CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-40526 Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by explo... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-40527 Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored... | 8.6 | HIGH | — | 0 |
| CVE-2021-25977 In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigge... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-35231 As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path o... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-38294 A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-0412 In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-40865 An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to ve... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-20007 Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated at... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-14264 "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | 3.9 | LOW | — | 0 |
| CVE-2021-0409 In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interact... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0410 In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interact... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0411 In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-22454 A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0413 In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0414 In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0613 In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interact... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0614 In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interact... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0615 In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0616 In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0617 In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0618 In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0625 In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0630 In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not need... | 7.5 | HIGH | — | 0 |
| CVE-2021-0631 In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not need... | 7.5 | HIGH | — | 0 |
| CVE-2021-0632 In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker under certain build conditions with no add... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0633 In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction ... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0634 In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ne... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0661 In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0662 In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0663 In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0935 In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0936 In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User inter... | 7.8 | HIGH | — | 0 |
| CVE-2021-0938 In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileg... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0939 In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0941 In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User inter... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-24381 The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site ... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-24414 The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting p... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24485 The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the un... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-24487 The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping ... | 8.8 | HIGH | — | 0 |
| CVE-2021-24489 The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even wh... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-24514 The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the ... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-24515 The Video Gallery WordPress plugin before 1.1.5 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues | 4.8 | MEDIUM | — | 0 |
| CVE-2021-24543 The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-24544 The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by def... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24608 The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cros... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-24653 The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfi... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-24662 The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page | 7.2 | HIGH | — | 0 |
| CVE-2021-24699 The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripti... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24744 The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to pe... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-42771 Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.