Show filters
196,427 Total Results
Displaying 11-20 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2021-31783

Disclosure Date: April 26, 2021 (last updated May 04, 2021)
show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check.
Attacker Value
Unknown

CVE-2021-29475

Disclosure Date: April 26, 2021 (last updated May 15, 2021)
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability to modify a note. This will affect all instances, which have pdf export enabled. This issue has been fixed by https://github.com/hedgedoc/hedgedoc/commit/c1789474020a6d668d616464cb2da5e90e123f65 and is available in version 1.5.0. Starting the CodiMD/HedgeDoc instance with `CMD_ALLOW_PDF_EXPORT=false` or set `"allowPDFExport": false` in config.json can mitigate this issue for those who cannot upgrade. This exploit works because while PhantomJS doesn't actually render the `file:///` references to the PDF file itself, it still uses them internally, and exfiltration is possible, and easy through JavaScript rendering. The impact is pretty bad, as the attacker is able to read the CodiMD/HedgeDoc `c…
Attacker Value
Unknown

CVE-2020-36325

Disclosure Date: April 26, 2021 (last updated April 28, 2021)
** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification.
0
Attacker Value
Unknown

CVE-2021-21221

Disclosure Date: April 26, 2021 (last updated April 27, 2021)
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
Attacker Value
Unknown

CVE-2021-21204

Disclosure Date: April 26, 2021 (last updated April 29, 2021)
Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
Unknown

CVE-2021-21225

Disclosure Date: April 26, 2021 (last updated April 28, 2021)
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
Unknown

CVE-2021-21220

Disclosure Date: April 26, 2021 (last updated April 27, 2021)
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
Unknown

CVE-2021-21212

Disclosure Date: April 26, 2021 (last updated April 28, 2021)
Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.
Attacker Value
Unknown

CVE-2021-21209

Disclosure Date: April 26, 2021 (last updated April 28, 2021)
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Attacker Value
Unknown

CVE-2021-21216

Disclosure Date: April 26, 2021 (last updated April 28, 2021)
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.