The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2021-28345 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28344 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28343 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28342 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28341 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28340 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28339 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28338 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28337 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28336 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28335 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28334 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28333 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28332 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28331 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28330 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28329 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-28327 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 13, 2021 |
CVE-2021-1666 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Jan 12, 2021 |
CVE-2021-1664 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Jan 12, 2021 |
CVE-2021-1658 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Jan 12, 2021 |
CVE-2021-1660 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Jan 12, 2021 |
CVE-2021-1701 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | HIGH | Jan 12, 2021 |
CVE-2021-1700 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | HIGH | Jan 12, 2021 |
CVE-2021-1667 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | HIGH | Jan 12, 2021 |
CVE-2021-1671 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Jan 12, 2021 |
CVE-2021-1673 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Jan 12, 2021 |
CVE-2016-7815 | Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | MEDIUM | May 10, 2017 |
CVE-2018-6494 | Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | MEDIUM | May 23, 2018 |
CVE-2019-11646 | Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information. | HIGH | Jun 4, 2019 |
CVE-2023-33480 | RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell. | -- | Nov 7, 2023 |
CVE-2023-33478 | RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. | -- | Nov 7, 2023 |
CVE-2023-33481 | RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the \'start\' GET parameter of patients/index.php. | -- | Nov 7, 2023 |
CVE-2023-33479 | RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. | -- | Nov 7, 2023 |
CVE-2024-0901 | Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. | -- | Mar 22, 2024 |
CVE-2018-15919 | Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \'We understand that the OpenSSH developers do not want to treat such a username enumeration (or oracle) as a vulnerability.\' | MEDIUM | Aug 28, 2018 |
CVE-2011-4201 | remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action. | High | Dec 13, 2011 |
CVE-2020-26412 | Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. | MEDIUM | Dec 11, 2020 |
CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. | -- | Dec 22, 2022 |
CVE-2023-35167 | Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function. | -- | Jun 24, 2023 |
CVE-2022-35143 | Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | -- | Aug 4, 2022 |
CVE-2022-35144 | Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | -- | Aug 4, 2022 |
CVE-2023-39075 | Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device. | -- | Aug 3, 2023 |
CVE-2023-33865 | RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. | -- | Jun 8, 2023 |
CVE-2022-4862 | Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | -- | Mar 11, 2023 |
CVE-2010-2297 | rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. | High | Jun 16, 2010 |
CVE-2011-1804 | rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a stale pointer. | High | May 27, 2011 |
CVE-2012-4514 | rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to trying to reuse a frame with a null part. | Medium | Nov 12, 2012 |
CVE-2011-1793 | rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a stale pointer. | High | Dec 29, 2014 |
CVE-2011-1798 | rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document. | High | Dec 29, 2014 |