Export limit exceeded: 347811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43541 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31884 | 1 Siemens | 42 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 39 more | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014) | ||||
| CVE-2021-31875 | 1 Cesanta | 1 Mongooseos Mjs | 2024-11-21 | 9.8 Critical |
| In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact." | ||||
| CVE-2021-31873 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow. | ||||
| CVE-2021-31872 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact. | ||||
| CVE-2021-31871 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 7.5 High |
| An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems. | ||||
| CVE-2021-31870 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow. | ||||
| CVE-2021-31845 | 1 Mcafee | 1 Data Loss Prevention Discover | 2024-11-21 | 8.4 High |
| A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. | ||||
| CVE-2021-31844 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 8.2 High |
| A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. | ||||
| CVE-2021-31808 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Cloud Manager and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. | ||||
| CVE-2021-31807 | 4 Fedoraproject, Netapp, Redhat and 1 more | 4 Fedora, Cloud Manager, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. | ||||
| CVE-2021-31806 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Cloud Manager and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | ||||
| CVE-2021-31664 | 1 Riot-os | 1 Riot | 2024-11-21 | 7.5 High |
| RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. | ||||
| CVE-2021-31663 | 1 Riot-os | 1 Riot | 2024-11-21 | 7.5 High |
| RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. | ||||
| CVE-2021-31662 | 1 Riot-os | 1 Riot | 2024-11-21 | 7.5 High |
| RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. | ||||
| CVE-2021-31661 | 1 Riot-os | 1 Riot | 2024-11-21 | 7.5 High |
| RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. | ||||
| CVE-2021-31660 | 1 Riot-os | 1 Riot | 2024-11-21 | 7.5 High |
| RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. | ||||
| CVE-2021-31658 | 1 Tp-link | 4 Tl-sg2005, Tl-sg2005 Firmware, Tl-sg2008 and 1 more | 2024-11-21 | 8.1 High |
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased. | ||||
| CVE-2021-31642 | 1 Chiyu-tech | 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more | 2024-11-21 | 6.5 Medium |
| A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device. | ||||
| CVE-2021-31627 | 1 Tendacn | 2 Ac9, Ac9 Firmware | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. | ||||
| CVE-2021-31624 | 1 Tendacn | 2 Ac9, Ac9 Firmware | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. | ||||