Export limit exceeded: 20847 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20847 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42195 | 1 Swftools | 1 Swftools | 2024-11-21 | 7.8 High |
| An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution. | ||||
| CVE-2021-42165 | 1 Mitrastar | 2 Gpt-2541gnac-n1, Gpt-2541gnac-n1 Firmware | 2024-11-21 | 8.8 High |
| MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". | ||||
| CVE-2021-42076 | 1 Barrier Project | 1 Barrier | 2024-11-21 | 7.5 High |
| An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages. | ||||
| CVE-2021-42071 | 1 Visual-tools | 2 Dvr Vx16, Dvr Vx16 Firmware | 2024-11-21 | 9.8 Critical |
| In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header. | ||||
| CVE-2021-42069 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 3.3 Low |
| When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | ||||
| CVE-2021-42024 | 1 Siemens | 1 Simcenter Star-ccm\+ Viewer | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-42012 | 1 Trendmicro | 3 Apex One, Worry-free Business Security, Worry-free Business Security Services | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-42008 | 3 Debian, Linux, Netapp | 20 Debian Linux, Linux Kernel, H300e and 17 more | 2024-11-21 | 7.8 High |
| The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | ||||
| CVE-2021-41987 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 8.1 High |
| In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10. | ||||
| CVE-2021-41864 | 5 Debian, Fedoraproject, Linux and 2 more | 25 Debian Linux, Fedora, Linux Kernel and 22 more | 2024-11-21 | 7.8 High |
| prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | ||||
| CVE-2021-41738 | 1 Zeroshell | 1 Zeroshell | 2024-11-21 | 8.8 High |
| ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. | ||||
| CVE-2021-41736 | 1 Grame | 1 Faust | 2024-11-21 | 9.8 Critical |
| Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp. | ||||
| CVE-2021-41683 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0 | ||||
| CVE-2021-41459 | 1 Gpac | 1 Mp4box | 2024-11-21 | 7.5 High |
| There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. | ||||
| CVE-2021-41458 | 1 Gpac | 1 Mp4box | 2024-11-21 | 5.5 Medium |
| In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. | ||||
| CVE-2021-41457 | 1 Gpac | 1 Mp4box | 2024-11-21 | 7.5 High |
| There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. | ||||
| CVE-2021-41456 | 1 Gpac | 1 Mp4box | 2024-11-21 | 7.5 High |
| There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. | ||||
| CVE-2021-41396 | 1 Live555 | 1 Live555 | 2024-11-21 | 7.5 High |
| Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack. | ||||
| CVE-2021-41315 | 1 Device42 | 1 Remote Collector | 2024-11-21 | 8.8 High |
| The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges. | ||||
| CVE-2021-41280 | 1 Sharetribe | 1 Sharetribe | 2024-11-21 | 9.8 Critical |
| Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the `sns_notification_token` configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set the`sns_notification_token` configuration parameter to a secret value. | ||||