Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366256 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35525 | 1 Postsrsd Project | 1 Postsrsd | 2024-11-21 | 5.3 Medium |
| PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless." | ||||
| CVE-2021-35523 | 1 Securepoint | 1 Openvpn-client | 2024-11-21 | 7.8 High |
| Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user. | ||||
| CVE-2021-35522 | 1 Idemia | 22 Ma Vp Md, Ma Vp Md Firmware, Morphowave Compact Md and 19 more | 2024-11-21 | 9.8 Critical |
| A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets. | ||||
| CVE-2021-35521 | 1 Idemia | 12 Morphowave Compact Md, Morphowave Compact Md Firmware, Morphowave Compact Mdpi and 9 more | 2024-11-21 | 5.9 Medium |
| A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets. | ||||
| CVE-2021-35520 | 1 Idemia | 8 Morphowave Compact Mdpi, Morphowave Compact Mdpi-m, Morphowave Compact Mdpi-m Firmware and 5 more | 2024-11-21 | 6.2 Medium |
| A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports. | ||||
| CVE-2021-35517 | 4 Apache, Netapp, Oracle and 1 more | 29 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 26 more | 2024-11-21 | 7.5 High |
| When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. | ||||
| CVE-2021-35516 | 4 Apache, Netapp, Oracle and 1 more | 26 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 23 more | 2024-11-21 | 7.5 High |
| When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | ||||
| CVE-2021-35515 | 4 Apache, Netapp, Oracle and 1 more | 28 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 25 more | 2024-11-21 | 7.5 High |
| When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | ||||
| CVE-2021-35514 | 1 Narou Project | 1 Narou | 2024-11-21 | 9.8 Critical |
| Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. | ||||
| CVE-2021-35513 | 1 Mermaid Project | 1 Mermaid | 2024-11-21 | 6.1 Medium |
| Mermaid before 8.11.0 allows XSS when the antiscript feature is used. | ||||
| CVE-2021-35512 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 6.5 Medium |
| An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | ||||
| CVE-2021-35508 | 1 Terarecon | 1 Aquariusnet | 2024-11-21 | 8.8 High |
| NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service. | ||||
| CVE-2021-35506 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | ||||
| CVE-2021-35505 | 1 Afian | 1 Filerun | 2024-11-21 | 7.2 High |
| Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | ||||
| CVE-2021-35504 | 1 Afian | 1 Filerun | 2024-11-21 | 7.2 High |
| Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | ||||
| CVE-2021-35503 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | ||||
| CVE-2021-35502 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. | ||||
| CVE-2021-35501 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. | ||||
| CVE-2021-35500 | 1 Tibco | 2 Data Virtualization, Data Virtualization For Aws Marketplace | 2024-11-21 | 6.3 Medium |
| The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below. | ||||
| CVE-2021-35499 | 1 Tibco | 1 Nimbus | 2024-11-21 | 8 High |
| The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below. | ||||