Export limit exceeded: 362454 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (45837 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-41864 5 Debian, Fedoraproject, Linux and 2 more 25 Debian Linux, Fedora, Linux Kernel and 22 more 2024-11-21 7.8 High
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-41824 1 Craftcms 1 Craft Cms 2024-11-21 8.8 High
Craft CMS before 3.7.14 allows CSV injection.
CVE-2021-41821 1 Wazuh 1 Wazuh 2024-11-21 6.5 Medium
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.
CVE-2021-41817 6 Debian, Fedoraproject, Opensuse and 3 more 12 Debian Linux, Fedora, Factory and 9 more 2024-11-21 7.5 High
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2021-41816 3 Fedoraproject, Redhat, Ruby-lang 4 Fedora, Rhel Software Collections, Cgi and 1 more 2024-11-21 9.8 Critical
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
CVE-2021-41794 1 Open5gs 1 Open5gs 2024-11-21 7.5 High
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.
CVE-2021-41772 4 Fedoraproject, Golang, Oracle and 1 more 8 Fedora, Go, Timesten In-memory Database and 5 more 2024-11-21 7.5 High
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
CVE-2021-41771 4 Debian, Fedoraproject, Golang and 1 more 6 Debian Linux, Fedora, Go and 3 more 2024-11-21 7.5 High
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
CVE-2021-41751 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.
CVE-2021-41657 1 Smartbear 1 Collaborator 2024-11-21 6.1 Medium
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.
CVE-2021-41581 1 Openbsd 1 Libressl 2024-11-21 5.5 Medium
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
CVE-2021-41571 1 Apache 1 Pulsar 2024-11-21 6.5 Medium
In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it for the topic. Authorisation controls are performed against the topic name and there is not proper validation the that ledger id is valid in the context of such ledger. So it may happen that the user is able to read from a ledger that contains data owned by another tenant. This issue affects Apache Pulsar Apache Pulsar version 2.8.0 and prior versions; Apache Pulsar version 2.7.3 and prior versions; Apache Pulsar version 2.6.4 and prior versions.
CVE-2021-41534 1 Siemens 5 Nx 1984, Nx 1984 Firmware, Nx 1988 and 2 more 2024-11-21 3.3 Low
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).
CVE-2021-41533 1 Siemens 5 Nx 1984, Nx 1984 Firmware, Nx 1988 and 2 more 2024-11-21 3.3 Low
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).
CVE-2021-41531 1 Nlnetlabs 1 Routinator 2024-11-21 7.5 High
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.
CVE-2021-41499 1 Pyo Project 1 Pyo 2024-11-21 7.5 High
Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.
CVE-2021-41498 1 Pyo Project 1 Pyo 2024-11-21 7.5 High
Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.
CVE-2021-41496 2 Numpy, Redhat 2 Numpy, Openstack 2024-11-21 5.5 Medium
Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally)
CVE-2021-41413 1 Ok-file-formats Project 1 Ok-file-formats 2024-11-21 7.8 High
ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB.
CVE-2021-41345 1 Microsoft 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more 2024-11-21 7.8 High
Storage Spaces Controller Elevation of Privilege Vulnerability