Export limit exceeded: 362814 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3410 3 Debian, Fedoraproject, Libcaca Project 3 Debian Linux, Fedora, Libcaca 2024-11-21 7.8 High
A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.
CVE-2021-3404 3 Fedoraproject, Redhat, Ytnef Project 3 Fedora, Enterprise Linux, Ytnef 2024-11-21 7.8 High
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
CVE-2021-3403 3 Fedoraproject, Redhat, Ytnef Project 3 Fedora, Enterprise Linux, Ytnef 2024-11-21 7.8 High
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
CVE-2021-3396 1 Opennms 3 Horizon, Meridian, Newts 2024-11-21 8.8 High
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
CVE-2021-3394 1 Millewin 1 Millewin 2024-11-21 8.8 High
Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.
CVE-2021-3382 1 Gitea 1 Gitea 2024-11-21 7.5 High
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.
CVE-2021-3376 1 Cuppacms 1 Cuppacms 2024-11-21 8.8 High
An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter.
CVE-2021-3348 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 7.0 High
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.
CVE-2021-3345 2 Gnupg, Oracle 2 Libgcrypt, Communications Billing And Revenue Management 2024-11-21 7.8 High
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
CVE-2021-3344 1 Redhat 3 Openshift, Openshift Builder, Openshift Container Platform 2024-11-21 8.8 High
A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before.
CVE-2021-3341 1 Dh2i 2 Dxenterprise, Dxodyssey 2024-11-21 7.5 High
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.
CVE-2021-3337 1 Hide Thread Content Project 1 Hide Thread Content 2024-11-21 7.5 High
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.
CVE-2021-3336 1 Wolfssl 1 Wolfssl 2024-11-21 8.1 High
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
CVE-2021-3330 1 Zephyrproject 1 Zephyr 2024-11-21 7.1 High
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456
CVE-2021-3328 1 Aprelium 1 Abyss Web Server X1 2024-11-21 7.5 High
An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can lead to an out-of-bounds read that crashes the application.
CVE-2021-3323 1 Zephyrproject 1 Zephyr 2024-11-21 8.3 High
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
CVE-2021-3321 1 Zephyrproject 1 Zephyr 2024-11-21 7.5 High
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
CVE-2021-3317 1 Klogserver 1 Klog Server 2024-11-21 8.8 High
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
CVE-2021-3310 1 Westerndigital 9 My Cloud Dl2100, My Cloud Dl4100, My Cloud Ex2100 and 6 more 2024-11-21 7.8 High
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
CVE-2021-3309 1 Wekan Project 1 Wekan 2024-11-21 8.1 High
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,