Export limit exceeded: 352425 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 81274 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81274 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43664 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 8.1 High |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. | ||||
| CVE-2021-43663 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 7.5 High |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. | ||||
| CVE-2021-43638 | 1 Amazon | 1 Workspaces | 2024-11-21 | 8.8 High |
| Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | ||||
| CVE-2021-43637 | 1 Amazon | 1 Workspaces | 2024-11-21 | 8.8 High |
| Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. | ||||
| CVE-2021-43630 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 8.8 High |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server. | ||||
| CVE-2021-43620 | 1 Fruity Project | 1 Fruity | 2024-11-21 | 7.5 High |
| An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first '\0' byte, which might not be the end of the string. | ||||
| CVE-2021-43618 | 4 Debian, Gmplib, Netapp and 1 more | 16 Debian Linux, Gmp, Active Iq Unified Manager and 13 more | 2024-11-21 | 7.5 High |
| GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. | ||||
| CVE-2021-43611 | 1 Linphone | 1 Belle-sip | 2024-11-21 | 7.5 High |
| Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header. | ||||
| CVE-2021-43610 | 1 Linphone | 1 Belle-sip | 2024-11-21 | 7.5 High |
| Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056. | ||||
| CVE-2021-43587 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | 8.2 High |
| Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges. | ||||
| CVE-2021-43582 | 1 Opendesign | 1 Drawings Sdk | 2024-11-21 | 7.8 High |
| A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43581 | 1 Opendesign | 1 Prc Sdk | 2024-11-21 | 8.8 High |
| An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43579 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. | ||||
| CVE-2021-43578 | 1 Jenkins | 1 Squash Tm Publisher | 2024-11-21 | 8.1 High |
| Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. | ||||
| CVE-2021-43577 | 1 Jenkins | 1 Owasp Dependency-check | 2024-11-21 | 7.1 High |
| Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2021-43565 | 2 Golang, Redhat | 9 Ssh, Acm, Advanced Cluster Security and 6 more | 2024-11-21 | 7.5 High |
| The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. | ||||
| CVE-2021-43564 | 1 Job Fair Project | 1 Job Fair | 2024-11-21 | 7.5 High |
| An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf). | ||||
| CVE-2021-43563 | 1 Pixxio | 1 Pixx.io | 2024-11-21 | 8.8 High |
| An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system. | ||||
| CVE-2021-43562 | 1 Pixxio | 1 Pixx.io | 2024-11-21 | 8.8 High |
| An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this. | ||||
| CVE-2021-43559 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 8.8 High |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. | ||||