|
196251
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (Februa…
|
NVD-CWE-noinfo
|
CVE-2021-26687
|
2024-11-21 14:56 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196252
|
7.5 |
HIGH
Network
|
marc_project
|
marc
|
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.
|
NVD-CWE-noinfo
|
CVE-2021-26308
|
2024-11-21 14:56 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196253
|
5.5 |
MEDIUM
Local
|
raw-cpuid_project
|
raw-cpuid
|
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deter…
|
NVD-CWE-Other
|
CVE-2021-26307
|
2024-11-21 14:56 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196254
|
7.5 |
HIGH
Network
|
raw-cpuid_project
|
raw-cpuid
|
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.
|
NVD-CWE-Other
|
CVE-2021-26306
|
2024-11-21 14:56 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196255
|
9.8 |
CRITICAL
Network
|
cdr_project
|
cdr
|
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, viola…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2021-26305
|
2024-11-21 14:56 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196256
|
5.4 |
MEDIUM
Network
|
phpgurukul
|
daily_expense_tracker_system
|
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26304
|
2024-11-21 14:56 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196257
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
daily_expense_tracker_system
|
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26303
|
2024-11-21 14:56 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196258
|
5.3 |
MEDIUM
Network
|
godaddy
|
node-config-shield
|
scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a v…
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2021-26276
|
2024-11-21 14:56 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196259
|
6.5 |
MEDIUM
Network
|
ckeditor
oracle
|
ckeditor
webcenter_sites
agile_plm
commerce_merchandising
jd_edwards_enterpriseone_tools
financial_services_model_management_and_governance
financial_services_analytical_application…
|
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plug…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2021-26272
|
2024-11-21 14:56 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196260
|
6.5 |
MEDIUM
Network
|
ckeditor
oracle
|
ckeditor
webcenter_sites
agile_plm
jd_edwards_enterpriseone_tools
financial_services_analytical_applications_infrastructure
siebel_ui_framework
application_express
|
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs pl…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2021-26271
|
2024-11-21 14:56 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
