Export limit exceeded: 81132 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81132 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38426 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.8 High |
| FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code. | ||||
| CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2024-11-21 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | ||||
| CVE-2021-38421 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash. | ||||
| CVE-2021-38420 | 1 Deltaww | 1 Dialink | 2024-11-21 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | ||||
| CVE-2021-38419 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution. | ||||
| CVE-2021-38418 | 1 Deltaww | 1 Dialink | 2024-11-21 | 8.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization. | ||||
| CVE-2021-38416 | 1 Deltaww | 1 Dialink | 2024-11-21 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | ||||
| CVE-2021-38415 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-38413 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution. | ||||
| CVE-2021-38409 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service. | ||||
| CVE-2021-38405 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 7.8 High |
| The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-38401 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash. | ||||
| CVE-2021-38387 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 7.5 High |
| In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption. | ||||
| CVE-2021-38386 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 7.5 High |
| In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names. | ||||
| CVE-2021-38385 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. | ||||
| CVE-2021-38380 | 1 Live555 | 1 Live555 | 2024-11-21 | 7.5 High |
| Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack. | ||||
| CVE-2021-38366 | 1 Sitecore | 1 Sitecore | 2024-11-21 | 8.8 High |
| Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL. | ||||
| CVE-2021-38342 | 1 Kylephillips | 1 Nested Pages | 2024-11-21 | 8.1 High |
| The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. | ||||
| CVE-2021-38311 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 7.5 High |
| In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of service, and excessive CPU consumption. | ||||
| CVE-2021-38305 | 1 23andme | 1 Yamale | 2024-11-21 | 7.8 High |
| 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each line is run through Python's eval function to make the validator available. A well-constructed string within the schema rules can execute system commands; thus, by exploiting the vulnerability, an attacker can run arbitrary code on the image that invokes Yamale. | ||||