Export limit exceeded: 348953 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43737 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43737 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38493 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. | ||||
| CVE-2021-38473 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 8 High |
| The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow. | ||||
| CVE-2021-38472 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 4.7 Medium |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes. | ||||
| CVE-2021-38453 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 9.1 Critical |
| Some API functions allow interaction with the registry, which includes reading values as well as data modification. | ||||
| CVE-2021-38451 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 4.8 Medium |
| The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data. | ||||
| CVE-2021-38449 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 9.8 Critical |
| Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product. | ||||
| CVE-2021-38442 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.8 High |
| FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-38440 | 1 Fatek | 1 Winproladder | 2024-11-21 | 3.3 Low |
| FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information. | ||||
| CVE-2021-38436 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.8 High |
| FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2021-38434 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.8 High |
| FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code. | ||||
| CVE-2021-38432 | 1 Fatek | 2 Communication Server, Communication Server Firmware | 2024-11-21 | 9.8 Critical |
| FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code. | ||||
| CVE-2021-38430 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.8 High |
| FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code. | ||||
| CVE-2021-38424 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.9 Medium |
| The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application. | ||||
| CVE-2021-38421 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash. | ||||
| CVE-2021-38415 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-38413 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution. | ||||
| CVE-2021-38408 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | ||||
| CVE-2021-38405 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 7.8 High |
| The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-38398 | 1 Bostonscientific | 4 Zoom Latitude Pogrammer\/recorder\/monitor 3120, Zoom Latitude Pogrammer\/recorder\/monitor 3120 Firmware, Zoom Latitude Programming System Model 3120 and 1 more | 2024-11-21 | 6.5 Medium |
| The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities. | ||||
| CVE-2021-38394 | 1 Bostonscientific | 2 Zoom Latitude Pogrammer\/recorder\/monitor 3120, Zoom Latitude Pogrammer\/recorder\/monitor 3120 Firmware | 2024-11-21 | 6.2 Medium |
| An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted. | ||||