Export limit exceeded: 43438 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45654 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36100 | 1 Otrs | 3 Otrs, Otrs Itsm, Otrs Storm | 2024-11-21 | 6.4 Medium |
| Specially crafted string in OTRS system configuration can allow the execution of any system command. | ||||
| CVE-2021-36089 | 2 Linux, Zope | 2 Linux Kernel, Grok | 2024-11-21 | 7.8 High |
| Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour). | ||||
| CVE-2021-36083 | 1 Kde | 1 Kimageformats | 2024-11-21 | 5.5 Medium |
| KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. | ||||
| CVE-2021-36082 | 1 Ntop | 1 Ndpi | 2024-11-21 | 8.8 High |
| ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello. | ||||
| CVE-2021-36077 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-11-21 | 5.5 Medium |
| Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability. | ||||
| CVE-2021-36066 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-36065 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-36024 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. | ||||
| CVE-2021-36022 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. | ||||
| CVE-2021-36004 | 2 Adobe, Microsoft | 2 Indesign, Windows | 2024-11-21 | 8.8 High |
| Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-35593 | 2 Netapp, Oracle | 3 Oncommand Insight, Snapcenter, Mysql Cluster | 2024-11-21 | 6.3 Medium |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2021-35590 | 2 Netapp, Oracle | 3 Oncommand Insight, Snapcenter, Mysql Cluster | 2024-11-21 | 6.3 Medium |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2021-35531 | 1 Hitachienergy | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2024-11-21 | 6.7 Medium |
| Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | ||||
| CVE-2021-35522 | 1 Idemia | 22 Ma Vp Md, Ma Vp Md Firmware, Morphowave Compact Md and 19 more | 2024-11-21 | 9.8 Critical |
| A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets. | ||||
| CVE-2021-35520 | 1 Idemia | 8 Morphowave Compact Mdpi, Morphowave Compact Mdpi-m, Morphowave Compact Mdpi-m Firmware and 5 more | 2024-11-21 | 6.2 Medium |
| A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports. | ||||
| CVE-2021-35474 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | ||||
| CVE-2021-35346 | 1 Tsmuxer Project | 1 Tsmuxer | 2024-11-21 | 9.8 Critical |
| tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. | ||||
| CVE-2021-35344 | 1 Tsmuxer Project | 1 Tsmuxer | 2024-11-21 | 9.8 Critical |
| tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. | ||||
| CVE-2021-35325 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). | ||||
| CVE-2021-35269 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-11-21 | 7.8 High |
| NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | ||||