CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2021-21387 Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encrypt... | 8.1 | HIGH | — | 0 |
| CVE-2021-21390 MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerab... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-27807 A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-27906 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-25277 FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-25278 FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. | 4.8 | MEDIUM | — | 0 |
| CVE-2021-22310 There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in ... | 4.4 | MEDIUM | — | 0 |
| CVE-2019-10127 A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of ... | 8.8 | HIGH | — | 0 |
| CVE-2021-20077 Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 i... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-26990 Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files. | 9.1 | CRITICAL | — | 0 |
| CVE-2021-26991 Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager. | 7.5 | HIGH | — | 0 |
| CVE-2021-26992 Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS). | 7.5 | HIGH | — | 0 |
| CVE-2021-27519 A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-27520 A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-10128 A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the A... | 7.8 | HIGH | — | 0 |
| CVE-2019-10196 A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Den... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10200 A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access ... | 7.2 | HIGH | — | 0 |
| CVE-2019-10225 A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the rest... | 6.3 | MEDIUM | — | 0 |
| CVE-2019-14828 A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-14829 A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-14830 A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which ... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-14831 A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was ena... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-21267 Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attac... | 7.5 | HIGH | — | 0 |
| CVE-2021-29939 An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data. | 7.3 | HIGH | — | 0 |
| CVE-2021-28950 An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-28951 An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concur... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-28117 libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of ... | 7.5 | HIGH | — | 0 |
| CVE-2021-28952 An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c... | 7.8 | HIGH | — | 0 |
| CVE-2020-27170 An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spect... | 4.7 | MEDIUM | — | 0 |
| CVE-2020-27171 An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic,... | 6.0 | MEDIUM | — | 0 |
| CVE-2021-28953 The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository. | 7.8 | HIGH | — | 0 |
| CVE-2021-28954 In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. | 7.8 | HIGH | — | 0 |
| CVE-2021-28961 applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. | 8.8 | HIGH | — | 0 |
| CVE-2021-23360 This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec... | 7.5 | HIGH | — | 0 |
| CVE-2020-13963 SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-26069 Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in ... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-26070 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `make... | 7.2 | HIGH | — | 0 |
| CVE-2021-28955 git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). | 9.8 | CRITICAL | — | 0 |
| CVE-2021-28956 The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerab... | 8.8 | HIGH | — | 0 |
| CVE-2021-28963 Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-21437 Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManageme... | 3.5 | LOW | — | 0 |
| CVE-2021-21438 Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions. | 3.5 | LOW | — | 0 |
| CVE-2021-28964 A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent... | 4.7 | MEDIUM | — | 0 |
| CVE-2020-28501 This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-26295 Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27962 Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. | 7.1 | HIGH | — | 0 |
| CVE-2021-28146 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any auth... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-27308 A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter. | 4.8 | MEDIUM | — | 0 |
| CVE-2021-28147 The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication se... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-28148 One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.