Export limit exceeded: 20166 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20166 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3470 | 1 Redislabs | 1 Redis | 2024-11-21 | 5.3 Medium |
| A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. | ||||
| CVE-2021-3459 | 1 Motorola | 2 Mm1000, Mm1000 Firmware | 2024-11-21 | 6.8 Medium |
| A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the adapter. | ||||
| CVE-2021-3444 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. | ||||
| CVE-2021-3434 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.9 Medium |
| Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm | ||||
| CVE-2021-3405 | 3 Debian, Fedoraproject, Matroska | 3 Debian Linux, Fedora, Libebml | 2024-11-21 | 6.5 Medium |
| A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. | ||||
| CVE-2021-3404 | 3 Fedoraproject, Redhat, Ytnef Project | 3 Fedora, Enterprise Linux, Ytnef | 2024-11-21 | 7.8 High |
| In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. | ||||
| CVE-2021-3382 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 High |
| Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. | ||||
| CVE-2021-3375 | 1 Atomisystems | 1 Activepresenter | 2024-11-21 | 9.8 Critical |
| ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution. | ||||
| CVE-2021-3345 | 2 Gnupg, Oracle | 2 Libgcrypt, Communications Billing And Revenue Management | 2024-11-21 | 7.8 High |
| _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. | ||||
| CVE-2021-3342 | 1 Eprints | 1 Eprints | 2024-11-21 | 9.8 Critical |
| EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. | ||||
| CVE-2021-3330 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.1 High |
| RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456 | ||||
| CVE-2021-3317 | 1 Klogserver | 1 Klog Server | 2024-11-21 | 8.8 High |
| KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter. | ||||
| CVE-2021-3291 | 1 Zen-cart | 1 Zen Cart | 2024-11-21 | 7.2 High |
| Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. | ||||
| CVE-2021-3246 | 4 Debian, Fedoraproject, Libsndfile Project and 1 more | 5 Debian Linux, Fedora, Libsndfile and 2 more | 2024-11-21 | 8.8 High |
| A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. | ||||
| CVE-2021-3198 | 1 Ivanti | 1 Mobileiron | 2024-11-21 | 6.5 Medium |
| By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | ||||
| CVE-2021-3190 | 1 Async-git Project | 1 Async-git | 2024-11-21 | 9.8 Critical |
| The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. | ||||
| CVE-2021-3185 | 1 Freedesktop | 1 Gst-plugins-bad | 2024-11-21 | 9.8 Critical |
| A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. | ||||
| CVE-2021-3182 | 2 D-link, Dlink | 3 Dcs-5220 Firmware, Dcs-5220, Dcs-5220 Firmware | 2024-11-21 | 8 High |
| D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-3149 | 1 Netshieldcorp | 2 Nano 25, Nano 25 Firmware | 2024-11-21 | 7.2 High |
| On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. | ||||
| CVE-2021-3122 | 1 Ncr | 1 Command Center Agent | 2024-11-21 | 9.8 Critical |
| CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain "misconfiguration." | ||||