Search Results (Refine Search)

Search Parameters:
There are 153,449 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2021-29022

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.

Published: May 10, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.

Published: May 10, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-28588

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.

Published: May 10, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27231

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published: May 10, 2021; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27230

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published: May 10, 2021; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27229

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published: May 10, 2021; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27226

An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Published: May 10, 2021; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-29502

WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type `!warnsysteminfo` to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the `!warnset description` command globally.

Published: May 10, 2021; 2:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19199

A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.

Published: May 10, 2021; 2:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-29501

Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable the exploitable code.

Published: May 10, 2021; 1:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20577

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199281.

Published: May 10, 2021; 1:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20559

IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.

Published: May 10, 2021; 1:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20538

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.

Published: May 10, 2021; 1:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-21822

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled.

Published: May 10, 2021; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

Published: May 10, 2021; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-28664

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0.

Published: May 10, 2021; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-28663

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.

Published: May 10, 2021; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23016

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: May 10, 2021; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23015

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: May 10, 2021; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23014

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: May 10, 2021; 11:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)