Export limit exceeded: 81127 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81127 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38290 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 8.1 High |
| A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing. | ||||
| CVE-2021-38283 | 1 Wipro | 1 Holmes | 2024-11-21 | 7.5 High |
| Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI. | ||||
| CVE-2021-38266 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 7.5 High |
| The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP. | ||||
| CVE-2021-38260 | 1 Nxp | 1 Mcuxpresso Software Development Kit | 2024-11-21 | 7.8 High |
| NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). | ||||
| CVE-2021-38258 | 1 Nxp | 1 Mcuxpresso Software Development Kit | 2024-11-21 | 7.8 High |
| NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). | ||||
| CVE-2021-38244 | 1 Cbioportal Project | 1 Cbioportal | 2024-11-21 | 7.5 High |
| A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. | ||||
| CVE-2021-38207 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 High |
| drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes. | ||||
| CVE-2021-38201 | 3 Linux, Netapp, Redhat | 8 Linux Kernel, Element Software, Hci Bootstrap Os and 5 more | 2024-11-21 | 7.5 High |
| net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. | ||||
| CVE-2021-38192 | 1 Prost Project | 1 Prost | 2024-11-21 | 7.5 High |
| An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime. | ||||
| CVE-2021-38182 | 1 Kyma-project | 1 Kyma | 2024-11-21 | 8.8 High |
| Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. | ||||
| CVE-2021-38181 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 7.5 High |
| SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||||
| CVE-2021-38178 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 8.8 High |
| The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data. | ||||
| CVE-2021-38177 | 1 Sap | 1 Commoncryptolib | 2024-11-21 | 7.5 High |
| SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system. | ||||
| CVE-2021-38176 | 1 Sap | 4 Landscape Transformation, Landscape Transformation Replication Server, S\/4hana and 1 more | 2024-11-21 | 8.8 High |
| Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system. | ||||
| CVE-2021-38169 | 1 Roxy-wi | 1 Roxy-wi | 2024-11-21 | 8.8 High |
| Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py. | ||||
| CVE-2021-38168 | 1 Roxy-wi | 1 Roxy-wi | 2024-11-21 | 8.8 High |
| Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers. | ||||
| CVE-2021-38166 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 7.8 High |
| In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability. | ||||
| CVE-2021-38161 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 8.1 High |
| Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8. | ||||
| CVE-2021-38155 | 1 Openstack | 1 Keystone | 2024-11-21 | 7.5 High |
| OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected. | ||||
| CVE-2021-38154 | 1 Canon | 1 - | 2024-11-21 | 7.5 High |
| Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021. | ||||