IDCVSSSummaryLast (major) updatePublished
CVE-2017-20005 7.5
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoinde
14-06-2021 - 13:53 06-06-2021 - 22:15
CVE-2020-26885 4.3
An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim's browser.
14-06-2021 - 13:44 07-06-2021 - 04:15
CVE-2021-3538 7.5
A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for
14-06-2021 - 13:37 02-06-2021 - 14:15
CVE-2021-32550 None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-32551 None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-32555 None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-32553 None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-32557 None
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-31811 None
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
14-06-2021 - 11:25 12-06-2021 - 10:15
CVE-2021-32554 None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-31812 None
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
14-06-2021 - 11:25 12-06-2021 - 10:15
CVE-2021-34682 None
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
14-06-2021 - 11:25 12-06-2021 - 21:15
CVE-2021-23394 None
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
14-06-2021 - 11:25 13-06-2021 - 11:15
CVE-2021-32547 None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-32549 None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-21439 None
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community E
14-06-2021 - 11:25 14-06-2021 - 08:15
CVE-2021-32548 None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-32552 None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-32556 None
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
14-06-2021 - 11:25 12-06-2021 - 04:15
CVE-2021-3256 None
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.
14-06-2021 - 11:25 11-06-2021 - 20:15
CVE-2021-21382 None
Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configur
14-06-2021 - 11:25 11-06-2021 - 21:15
CVE-2021-34679 None
Thycotic Password Reset Server before 5.3.0 allows credential disclosure.
14-06-2021 - 11:25 11-06-2021 - 21:15
CVE-2020-7860 None
UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG. Attackers could exploit this and arbitrary code execution. This issue affects: Estsoft UnEGG 0
14-06-2021 - 11:25 11-06-2021 - 18:15
CVE-2021-27200 None
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
14-06-2021 - 11:25 11-06-2021 - 18:15
CVE-2020-16147 10.0
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.
14-06-2021 - 10:15 24-09-2020 - 14:15
CVE-2020-16148 9.0
The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.
14-06-2021 - 10:15 24-09-2020 - 14:15
CVE-2021-31807 None
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to
14-06-2021 - 09:15 08-06-2021 - 20:15
CVE-2021-33620 4.0
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious
14-06-2021 - 09:15 28-05-2021 - 12:15
CVE-2021-28651 5.0
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecifi
14-06-2021 - 09:15 27-05-2021 - 12:15
CVE-2021-31808 4.0
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
14-06-2021 - 09:15 27-05-2021 - 14:15
CVE-2021-28652 4.0
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a
14-06-2021 - 09:15 27-05-2021 - 12:15
CVE-2021-31806 4.0
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
14-06-2021 - 09:15 27-05-2021 - 13:15
CVE-2021-3516 6.8
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availabi
14-06-2021 - 03:15 01-06-2021 - 14:15
CVE-2021-33574 7.5
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to
14-06-2021 - 03:15 25-05-2021 - 22:15
CVE-2021-3517 7.5
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o
14-06-2021 - 03:15 19-05-2021 - 14:15
CVE-2021-3518 6.8
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, inte
14-06-2021 - 03:15 18-05-2021 - 12:15
CVE-2021-3537 4.3
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could
14-06-2021 - 03:15 14-05-2021 - 20:15
CVE-2021-29338 4.3
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
12-06-2021 - 03:15 14-04-2021 - 14:15
CVE-2019-25038 7.5
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotel
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25031 4.3
** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound sof
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25039 7.5
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25042 7.5
** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or l
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25040 5.0
** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or loc
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25033 7.5
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be rem
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25041 5.0
** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25032 7.5
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotel
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25034 7.5
** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound insta
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25037 5.0
** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25035 7.5
** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally explo
11-06-2021 - 22:15 27-04-2021 - 06:15
CVE-2019-25036 5.0
** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or lo
11-06-2021 - 22:15 27-04-2021 - 06:15
Back to Top Mark selected
Back to Top