CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2021-44875 Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-pr... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-44876 Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-pr... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-44877 Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, a... | 7.5 | HIGH | — | 0 |
| CVE-2021-45288 A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-27445 Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device. | 7.8 | HIGH | — | 0 |
| CVE-2021-27447 Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code. | 10.0 | CRITICAL | — | 0 |
| CVE-2021-27449 Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server. | 9.9 | CRITICAL | — | 0 |
| CVE-2021-27451 Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device. | 7.3 | HIGH | — | 0 |
| CVE-2021-27453 Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access. | 7.3 | HIGH | — | 0 |
| CVE-2021-45289 A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45297 An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45290 A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. | 7.5 | HIGH | — | 0 |
| CVE-2021-45291 The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45292 The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45293 A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-38893 IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrar... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-21954 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 6.1 | MEDIUM | — | 0 |
| CVE-2021-38900 IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access cont... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-38966 IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-44422 An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end ... | 7.8 | HIGH | — | 0 |
| CVE-2021-44423 An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input... | 7.8 | HIGH | — | 0 |
| CVE-2021-44859 An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data fr... | 7.8 | HIGH | — | 0 |
| CVE-2021-44860 An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data fr... | 7.8 | HIGH | — | 0 |
| CVE-2022-22288 Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | 7.5 | HIGH | — | 0 |
| CVE-2021-44917 A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44918 A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44919 A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44920 An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44921 A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44922 A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44924 An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44925 A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44926 A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44927 A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-43851 Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not ... | 8.1 | HIGH | — | 0 |
| CVE-2021-44028 XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44029 An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-44030 Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-44031 An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45459 lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-40836 A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A s... | 4.6 | MEDIUM | — | 0 |
| CVE-2021-40612 An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution withou... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-36750 ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names)... | 8.1 | HIGH | — | 0 |
| CVE-2021-45418 Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - F... | 8.8 | HIGH | — | 0 |
| CVE-2021-39013 IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the sy... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-44733 A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a sh... | 7.0 | HIGH | — | 0 |
| CVE-2021-45256 A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45257 An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45258 A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45259 An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.