Search Results (45865 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43556 1 Fatek 1 Winproladder 2024-11-21 7.8 High
FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2021-43546 3 Debian, Mozilla, Redhat 7 Debian Linux, Firefox, Firefox Esr and 4 more 2024-11-21 4.3 Medium
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43538 3 Debian, Mozilla, Redhat 7 Debian Linux, Firefox, Firefox Esr and 4 more 2024-11-21 4.3 Medium
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43537 3 Debian, Mozilla, Redhat 7 Debian Linux, Firefox, Firefox Esr and 4 more 2024-11-21 8.8 High
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43536 3 Debian, Mozilla, Redhat 7 Debian Linux, Firefox, Firefox Esr and 4 more 2024-11-21 6.5 Medium
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43534 3 Debian, Mozilla, Redhat 6 Debian Linux, Firefox, Firefox Esr and 3 more 2024-11-21 8.8 High
Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
CVE-2021-43527 5 Mozilla, Netapp, Oracle and 2 more 17 Nss, Nss Esr, Cloud Backup and 14 more 2024-11-21 9.8 Critical
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
CVE-2021-43518 2 Fedoraproject, Teeworlds 2 Fedora, Teeworlds 2024-11-21 7.8 High
Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.
CVE-2021-43515 1 Kimai 1 Kimai 2024-11-21 7.8 High
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.
CVE-2021-43453 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.
CVE-2021-43410 1 Apache 1 Airavata Django Portal 2024-11-21 5.3 Medium
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170
CVE-2021-43391 1 Opendesign 1 Drawings Software Development Kit 2024-11-21 7.8 High
An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-43389 4 Debian, Linux, Oracle and 1 more 6 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
CVE-2021-43309 1 Litejs 1 Uri-template-lite 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method
CVE-2021-43308 1 Markdown-link-extractor Project 1 Markdown-link-extractor 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function
CVE-2021-43307 1 Semver-regex Project 1 Semver-regex 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
CVE-2021-43306 1 Jqueryvalidation 1 Jquery Validation 2024-11-21 5.9 Medium
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
CVE-2021-43278 1 Opendesign 1 Drawings Software Developemnt Kit 2024-11-21 7.8 High
An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-43277 1 Opendesign 1 Oda Prc Software Development Kit 2024-11-21 7.8 High
An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
CVE-2021-43276 1 Opendesign 1 Oda Viewer 2024-11-21 7.8 High
An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process