Export limit exceeded: 21404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21404 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24022 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 6.7 Medium |
| A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value. | ||||
| CVE-2021-24016 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 3.7 Low |
| An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. | ||||
| CVE-2021-23987 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 8.8 High |
| Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. | ||||
| CVE-2021-23981 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 8.1 High |
| A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. | ||||
| CVE-2021-23978 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | ||||
| CVE-2021-23964 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | ||||
| CVE-2021-23851 | 1 Bosch | 136 Autodome 7000, Autodome 7000 Firmware, Autodome Ip 4000 Hd and 133 more | 2024-11-21 | 6.8 Medium |
| A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. | ||||
| CVE-2021-23850 | 1 Bosch | 136 Autodome 7000, Autodome 7000 Firmware, Autodome Ip 4000 Hd and 133 more | 2024-11-21 | 6.8 Medium |
| A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. | ||||
| CVE-2021-23654 | 1 Html-to-csv Project | 1 Html-to-csv | 2024-11-21 | 5.6 Medium |
| This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. | ||||
| CVE-2021-23437 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 7.5 High |
| The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | ||||
| CVE-2021-23286 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 5.7 Medium |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | ||||
| CVE-2021-23206 | 1 Htmldoc Project | 1 Htmldoc | 2024-11-21 | 7.8 High |
| A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | ||||
| CVE-2021-22992 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 9.8 Critical |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | ||||
| CVE-2021-22982 | 1 F5 | 2 Big-ip Domain Name System, Big-ip Global Traffic Manager | 2024-11-21 | 7.2 High |
| On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | ||||
| CVE-2021-22934 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | 7.2 High |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request. | ||||
| CVE-2021-22908 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | 8.8 High |
| A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default. | ||||
| CVE-2021-22824 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2024-11-21 | 7.5 High |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) | ||||
| CVE-2021-22809 | 1 Schneider-electric | 1 Guicon | 2024-11-21 | 5.5 Medium |
| A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | ||||
| CVE-2021-22802 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2024-11-21 | 9.8 Critical |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | ||||
| CVE-2021-22790 | 1 Schneider-electric | 49 Modicon M340 Bmxp341000, Modicon M340 Bmxp342010, Modicon M340 Bmxp342020 and 46 more | 2024-11-21 | 6.5 Medium |
| A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). | ||||