CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2673 matches found

OSV•added 2021/05/31 3:39 p.m.•16 views

UVI-2021-1000163 net: qrtr: Avoid potential use after free in MHI send

net: qrtr: Avoid potential use after free in MHI send This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.35 by commit...

7.4AI score

Exploits0

OSV•added 2021/05/31 3:39 p.m.•8 views

UVI-2021-1000090 net: qrtr: Avoid potential use after free in MHI send

7.4AI score

Exploits0

OSV•added 2021/05/31 3:39 p.m.•11 views

UVI-2021-1000125 net: qrtr: Avoid potential use after free in MHI send

7.4AI score

Exploits0

Positive Technologies•added 2021/05/22 12:0 a.m.•5 views

PT-2024-11148 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition in the Linux kernel's ipc/mqueue, msg, and sem components can cause a crash when a do mq timedreceive call returns and leaves do mq timedsend to rely on an invalid...

9.1CVSS6.5AI score0.02701EPSS

Exploits7References1574

GithubExploit•added 2021/05/04 6:30 a.m.•146 views

Exploit for Injection in Atlassian Jira_Server

Atlassian Jira unauthen template injection CVE-2019-11581...

9.8CVSS10AI score0.84621EPSS

Exploits2

CNNVD•added 2021/04/14 12:0 a.m.•3 views

Zulip 访问控制错误漏洞

Zulip server is an open source team chat application from the American company Zulip. An Access Control Error vulnerability exists in versions of Zulip Server prior to 3.4, which results in a user with this privilege being able to send messages. No details of the vulnerability are provided at thi...

4.3CVSS5.6AI score0.00575EPSS

Exploits0References3

OSV•added 2021/04/07 12:0 p.m.•12 views

RUSTSEC-2021-0113 AtomicBucket<T> unconditionally implements Send/Sync

In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...

8.1CVSS8.1AI score0.00741EPSS

Exploits0References3

RustSec•added 2021/04/07 12:0 p.m.•12 views

AtomicBucket<T> unconditionally implements Send/Sync

8.1CVSS4.6AI score0.00741EPSS

Exploits0Affected Software1

OSV•added 2021/04/06 4:15 p.m.•1 views

CVE-2021-30140

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...

5.4CVSS6.1AI score0.0136EPSS

Exploits3References5

NVD•added 2021/04/06 4:15 p.m.•11 views

CVE-2021-30140

5.4CVSS0.0136EPSS

Exploits3References5

Prion•added 2021/04/06 4:15 p.m.•13 views

Cross site scripting

3.5CVSS5AI score0.0136EPSS

Exploits3References5Affected Software1

Cvelist•added 2021/04/06 3:46 p.m.•24 views

CVE-2021-30140

5.4CVSS5.3AI score0.0136EPSS

Exploits3References5

Microsoft CVE•added 2021/03/20 7:0 a.m.•3 views

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

...

9.8CVSS6.4AI score0.03444EPSS

Exploits0

OSV•added 2021/03/16 5:15 p.m.•4 views

CVE-2020-28899

The Web CGI Script on ZyXEL LTE4506-M606 V1.00ABDO.2C0 devices does not require authentication, which allows remote unauthenticated attackers via crafted JSON action data to /cgi-bin/gui.cgi to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi...

9.1CVSS5.8AI score0.01632EPSS

Exploits0References1

OSV•added 2021/03/12 7:15 p.m.•23 views

CVE-2021-20232