 17:35:24
CVE-2021-39229 Apprise is an open source library which allows you to send a notification to almost all of the most popular notification serv... Mon, 20 Sep 2021 17:26:43
CVE-2021-34650 The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.ph... Mon, 20 Sep 2021 17:04:54
CVE-2021-41082 Discourse is a platform for community discussion. In affected versions any private message that includes a group had its titl... Mon, 20 Sep 2021 16:25:20
CVE-2021-39325 The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the... Mon, 20 Sep 2021 16:02:10
CVE-2020-16630 TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-prot... Mon, 20 Sep 2021 16:01:47
CVE-2020-26301 ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command inj... Mon, 20 Sep 2021 15:45:25
CVE-2020-19915 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. Mon, 20 Sep 2021 15:06:15
CVE-2021-32838 Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vuln... Mon, 20 Sep 2021 13:38:22
CVE-2021-32839 sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression... Mon, 20 Sep 2021 13:14:53
CVE-2021-25741 A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to ac... Mon, 20 Sep 2021 13:11:44
CVE-2021-25740 A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would other... Mon, 20 Sep 2021 13:11:15
CVE-2020-8561 A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or Vali... Mon, 20 Sep 2021 13:10:51
CVE-2021-38899 IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-For... Mon, 20 Sep 2021 12:54:31
CVE-2021-29856 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Cr... Mon, 20 Sep 2021 12:54:01
CVE-2021-29821 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... Mon, 20 Sep 2021 12:53:48
CVE-2021-29820 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... Mon, 20 Sep 2021 12:53:17
CVE-2021-29819 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... Mon, 20 Sep 2021 12:53:02
CVE-2021-29818 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... Mon, 20 Sep 2021 12:52:46
CVE-2021-29817 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerab... Mon, 20 Sep 2021 12:52:17
CVE-2021-29811 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which ca... Mon, 20 Sep 2021 12:51:59
CVE-2021-29809 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This v... Mon, 20 Sep 2021 12:51:44
CVE-2021-29808 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This v... Mon, 20 Sep 2021 12:51:14
CVE-2021-29807 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This v... Mon, 20 Sep 2021 12:50:47
CVE-2021-29806 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This v... Mon, 20 Sep 2021 12:50:18
CVE-2021-39598 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function callcode() located in... Mon, 20 Sep 2021 12:42:19
CVE-2021-39597 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_dump2() located ... Mon, 20 Sep 2021 12:42:06
CVE-2021-39596 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_parse() located ... Mon, 20 Sep 2021 12:41:39
CVE-2021-39595 An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function rfx_alloc() located in m... Mon, 20 Sep 2021 12:41:12
CVE-2021-39594 Other An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function updateusage() l... Mon, 20 Sep 2021 12:40:50
CVE-2021-39593 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_FontExtract_Defin... Mon, 20 Sep 2021 12:40:21
CVE-2021-39592 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_uint() lo... Mon, 20 Sep 2021 12:40:04
CVE-2021-39591 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingB... Mon, 20 Sep 2021 12:39:42
CVE-2021-39590 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function params_dump() located... Mon, 20 Sep 2021 12:39:21
CVE-2021-39589 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parse_metadata() loca... Mon, 20 Sep 2021 12:39:08
CVE-2021-39588 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_ReadABC() located... Mon, 20 Sep 2021 12:38:55
CVE-2021-39587 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpABC() located... Mon, 20 Sep 2021 12:38:39
CVE-2021-39585 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located... Mon, 20 Sep 2021 12:38:15
CVE-2021-39584 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() ... Mon, 20 Sep 2021 12:38:01
CVE-2021-39583 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2()... Mon, 20 Sep 2021 12:37:39
CVE-2021-39582 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_GetPlaceObject() loca... Mon, 20 Sep 2021 12:37:08
CVE-2021-39579 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function string_hash() located in ... Mon, 20 Sep 2021 12:36:51
CVE-2021-39577 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function main() located in swfdump... Mon, 20 Sep 2021 12:36:31
CVE-2021-39575 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function dump_method() located... Mon, 20 Sep 2021 12:36:13
CVE-2021-39574 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function pool_read() located in po... Mon, 20 Sep 2021 12:35:43
CVE-2021-39569 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function OpAdvance() located in sw... Mon, 20 Sep 2021 12:35:27
CVE-2021-39564 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_DumpActions() located... Mon, 20 Sep 2021 12:34:58
CVE-2021-39563 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpActions() loc... Mon, 20 Sep 2021 12:34:40
CVE-2021-39562 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function FileStream::makeSubSt... Mon, 20 Sep 2021 12:34:22
CVE-2021-39561 An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function Gfx::opSetFillColorN() l... Mon, 20 Sep 2021 12:34:04
CVE-2021-39559 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function GString::~GString() l... Mon, 20 Sep 2021 12:33:42
CVE-2021-39558 An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::... Mon, 20 Sep 2021 12:33:14
CVE-2021-39557 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function copyString() located ... Mon, 20 Sep 2021 12:32:54
CVE-2021-39556 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D... Mon, 20 Sep 2021 12:32:36
CVE-2021-39555 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D... Mon, 20 Sep 2021 12:32:12
CVE-2021-39554 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function Lexer::Lexer() locate... Mon, 20 Sep 2021 12:31:52
CVE-2021-39553 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in... Mon, 20 Sep 2021 12:31:35
CVE-2021-39552 An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a heap-based buffer overflo... Mon, 20 Sep 2021 12:31:18
CVE-2021-39551 An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.c has a heap-based buffer overf... Mon, 20 Sep 2021 12:31:06
CVE-2021-39550 An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.cpp has a heap-based buffer ove... Mon, 20 Sep 2021 12:30:36
CVE-2021-39549 An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function file::WavFile::WavFile() ... Mon, 20 Sep 2021 12:30:16
CVE-2021-39548 An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function frame::FrameDecoder::proc... Mon, 20 Sep 2021 12:29:57
CVE-2021-39547 An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function lpc::SampleGenerator::pro... Mon, 20 Sep 2021 12:29:29
CVE-2021-39546 An issue was discovered in sela through 20200412. rice::RiceDecoder::process() in rice_decoder.cpp has a heap-based buffer ov... Mon, 20 Sep 2021 12:29:09
CVE-2021-39545 An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function rice::RiceDecoder::proces... Mon, 20 Sep 2021 12:28:53
CVE-2021-39544 An issue was discovered in sela through 20200412. file::WavFile::writeToFile() in wav_file.c has a heap-based buffer overflow... Mon, 20 Sep 2021 12:28:31
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report