Search Results (Refine Search)

Search Parameters:
There are 155,792 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2020-18647

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".

Published: June 22, 2021; 11:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".

Published: June 22, 2021; 11:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.

Published: June 22, 2021; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-35206

Gitpod before 0.6.0 allows unvalidated redirects.

Published: June 22, 2021; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-35046

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.

Published: June 22, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-35045

Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.

Published: June 22, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34244

A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.

Published: June 22, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-34243

A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.

Published: June 22, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2010-4816

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.

Published: June 22, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2010-4266

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.

Published: June 22, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2010-4264

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.

Published: June 22, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-0608

In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174870704

Published: June 22, 2021; 8:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-0607

In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180950209

Published: June 22, 2021; 8:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-0606

In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487

Published: June 22, 2021; 8:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-0605

In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476

Published: June 22, 2021; 8:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-0553

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169936038

Published: June 22, 2021; 8:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-0552

In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175124820

Published: June 22, 2021; 8:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-0551

In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039

Published: June 22, 2021; 8:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-0550

In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673

Published: June 22, 2021; 8:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-0549

In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896

Published: June 22, 2021; 8:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)