Export limit exceeded: 352264 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81215 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40155 | 1 Autodesk | 1 Navisworks | 2024-11-21 | 7.8 High |
| A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code. | ||||
| CVE-2021-40153 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 8.1 High |
| squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. | ||||
| CVE-2021-40150 | 1 Reolink | 2 E1 Zoom, E1 Zoom Firmware | 2024-11-21 | 7.5 High |
| The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. | ||||
| CVE-2021-40148 | 1 Mediatek | 53 L9, Lr11, Lr12 and 50 more | 2024-11-21 | 7.5 High |
| In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933. | ||||
| CVE-2021-40145 | 1 Libgd | 1 Libgd | 2024-11-21 | 7.5 High |
| gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes. | ||||
| CVE-2021-40143 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2024-11-21 | 8.2 High |
| Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. | ||||
| CVE-2021-40142 | 2 Opcfoundation, Siemens | 8 Local Discover Server, Simatic Net Pc, Simatic Process Historian Opc Ua Server and 5 more | 2024-11-21 | 7.5 High |
| In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | ||||
| CVE-2021-40118 | 1 Cisco | 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 16 more | 2024-11-21 | 8.6 High |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | ||||
| CVE-2021-40117 | 1 Cisco | 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 16 more | 2024-11-21 | 8.6 High |
| A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed. An attacker could exploit this vulnerability by sending a crafted SSL/TLS packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | ||||
| CVE-2021-40110 | 1 Apache | 1 James | 2024-11-21 | 7.5 High |
| In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking. | ||||
| CVE-2021-40108 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. | ||||
| CVE-2021-40104 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.5 High |
| An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. | ||||
| CVE-2021-40103 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.5 High |
| An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. | ||||
| CVE-2021-40101 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.2 High |
| An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password. | ||||
| CVE-2021-40099 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.2 High |
| An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. | ||||
| CVE-2021-40097 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. | ||||
| CVE-2021-40083 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 7.5 High |
| Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). | ||||
| CVE-2021-40065 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-40064 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability. | ||||
| CVE-2021-40063 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. | ||||