Latest CVE Feed
-
6.1
MEDIUM- Published: Nov. 22, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-33494
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.... Read more
- Published: Nov. 22, 2021
- Modified: Nov. 21, 2024
-
6.0
MEDIUMCVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.... Read more
- Published: Nov. 22, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUM- Published: Nov. 22, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-33491
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.... Read more
- Published: Nov. 22, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-33490
OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.... Read more
- Published: Nov. 22, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-33489
OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.... Read more
- Published: Nov. 22, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-33488
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.... Read more
- Published: Nov. 22, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33486
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.... Read more
Affected Products : runtime_toolkit- Published: Aug. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33485
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.... Read more
- Published: Aug. 03, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33484
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, t... Read more
Affected Products : onyaktech_comments_pro- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-33483
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.... Read more
Affected Products : onyaktech_comments_pro- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33481
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.... Read more
Affected Products : optical_character_recognition- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-33480
An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.... Read more
Affected Products : optical_character_recognition- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33479
A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.... Read more
Affected Products : optical_character_recognition- Published: Nov. 17, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-33478
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for ... Read more
Affected Products : ip_phone_8800_firmware ip_phone_8811_firmware ip_phone_8841_firmware ip_phone_8845_firmware ip_phone_8851_firmware ip_phone_8861_firmware ip_phone_8865_firmware wireless_ip_phone_8821_firmware ip_phone_8800_series_with_multiplatform_firmware ip_phone_8811_with_multiplatform_firmware +5 more products- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-33477
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.... Read more
- Published: May. 20, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-33473
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.... Read more
Affected Products : dragonfly- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33470
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.... Read more
- Published: May. 26, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-33469
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter.... Read more
- Published: May. 26, 2021
- Modified: Nov. 21, 2024