Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 128082 entries
IDDescriptionPriorityModified date
CVE-2021-33034 In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. -- May 14, 2021
CVE-2021-33033 The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. -- May 14, 2021
CVE-2021-33026 The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. -- May 13, 2021
CVE-2021-32925 admin/user_import.php in Chamilo 1.11.14 reads XML data without disabling the ability to load external entities. -- May 13, 2021
CVE-2021-32921 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. -- May 14, 2021
CVE-2021-32920 Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. -- May 14, 2021
CVE-2021-32919 An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled). -- May 14, 2021
CVE-2021-32918 An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. -- May 14, 2021
CVE-2021-32917 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server\'s bandwidth. -- May 14, 2021
CVE-2021-32820 Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability. -- May 14, 2021
CVE-2021-32819 Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023. -- May 14, 2021
CVE-2021-32818 haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application that passes user controlled request objects to the haml-coffee template engine may introduce RCE vulnerabilities. Additionally control over the escapeHtml parameter through template configuration pollution ensures that haml-coffee would not sanitize template inputs that may result in reflected Cross Site Scripting attacks against downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of haml-coffee is currently 1.14.1. For complete details refer to the referenced GHSL-2021-025. -- May 14, 2021
CVE-2021-32817 express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .hbs appended to them. For complete details refer to the referenced GHSL-2021-019 report. Notes in documentation have been added to help users of express-hbs avoid this potential information exposure vulnerability. -- May 14, 2021
CVE-2021-32816 ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced GHSL-2021-027. -- May 14, 2021
CVE-2021-32615 Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection. -- May 13, 2021
CVE-2021-32613 In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. -- May 14, 2021
CVE-2021-32611 A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 when handling certain 3xx redirect responses. -- May 12, 2021
CVE-2021-32608 An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. -- May 12, 2021
CVE-2021-32607 An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message. -- May 12, 2021
CVE-2021-32606 In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.) -- May 14, 2021
CVE-2021-32605 zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an if end if block. -- May 11, 2021
CVE-2021-32604 SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter. -- May 11, 2021
CVE-2021-32573 ** DISPUTED ** The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this would rely on an admin hacking his/her own website. -- May 11, 2021
CVE-2021-32572 Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd file. -- May 12, 2021
CVE-2021-32563 An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. -- May 11, 2021
CVE-2021-32561 OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters. -- May 11, 2021
CVE-2021-32560 The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files. -- May 11, 2021
CVE-2021-32489 An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product. -- May 11, 2021
CVE-2021-32471 Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states this vulnerability has no real-world implications. -- May 10, 2021
CVE-2021-32089 ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. -- May 11, 2021
CVE-2021-32073 DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution. -- May 15, 2021
CVE-2021-32056 Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. -- May 10, 2021
CVE-2021-32054 Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim\'s web browser. -- May 14, 2021
CVE-2021-32053 JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests. -- May 11, 2021
CVE-2021-32051 Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter. -- May 14, 2021
CVE-2021-32029 Memory disclosure in partitioned-table UPDATE ... RETURNING -- May 14, 2021
CVE-2021-32028 postgresql: Fix mishandling of resjunk columns in ON CONFLICT ... UPDATE tlists. -- May 11, 2021
CVE-2021-32027 postgresql: Prevent integer overflows in array subscripting calculations. -- May 11, 2021
CVE-2021-31936 Microsoft Accessibility Insights for Web Information Disclosure Vulnerability -- May 11, 2021
CVE-2021-31922 An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. -- May 14, 2021
CVE-2021-31915 In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. -- May 11, 2021
CVE-2021-31914 In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. -- May 11, 2021
CVE-2021-31913 In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. -- May 11, 2021
CVE-2021-31912 In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. -- May 11, 2021
CVE-2021-31910 In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. -- May 11, 2021
CVE-2021-31903 In JetBrains YouTrack before 2021.1.9819, a pull request\'s title was sanitized insufficiently, leading to XSS. -- May 11, 2021
CVE-2021-31902 In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. -- May 11, 2021
CVE-2021-31901 In JetBrains Hub before 2021.1.13079, two-factor authentication wasn\'t enabled properly for the All Users group. -- May 11, 2021
CVE-2021-31900 In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. -- May 11, 2021
CVE-2021-31899 In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode. -- May 11, 2021
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online