Selection:
XSS CSRF Privilege Buffer Remote Stack
CVE ID Name Status References
CVE-2021-46872

An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)

Assigned (20230113)

MISC:https://forum.nim-lang.org/t/8852 | MISC:https://github.com/nim-lang/Nim/commit/46275126b89218e64844eee169e8ced05dd0e2d7 | MISC:https://github.com/nim-lang/Nim/compare/v1.6.0...v1.6.2 | MISC:https://github.com/nim-lang/Nim/pull/19134 | MISC:https://github.com/nim-lang/nimforum

CVE-2021-46871

tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes.

Assigned (20230110)

MISC:https://github.com/advisories/GHSA-j3gg-r6gp-95q2 | MISC:https://github.com/phoenixframework/phoenix_html/commit/62a0139fb716bcdce697f6221244bd81d321d620

CVE-2021-46868

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

Assigned (20221228)

MISC:https://consumer.huawei.com/en/support/bulletin/2023/1/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/1/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166

CVE-2021-46867

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

Assigned (20221228)

MISC:https://consumer.huawei.com/en/support/bulletin/2023/1/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/1/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166

CVE-2021-46856

The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Assigned (20221129)

MISC:https://consumer.huawei.com/en/support/bulletin/2023/1/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/1/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397 | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166

CVE-2021-46854

mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.

Assigned (20221123)

MISC:http://www.proftpd.org/docs/RELEASE_NOTES-1.3.7e | MISC:https://bugs.gentoo.org/811495 | MISC:https://github.com/proftpd/proftpd/issues/1284 | MISC:https://github.com/proftpd/proftpd/pull/1285

CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.

Assigned (20221103)

GENTOO:GLSA-202301-07 | URL:https://security.gentoo.org/glsa/202301-07 | MISC:https://bugs.gentoo.org/807613 | MISC:https://nostarttls.secvuln.info/

CVE-2021-46852

The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Assigned (20221101)

MISC:https://consumer.huawei.com/en/support/bulletin/2022/11/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/11/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433

CVE-2021-46851

The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.

Assigned (20221101)

MISC:https://consumer.huawei.com/en/support/bulletin/2022/11/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/11/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433

CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.

Assigned (20221024)

MISC:https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html | MISC:https://github.com/myvesta/vesta/commit/7991753ab7c5c568768028fb77554db8ea149f17 | MISC:https://github.com/myvesta/vesta/releases/tag/0.9.8-26-43 | MISC:https://github.com/serghey-rodin/vesta/commit/a4e4542a6d1351c2857b169f8621dd9a13a2e896 | MISC:https://www.exploit-db.com/exploits/49674


Page created:

CVE year by year statistics.

CVE year statistics by common vulnerability domain.

Latest data from: 2023-01-26