Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1147 | 2 Apple, Libexpat Project | 2 Mac Os X, Libexpat | 2021-01-25 | 4.3 MEDIUM | N/A |
| readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | |||||
| CVE-2021-23835 | 1 Flatcore | 1 Flatcore | 2021-01-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc. | |||||
| CVE-2020-9139 | 1 Huawei | 2 Emui, Magic Ui | 2021-01-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service. | |||||
| CVE-2021-3028 | 1 Git-big-picture Project | 1 Git-big-picture | 2021-01-19 | 7.5 HIGH | 9.8 CRITICAL |
| git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution. | |||||
| CVE-2021-1060 | 7 Citrix, Linux, Microsoft and 4 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2021-01-14 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2021-0322 | 1 Google | 1 Android | 2021-01-13 | 1.9 LOW | 5.0 MEDIUM |
| In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: Android; Versions: Android-10, Android-11, Android-9; Android ID: A-159145361. | |||||
| CVE-2021-0313 | 1 Google | 1 Android | 2021-01-13 | 7.8 HIGH | 7.5 HIGH |
| In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514. | |||||
| CVE-2021-1065 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-01-11 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2020-4667 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2021-01-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282. | |||||
| CVE-2018-25002 | 1 Sunhater | 1 Kcfinder | 2021-01-11 | 6.5 MEDIUM | 8.8 HIGH |
| uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2018-19945 | 1 Qnap | 1 Qts | 2021-01-06 | 8.5 HIGH | 9.1 CRITICAL |
| A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x. | |||||
| CVE-2016-6433 | 1 Cisco | 1 Firepower Management Center | 2021-01-05 | 9.0 HIGH | 8.8 HIGH |
| The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. | |||||
| CVE-2016-6374 | 1 Cisco | 1 Cloud Services Platform 2100 | 2021-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093. | |||||
| CVE-2016-9021 | 1 Exponentcms | 1 Exponent Cms | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.6.0 has improper input validation in storeController.php. | |||||
| CVE-2016-9023 | 1 Exponentcms | 1 Exponent Cms | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. | |||||
| CVE-2016-9025 | 1 Exponentcms | 1 Exponent Cms | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. | |||||
| CVE-2017-14169 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. | |||||
| CVE-2016-9026 | 1 Exponentcms | 1 Exponent Cms | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.6.0 has improper input validation in fileController.php. | |||||
| CVE-2016-9022 | 1 Exponentcms | 1 Exponent Cms | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.6.0 has improper input validation in usersController.php. | |||||
| CVE-2020-35616 | 1 Joomla | 1 Joomla\! | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations. | |||||