Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-39885 A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.... | 8.7 | HIGH | — | 0 |
| CVE-2021-39896 In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may ... | 3.8 | LOW | — | 0 |
| CVE-2021-39899 In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the atta... | 2.9 | LOW | — | 0 |
| CVE-2021-39900 Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | 2.0 | LOW | — | 0 |
| CVE-2021-40683 In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. | 7.8 | HIGH | — | 0 |
| CVE-2021-41103 containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insuffici... | 7.8 | HIGH | — | 0 |
| CVE-2021-41530 Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. | 7.5 | HIGH | — | 0 |
| CVE-2021-41591 ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. | 9.4 | CRITICAL | — | 0 |
| CVE-2021-41592 Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. | 9.4 | CRITICAL | — | 0 |
| CVE-2021-41593 Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. | 8.6 | HIGH | — | 0 |
| CVE-2021-41595 SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionali... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-41596 SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import f... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-23855 The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using ... | 8.6 | HIGH | — | 0 |
| CVE-2021-23856 The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | 10.0 | CRITICAL | — | 0 |
| CVE-2021-23857 Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to ... | 10.0 | CRITICAL | — | 0 |
| CVE-2021-23858 Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, d... | 8.6 | HIGH | — | 0 |
| CVE-2021-32626 Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to inc... | 7.5 | HIGH | — | 0 |
| CVE-2021-32627 Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code ex... | 7.5 | HIGH | — | 0 |
| CVE-2021-32628 Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentia... | 7.5 | HIGH | — | 0 |
| CVE-2021-32672 Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond th... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-32675 Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which dete... | 7.5 | HIGH | — | 0 |
| CVE-2021-32687 Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrar... | 7.5 | HIGH | — | 0 |
| CVE-2021-32762 Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large... | 7.5 | HIGH | — | 0 |
| CVE-2021-38392 A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-38394 An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware k... | 6.2 | MEDIUM | — | 0 |
| CVE-2021-38396 The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthoriz... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-38398 The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-38400 An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse eng... | 6.9 | MEDIUM | — | 0 |
| CVE-2021-39347 The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attac... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-3581 Buffer Access with Incorrect Length Value in zephyr. Zephyr versions >= >=2.5.0 contain Buffer Access with Incorrect Length Value (CWE-805). For more information, see https://github.com/zephyrproject-... | 7.0 | HIGH | — | 0 |
| CVE-2021-41099 Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of servic... | 7.5 | HIGH | — | 0 |
| CVE-2021-41578 mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability t... | 7.8 | HIGH | — | 0 |
| CVE-2021-41579 LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attac... | 7.8 | HIGH | — | 0 |
| CVE-2021-41093 Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in... | 7.4 | HIGH | — | 0 |
| CVE-2021-41094 Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to en... | 4.2 | MEDIUM | — | 0 |
| CVE-2021-42008 The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root ... | 7.8 | HIGH | — | 0 |
| CVE-2021-41100 Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session... | 7.4 | HIGH | — | 0 |
| CVE-2021-41118 The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular express... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-41651 A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the ... | 7.5 | HIGH | — | 0 |
| CVE-2020-21386 A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | 8.8 | HIGH | — | 0 |
| CVE-2020-21387 A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-39433 A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to... | 7.5 | HIGH | — | 0 |
| CVE-2021-41092 Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configura... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-21431 HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-21434 Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-21493 An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-21494 A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-21495 A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-21496 A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-32765 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protoc... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.