Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-33702 Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it ... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-33703 Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-33706 Due to improper input validation in InfraBox, logs can be modified by an authenticated user. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-33707 SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compr... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-36601 GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-38370 In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. | 5.9 | MEDIUM | — | 0 |
| CVE-2021-38372 In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. | 3.7 | LOW | — | 0 |
| CVE-2021-38373 In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-23171 A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafte... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-23172 A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-25082 An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDS... | 3.8 | LOW | — | 0 |
| CVE-2021-32768 TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-37365 CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query strin... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-37366 CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link tha... | 8.8 | HIGH | — | 0 |
| CVE-2021-37367 CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can c... | 7.8 | HIGH | — | 0 |
| CVE-2021-3692 yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 5.3 | MEDIUM | — | 0 |
| CVE-2021-28838 Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC... | 7.5 | HIGH | — | 0 |
| CVE-2021-28839 Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC06... | 7.5 | HIGH | — | 0 |
| CVE-2021-28840 Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC06... | 7.5 | HIGH | — | 0 |
| CVE-2021-38140 The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). | 9.8 | CRITICAL | — | 0 |
| CVE-2021-38380 Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack. | 7.5 | HIGH | — | 0 |
| CVE-2021-38381 Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-38382 Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-38384 Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior wi... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-21597 Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read se... | 7.2 | HIGH | — | 0 |
| CVE-2021-36941 Microsoft Word Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2021-21598 Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerabilit... | 3.9 | LOW | — | 0 |
| CVE-2021-21600 Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop use... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-21601 Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit ... | 8.8 | HIGH | — | 0 |
| CVE-2021-28841 Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of s... | 7.5 | HIGH | — | 0 |
| CVE-2021-28842 Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial... | 7.5 | HIGH | — | 0 |
| CVE-2021-36943 Azure CycleCloud Elevation of Privilege Vulnerability | 4.0 | MEDIUM | — | 0 |
| CVE-2021-28843 Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unkn... | 7.5 | HIGH | — | 0 |
| CVE-2021-28844 Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_gra... | 7.5 | HIGH | — | 0 |
| CVE-2021-38386 In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names. | 7.5 | HIGH | — | 0 |
| CVE-2021-38387 In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumpt... | 7.5 | HIGH | — | 0 |
| CVE-2021-28845 Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a deni... | 7.5 | HIGH | — | 0 |
| CVE-2021-28846 A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of serv... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-29294 Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be trigge... | 7.5 | HIGH | — | 0 |
| CVE-2021-29295 Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP r... | 7.5 | HIGH | — | 0 |
| CVE-2021-29296 Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request wit... | 7.5 | HIGH | — | 0 |
| CVE-2021-33708 Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. | 8.8 | HIGH | — | 0 |
| CVE-2021-37389 Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-37390 A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). | 6.1 | MEDIUM | — | 0 |
| CVE-2025-52815 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov citygov allows PHP Local File Inclusion.This issue affects... | N/A | NONE | — | 0 |
| CVE-2021-37391 A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies ... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-21675 A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-21676 A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-21677 A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file int... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.