Search

Search Results (363304 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-28372 1 Throughtek 1 Kalay P2p Software Development Kit 2024-11-21 8.3 High
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device.
CVE-2021-28363 4 Fedoraproject, Oracle, Python and 1 more 4 Fedora, Peoplesoft Enterprise Peopletools, Urllib3 and 1 more 2024-11-21 6.5 Medium
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.
CVE-2021-28362 1 Contiki-os 1 Contiki 2024-11-21 7.5 High
An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.
CVE-2021-28361 1 Spdk 1 Storage Performance Development Kit 2024-11-21 7.5 High
An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.
CVE-2021-28359 1 Apache 1 Airflow 2024-11-21 6.1 Medium
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).
CVE-2021-28358 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28357 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28356 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28355 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28354 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28353 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28352 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28351 1 Microsoft 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more 2024-11-21 7.8 High
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28350 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 7.8 High
Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28349 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 7.8 High
Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28348 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 7.8 High
Windows GDI+ Remote Code Execution Vulnerability
CVE-2021-28347 1 Microsoft 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more 2024-11-21 7.8 High
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2021-28346 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28345 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-28344 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 8.8 High
Remote Procedure Call Runtime Remote Code Execution Vulnerability