|
194981
|
4.4 |
MEDIUM
Local
|
google
|
android
|
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
|
NVD-CWE-noinfo
|
CVE-2021-25468
|
2024-11-21 14:55 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194982
|
6.7 |
MEDIUM
Local
|
google
|
android
|
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded l…
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-25467
|
2024-11-21 14:55 |
2021-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194983
|
5.4 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the descrip…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25964
|
2024-11-21 14:55 |
2021-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194984
|
6.1 |
MEDIUM
Network
|
shuup
|
shuup
|
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25963
|
2024-11-21 14:55 |
2021-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194985
|
8.8 |
HIGH
Network
|
shuup
|
shuup
|
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a prod…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-25962
|
2024-11-21 14:55 |
2021-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194986
|
8.0 |
HIGH
Network
|
salesagility
|
suitecrm
|
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible …
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2021-25961
|
2024-11-21 14:55 |
2021-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194987
|
8.0 |
HIGH
Network
|
salesagility
|
suitecrm
|
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-25960
|
2024-11-21 14:55 |
2021-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194988
|
6.1 |
MEDIUM
Network
|
opencrx
|
opencrx
|
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25959
|
2024-11-21 14:55 |
2021-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194989
|
8.1 |
HIGH
Network
|
kubernetes
|
kubernetes
|
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host file…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2021-25741
|
2024-11-21 14:55 |
2021-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194990
|
3.1 |
LOW
Network
|
kubernetes
|
kubernetes
|
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2021-25740
|
2024-11-21 14:55 |
2021-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
