Export limit exceeded: 10459 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10459 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31525 | 3 Fedoraproject, Golang, Redhat | 11 Fedora, Go, Advanced Cluster Security and 8 more | 2024-11-21 | 5.9 Medium |
| net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. | ||||
| CVE-2021-31440 | 3 Linux, Netapp, Redhat | 19 Linux Kernel, Cloud Backup, H300e and 16 more | 2024-11-21 | 7.0 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. | ||||
| CVE-2021-31427 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 5.6 Medium |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13082. | ||||
| CVE-2021-31422 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 7.5 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527. | ||||
| CVE-2021-31410 | 1 Vaadin | 1 Designer | 2024-11-21 | 8.6 High |
| Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request. | ||||
| CVE-2021-31408 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 6.3 Medium |
| Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out. | ||||
| CVE-2021-31407 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 8.6 High |
| Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request. | ||||
| CVE-2021-31386 | 1 Juniper | 1 Junos | 2024-11-21 | 5.3 Medium |
| A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. | ||||
| CVE-2021-31379 | 1 Juniper | 18 Junos, Mx10, Mx10000 and 15 more | 2024-11-21 | 7.5 High |
| An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these packets. Continued receipt and processing of these malformed IPv4 or IPv6 packets will create a sustained Denial of Service (DoS) condition. This issue only affects MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. An indicator of compromise is the output: FPC ["FPC ID" # e.g. "0"] PFE #{PFE ID # e.g. "1"] : Fabric Disabled Example: FPC 0 PFE #1 : Fabric Disabled when using the command: show chassis fabric fpcs An example of a healthy result of the command use would be: user@device-re1> show chassis fabric fpcs Fabric management FPC state: FPC 0 PFE #0 Plane 0: Plane enabled Plane 1: Plane enabled Plane 2: Plane enabled Plane 3: Plane enabled Plane 4: Plane enabled Plane 5: Plane enabled Plane 6: Plane enabled Plane 7: Plane enabled This issue affects: Juniper Networks Junos OS on MX Series with MPC 7/8/9/10/11 cards, when MAP-E IP reassembly is enabled on these cards. 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1. | ||||
| CVE-2021-31362 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 6.5 Medium |
| A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition. Continued receipted of these spoofed PDUs will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. | ||||
| CVE-2021-31294 | 1 Redis | 1 Redis | 2024-11-21 | 5.9 Medium |
| Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this. | ||||
| CVE-2021-31252 | 1 Chiyu-tech | 28 Bf-430, Bf-430 Firmware, Bf-431 and 25 more | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. | ||||
| CVE-2021-31154 | 1 Pleaseedit Project | 1 Pleaseedit | 2024-11-21 | 7.8 High |
| pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack. | ||||
| CVE-2021-30962 | 1 Apple | 2 Macos, Tvos | 2024-11-21 | 5.5 Medium |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. | ||||
| CVE-2021-30943 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | 4.3 Medium |
| An issue in the handling of group membership was resolved with improved logic. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1. A malicious user may be able to leave a messages group but continue to receive messages in that group. | ||||
| CVE-2021-30921 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible onscreen. | ||||
| CVE-2021-30904 | 1 Apple | 1 Macos | 2024-11-21 | 5.3 Medium |
| A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage. | ||||
| CVE-2021-30888 | 2 Apple, Redhat | 8 Ipad Os, Ipados, Iphone Os and 5 more | 2024-11-21 | 7.4 High |
| An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior . | ||||
| CVE-2021-30471 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. | ||||
| CVE-2021-30470 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. | ||||