Export limit exceeded: 43463 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43463 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28175 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-11-21 | 4.9 Medium |
| The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||
| CVE-2021-28123 | 1 Cohesity | 1 Cohesity Dataplatform | 2024-11-21 | 9.8 Critical |
| Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. | ||||
| CVE-2021-28116 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 3.7 Low |
| Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. | ||||
| CVE-2021-28092 | 2 Is-svg Project, Redhat | 3 Is-svg, Acm, Openshift | 2024-11-21 | 7.5 High |
| The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | ||||
| CVE-2021-28039 | 3 Linux, Netapp, Xen | 4 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller Firmware and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. | ||||
| CVE-2021-28036 | 1 Quinn Project | 1 Quinn | 2024-11-21 | 7.5 High |
| An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | ||||
| CVE-2021-28027 | 1 Bam Project | 1 Bam | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. | ||||
| CVE-2021-28025 | 1 Qt | 1 Qt | 2024-11-21 | 5.5 Medium |
| Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). | ||||
| CVE-2021-28021 | 3 Debian, Fedoraproject, Stb Project | 3 Debian Linux, Fedora, Stb | 2024-11-21 | 7.8 High |
| Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | ||||
| CVE-2021-27965 | 1 Msi | 1 Dragon Center | 2024-11-21 | 9.8 Critical |
| The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request. | ||||
| CVE-2021-27919 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2024-11-21 | 5.5 Medium |
| archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. | ||||
| CVE-2021-27839 | 1 Bigprof | 1 Online Invoicing System | 2024-11-21 | 4.4 Medium |
| A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to. | ||||
| CVE-2021-27791 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.4 Medium |
| The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process. | ||||
| CVE-2021-27780 | 1 Hcltech | 2 Bigfix Mobile, Modern Client Management | 2024-11-21 | 5.3 Medium |
| The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | ||||
| CVE-2021-27773 | 1 Hcltech | 1 Sametime | 2024-11-21 | 4.2 Medium |
| This vulnerability allows users to execute a clickjacking attack in the meeting's chat. | ||||
| CVE-2021-27722 | 1 Nsasoft | 1 Spotauditor | 2024-11-21 | 7.5 High |
| An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering. | ||||
| CVE-2021-27707 | 1 Tenda | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 9.8 Critical |
| Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without limit. | ||||
| CVE-2021-27706 | 1 Tenda | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 9.8 Critical |
| Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter "IPMacBindIndex" to strcpy without limit. | ||||
| CVE-2021-27705 | 1 Tenda | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 9.8 Critical |
| Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit. | ||||
| CVE-2021-27698 | 1 Riot-os | 1 Riot | 2024-11-21 | 9.8 Critical |
| RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. | ||||