Export limit exceeded: 85562 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85562 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-42093 1 Zammad 1 Zammad 2024-11-21 7.2 High
An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
CVE-2021-42089 1 Zammad 1 Zammad 2024-11-21 7.5 High
An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.
CVE-2021-42086 1 Zammad 1 Zammad 2024-11-21 8.8 High
An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
CVE-2021-42076 1 Barrier Project 1 Barrier 2024-11-21 7.5 High
An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages.
CVE-2021-42075 1 Barrier Project 1 Barrier 2024-11-21 7.5 High
An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.
CVE-2021-42074 1 Barrier Project 1 Barrier 2024-11-21 7.5 High
An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session.
CVE-2021-42073 1 Barrier Project 1 Barrier 2024-11-21 8.2 High
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.
CVE-2021-42072 2 Barrier Project, Fedoraproject 2 Barrier, Fedora 2024-11-21 8.8 High
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.
CVE-2021-42057 1 Obsidian 1 Obsidian Dataview 2024-11-21 7.8 High
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases.
CVE-2021-42054 1 Accel-ppp 1 Accel-ppp 2024-11-21 7.5 High
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.
CVE-2021-42052 1 Ipesa 1 E-flow 2024-11-21 7.5 High
IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter.
CVE-2021-42040 1 Mediawiki 1 Mediawiki 2024-11-21 7.5 High
An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.
CVE-2021-42029 1 Siemens 71 Simatic S7-1200 Cpu, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1212c and 68 more 2024-11-21 7.8 High
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.
CVE-2021-42027 1 Siemens 1 Sinumerik Edge 2024-11-21 7.4 High
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.
CVE-2021-42024 1 Siemens 1 Simcenter Star-ccm\+ Viewer 2024-11-21 7.8 High
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-42021 1 Siemens 6 Siveillance Video Dlna Server, Siveillance Video Management Software 2019 R1, Siveillance Video Management Software 2019 R2 and 3 more 2024-11-21 7.5 High
A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.
CVE-2021-42012 1 Trendmicro 3 Apex One, Worry-free Business Security, Worry-free Business Security Services 2024-11-21 7.8 High
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-42011 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.8 High
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-42008 3 Debian, Linux, Netapp 20 Debian Linux, Linux Kernel, H300e and 17 more 2024-11-21 7.8 High
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
CVE-2021-42006 1 Gclib Project 1 Gclib 2024-11-21 8.8 High
An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file.