Export limit exceeded: 15460 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25077 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27642 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 5.5 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-27641 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 5.5 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-27640 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 5.5 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-27639 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 5.5 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-27638 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 5.5 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2021-27617 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 4.9 Medium |
| The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability. | ||||
| CVE-2021-27583 | 1 Rangerstudio | 1 Directus | 2024-11-21 | 5.3 Medium |
| In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-27568 | 3 Json-smart Project, Oracle, Redhat | 11 Json-smart-v1, Json-smart-v2, Communications Cloud Native Core Policy and 8 more | 2024-11-21 | 5.9 Medium |
| An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. | ||||
| CVE-2021-27516 | 2 Redhat, Uri.js Project | 2 Quay, Uri.js | 2024-11-21 | 7.5 High |
| URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||||
| CVE-2021-27515 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 5.3 Medium |
| url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||||
| CVE-2021-27434 | 2 Microsoft, Unified-automation | 2 .net Framework, .net Based Opc Ua Client\/server Sdk | 2024-11-21 | 7.5 High |
| Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | ||||
| CVE-2021-27388 | 1 Siemens | 6 Sinamics Sl150, Sinamics Sl150 Firmware, Sinamics Sm150 and 3 more | 2024-11-21 | 9.8 Critical |
| SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). | ||||
| CVE-2021-27364 | 6 Canonical, Debian, Linux and 3 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2024-11-21 | 7.1 High |
| An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. | ||||
| CVE-2021-27363 | 4 Debian, Linux, Netapp and 1 more | 10 Debian Linux, Linux Kernel, Cloud Backup and 7 more | 2024-11-21 | 4.4 Medium |
| An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. | ||||
| CVE-2021-27342 | 1 Dlink | 2 Dir-842e, Dir-842e Firmware | 2024-11-21 | 5.9 Medium |
| An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack | ||||
| CVE-2021-27196 | 1 Hitachienergy | 18 Fox615 Tego1, Fox615 Tego1 Firmware, Gms600 and 15 more | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1. | ||||
| CVE-2021-27179 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string. | ||||
| CVE-2021-27023 | 3 Fedoraproject, Puppet, Redhat | 7 Fedora, Puppet Agent, Puppet Enterprise and 4 more | 2024-11-21 | 9.8 Critical |
| A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | ||||
| CVE-2021-26997 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 6.5 Medium |
| E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks. | ||||
| CVE-2021-26923 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 7.5 High |
| An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication. | ||||