Export limit exceeded: 81249 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81249 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42052 | 1 Ipesa | 1 E-flow | 2024-11-21 | 7.5 High |
| IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter. | ||||
| CVE-2021-42040 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion. | ||||
| CVE-2021-42029 | 1 Siemens | 71 Simatic S7-1200 Cpu, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1212c and 68 more | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. | ||||
| CVE-2021-42027 | 1 Siemens | 1 Sinumerik Edge | 2024-11-21 | 7.4 High |
| A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. | ||||
| CVE-2021-42024 | 1 Siemens | 1 Simcenter Star-ccm\+ Viewer | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-42021 | 1 Siemens | 6 Siveillance Video Dlna Server, Siveillance Video Management Software 2019 R1, Siveillance Video Management Software 2019 R2 and 3 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks. | ||||
| CVE-2021-42012 | 1 Trendmicro | 3 Apex One, Worry-free Business Security, Worry-free Business Security Services | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-42011 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.8 High |
| An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-42008 | 3 Debian, Linux, Netapp | 20 Debian Linux, Linux Kernel, H300e and 17 more | 2024-11-21 | 7.8 High |
| The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | ||||
| CVE-2021-42006 | 1 Gclib Project | 1 Gclib | 2024-11-21 | 8.8 High |
| An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. | ||||
| CVE-2021-42001 | 1 Pingidentity | 1 Pingid Desktop | 2024-11-21 | 8 High |
| PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | ||||
| CVE-2021-41995 | 2 Apple, Pingidentity | 2 Macos, Pingid Integration For Mac Login | 2024-11-21 | 7.7 High |
| A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | ||||
| CVE-2021-41992 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 7.7 High |
| A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | ||||
| CVE-2021-41991 | 4 Debian, Fedoraproject, Siemens and 1 more | 46 Debian Linux, Fedora, Cp 1543-1 and 43 more | 2024-11-21 | 7.5 High |
| The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. | ||||
| CVE-2021-41990 | 4 Debian, Fedoraproject, Siemens and 1 more | 37 Debian Linux, Fedora, 6gk5615-0aa00-2aa2 and 34 more | 2024-11-21 | 7.5 High |
| The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur. | ||||
| CVE-2021-41987 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 8.1 High |
| In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10. | ||||
| CVE-2021-41975 | 1 Tadtools Project | 1 Tadtools | 2024-11-21 | 7.5 High |
| TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. | ||||
| CVE-2021-41971 | 1 Apache | 1 Superset | 2024-11-21 | 8.8 High |
| Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL. | ||||
| CVE-2021-41965 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. | ||||
| CVE-2021-41959 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. | ||||