Latest CVE Feed
-
7.4
HIGHCVE-2021-28861
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.... Read more
- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-28860
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availabi... Read more
Affected Products : mixme- Published: May. 03, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28858
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.... Read more
- Published: Jun. 15, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28857
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.... Read more
- Published: Jun. 15, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28856
In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.... Read more
Affected Products : deark- Published: Apr. 14, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28855
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).... Read more
Affected Products : deark- Published: Apr. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28848
Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling the Mintty window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not ... Read more
Affected Products : mintty- Published: Jun. 03, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28847
MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.... Read more
Affected Products : mobaxterm- Published: Jun. 03, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28846
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling... Read more
- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28845
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi ... Read more
- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28844
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.... Read more
- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28843
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name.... Read more
- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28842
Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi vi... Read more
- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28841
Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an ac... Read more
- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28840
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the u... Read more
Affected Products : dap-3662_firmware dap-2310_firmware dap-2330_firmware dap-2360_firmware dap-2553_firmware dap-2660_firmware dap-2690_firmware dap-2695_firmware dap-3320_firmware dap-3662 +8 more products- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28839
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the u... Read more
Affected Products : dap-3662_firmware dap-2310_firmware dap-2330_firmware dap-2360_firmware dap-2553_firmware dap-2660_firmware dap-2690_firmware dap-2695_firmware dap-3320_firmware dap-3662 +8 more products- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28838
Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in ... Read more
Affected Products : dap-3662_firmware dap-2310_firmware dap-2330_firmware dap-2360_firmware dap-2553_firmware dap-2660_firmware dap-2690_firmware dap-2695_firmware dap-3320_firmware dap-3662 +8 more products- Published: Aug. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28835
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.... Read more
Affected Products : xnview- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28834
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.... Read more
- Published: Mar. 19, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-28833
Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.... Read more
Affected Products : qiita\- Published: Jun. 21, 2021
- Modified: Nov. 21, 2024