Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-3425 A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shi... | 4.4 | MEDIUM | — | 0 |
| CVE-2020-22044 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-32654 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. ... | 8.1 | HIGH | — | 0 |
| CVE-2021-32655 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes... | 3.5 | LOW | — | 0 |
| CVE-2021-32656 Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic inf... | 8.6 | HIGH | — | 0 |
| CVE-2021-32657 Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration ... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-29090 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to ex... | 7.2 | HIGH | — | 0 |
| CVE-2021-29091 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users... | 7.7 | HIGH | — | 0 |
| CVE-2021-29089 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10742 A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc... | 6.0 | MEDIUM | — | 0 |
| CVE-2020-10771 A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request... | 7.1 | HIGH | — | 0 |
| CVE-2020-14317 It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attac... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-14326 A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the ent... | 7.5 | HIGH | — | 0 |
| CVE-2020-14335 A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from t... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-14336 A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an Open... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-14340 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial ... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-23895 Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the... | 9.0 | CRITICAL | — | 0 |
| CVE-2021-24012 An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-3520 There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument,... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-8761 In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs... | 4.3 | MEDIUM | — | 0 |
| CVE-2018-10195 lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. | 7.1 | HIGH | — | 0 |
| CVE-2020-35503 A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callbac... | 6.0 | MEDIUM | — | 0 |
| CVE-2020-35510 A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes correspondin... | 5.9 | MEDIUM | — | 0 |
| CVE-2020-35514 An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local a... | 7.0 | HIGH | — | 0 |
| CVE-2021-23896 Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password... | 3.2 | LOW | — | 0 |
| CVE-2021-3538 A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Rea... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-3544 Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhos... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-20345 IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potential... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-3545 An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in co... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-3546 An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GE... | 8.2 | HIGH | — | 0 |
| CVE-2019-12067 The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-26707 The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in th... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-28675 An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Imag... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-3530 A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a cras... | 7.5 | HIGH | — | 0 |
| CVE-2009-0947 Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. | 9.8 | CRITICAL | — | 0 |
| CVE-2009-0948 Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-22046 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-22048 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-22049 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-24870 Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. | 8.8 | HIGH | — | 0 |
| CVE-2020-27661 A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on th... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-6950 Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-25287 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. | 9.1 | CRITICAL | — | 0 |
| CVE-2021-25288 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. | 9.1 | CRITICAL | — | 0 |
| CVE-2021-28676 An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. | 7.5 | HIGH | — | 0 |
| CVE-2021-28677 An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally qu... | 7.5 | HIGH | — | 0 |
| CVE-2021-28678 An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-31855 KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) cause... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-31921 Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a g... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-3468 A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, al... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.