Export limit exceeded: 361803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45773 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35940 | 2 Apache, Oracle | 2 Portable Runtime, Http Server | 2024-11-21 | 7.1 High |
| An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. | ||||
| CVE-2021-35598 | 2 Netapp, Oracle | 3 Oncommand Insight, Snapcenter, Mysql Cluster | 2024-11-21 | 6.3 Medium |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2021-35594 | 2 Netapp, Oracle | 3 Oncommand Insight, Snapcenter, Mysql Cluster | 2024-11-21 | 6.3 Medium |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2021-35592 | 2 Netapp, Oracle | 3 Oncommand Insight, Snapcenter, Mysql Cluster | 2024-11-21 | 6.3 Medium |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2021-35535 | 1 Hitachienergy | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2024-11-21 | 8.1 High |
| Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions. | ||||
| CVE-2021-35517 | 4 Apache, Netapp, Oracle and 1 more | 29 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 26 more | 2024-11-21 | 7.5 High |
| When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. | ||||
| CVE-2021-35516 | 4 Apache, Netapp, Oracle and 1 more | 26 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 23 more | 2024-11-21 | 7.5 High |
| When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | ||||
| CVE-2021-35474 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | ||||
| CVE-2021-35452 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | 6.5 Medium |
| An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc. | ||||
| CVE-2021-35336 | 1 Tieline | 2 Ip Audtio Gateway, Ip Audtio Gateway Firmware | 2024-11-21 | 9.8 Critical |
| Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account. | ||||
| CVE-2021-35331 | 1 Tcl | 1 Tcl | 2024-11-21 | 7.8 High |
| In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding | ||||
| CVE-2021-35300 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 Medium |
| Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page. | ||||
| CVE-2021-35297 | 1 Scalabium | 1 Dbase Viewer | 2024-11-21 | 7.8 High |
| Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code. | ||||
| CVE-2021-35269 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-11-21 | 7.8 High |
| NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. | ||||
| CVE-2021-35267 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-11-21 | 7.8 High |
| NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. | ||||
| CVE-2021-35266 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-11-21 | 7.8 High |
| In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution. | ||||
| CVE-2021-35237 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 5 Medium |
| A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server. | ||||
| CVE-2021-35235 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 5.3 Medium |
| The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent. | ||||
| CVE-2021-35233 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 5.3 Medium |
| The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. | ||||
| CVE-2021-35134 | 1 Qualcomm | 59 Qca6391, Qca6391 Firmware, Qcm6490 and 56 more | 2024-11-21 | 8.4 High |
| Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | ||||