Export limit exceeded: 80549 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80549 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25803 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.1 High |
| A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | ||||
| CVE-2021-25802 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.1 High |
| A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | ||||
| CVE-2021-25801 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.1 High |
| A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | ||||
| CVE-2021-25784 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.2 High |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | ||||
| CVE-2021-25783 | 1 Taogogo | 1 Taocms | 2024-11-21 | 7.2 High |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. | ||||
| CVE-2021-25776 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. | ||||
| CVE-2021-25769 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments. | ||||
| CVE-2021-25765 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 8.8 High |
| In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. | ||||
| CVE-2021-25758 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.8 High |
| In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution. | ||||
| CVE-2021-25746 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | 7.6 High |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | ||||
| CVE-2021-25745 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | 7.6 High |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | ||||
| CVE-2021-25742 | 2 Kubernetes, Netapp | 2 Ingress-nginx, Trident | 2024-11-21 | 7.6 High |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. | ||||
| CVE-2021-25741 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 8.8 High |
| A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | ||||
| CVE-2021-25699 | 1 Teradici | 1 Pcoip Client | 2024-11-21 | 7.8 High |
| The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory. | ||||
| CVE-2021-25698 | 1 Teradici | 1 Pcoip Standard Agent | 2024-11-21 | 7.8 High |
| The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory. | ||||
| CVE-2021-25695 | 1 Teradici | 1 Pcoip | 2024-11-21 | 7.8 High |
| The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver. | ||||
| CVE-2021-25694 | 1 Teradici | 1 Pcoip Graphics Agent | 2024-11-21 | 7.8 High |
| Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere. | ||||
| CVE-2021-25693 | 1 Teradici | 1 Pcoip Agent | 2024-11-21 | 7.5 High |
| An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference. | ||||
| CVE-2021-25690 | 1 Teradici | 1 Pcoip Soft Client | 2024-11-21 | 7.5 High |
| A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software. | ||||
| CVE-2021-25683 | 1 Canonical | 1 Apport | 2024-11-21 | 8.8 High |
| It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | ||||