Export limit exceeded: 10462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45024 | 1 Rocketsoftware | 1 Ags-zena | 2024-11-21 | 9.8 Critical |
| ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). | ||||
| CVE-2021-44994 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.5 Medium |
| There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0. | ||||
| CVE-2021-44993 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.5 Medium |
| There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0. | ||||
| CVE-2021-44971 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac5 and 1 more | 2024-11-21 | 9.8 Critical |
| Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. | ||||
| CVE-2021-44949 | 1 Glfusion | 1 Glfusion | 2024-11-21 | 9.8 Critical |
| glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. | ||||
| CVE-2021-44847 | 2 Fedoraproject, Toktok | 2 Fedora, Toxcore | 2024-11-21 | 9.8 Critical |
| A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet. | ||||
| CVE-2021-44839 | 1 Deltarm | 1 Delta Rm | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset (and new ones sent to their respective e-mail addresses). | ||||
| CVE-2021-44836 | 1 Deltarm | 1 Delta Rm | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened. | ||||
| CVE-2021-44714 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 2.5 Low |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click 'allow' on the warning message of a malicious file. | ||||
| CVE-2021-44557 | 1 Kb | 1 Multiner | 2024-11-21 | 9.1 Critical |
| National Library of the Netherlands multiNER <= c0440948057afc6e3d6b4903a7c05e666b94a3bc is affected by an XML External Entity (XXE) vulnerability in multiNER/ner.py. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. | ||||
| CVE-2021-44556 | 1 Kb | 1 Digger | 2024-11-21 | 9.1 Critical |
| National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS. | ||||
| CVE-2021-44528 | 1 Rubyonrails | 1 Rails | 2024-11-21 | 6.1 Medium |
| A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | ||||
| CVE-2021-44524 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. | ||||
| CVE-2021-44523 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2024-11-21 | 9.1 Critical |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. | ||||
| CVE-2021-44522 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. | ||||
| CVE-2021-44504 | 1 Fisglobal | 1 Gt.m | 2024-11-21 | 7.5 High |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault. | ||||
| CVE-2021-44491 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2024-11-21 | 7.5 High |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation. | ||||
| CVE-2021-44490 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2024-11-21 | 7.5 High |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction. | ||||
| CVE-2021-44169 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 8.2 High |
| A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. | ||||
| CVE-2021-44160 | 1 Cth | 1 Carinal Tien Hospital Health Report System | 2024-11-21 | 7.3 High |
| Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user. | ||||