Export limit exceeded: 365349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33593 1 Navercorp 1 Whale 2024-11-21 5.3 Medium
Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.
CVE-2021-33592 1 Naver 1 Toolbar 2024-11-21 9.8 Critical
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.
CVE-2021-33591 1 Naver 1 Comic Viewer 2024-11-21 8.8 High
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2021-33590 1 Labapart 1 Gattlib 2024-11-21 9.8 Critical
GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c.
CVE-2021-33587 2 Css-what Project, Netapp 2 Css-what, E-series Performance Analyzer 2024-11-21 7.5 High
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
CVE-2021-33586 1 Inspircd 1 Inspircd 2024-11-21 4.3 Medium
InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.
CVE-2021-33583 1 Reiner-sct 1 Timecard 2024-11-21 9.8 Critical
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.
CVE-2021-33582 4 Cyrus, Debian, Fedoraproject and 1 more 5 Imap, Debian Linux, Fedora and 2 more 2024-11-21 7.5 High
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
CVE-2021-33581 1 Softwareag 1 Mashzone Nextgen 2024-11-21 7.2 High
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.
CVE-2021-33580 1 Apache 1 Roller 2024-11-21 7.5 High
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.
CVE-2021-33578 1 Echobh 1 Sharecare 2024-11-21 9.8 Critical
Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.
CVE-2021-33577 1 Cleo 1 Lexicom 2024-11-21 5.3 Medium
An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.
CVE-2021-33576 1 Cleo 1 Lexicom 2024-11-21 9.8 Critical
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.
CVE-2021-33575 1 Pixar 1 Ruby-jss 2024-11-21 9.8 Critical
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.
CVE-2021-33574 5 Debian, Fedoraproject, Gnu and 2 more 21 Debian Linux, Fedora, Glibc and 18 more 2024-11-21 9.8 Critical
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
CVE-2021-33572 1 F-secure 4 Cloud Protection For Salesforce, Elements For Microsoft 365, Endpoint Protection and 1 more 2024-11-21 3.5 Low
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33571 3 Djangoproject, Fedoraproject, Redhat 5 Django, Fedora, Openstack and 2 more 2024-11-21 7.5 High
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .
CVE-2021-33570 1 Postbird Project 1 Postbird 2024-11-21 5.4 Medium
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.
CVE-2021-33564 1 Dragonfly Project 1 Dragonfly 2024-11-21 9.8 Critical
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
CVE-2021-33563 1 Koel 1 Koel 2024-11-21 7.5 High
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.