Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366256 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-35525 1 Postsrsd Project 1 Postsrsd 2024-11-21 5.3 Medium
PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless."
CVE-2021-35523 1 Securepoint 1 Openvpn-client 2024-11-21 7.8 High
Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.
CVE-2021-35522 1 Idemia 22 Ma Vp Md, Ma Vp Md Firmware, Morphowave Compact Md and 19 more 2024-11-21 9.8 Critical
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.
CVE-2021-35521 1 Idemia 12 Morphowave Compact Md, Morphowave Compact Md Firmware, Morphowave Compact Mdpi and 9 more 2024-11-21 5.9 Medium
A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.
CVE-2021-35520 1 Idemia 8 Morphowave Compact Mdpi, Morphowave Compact Mdpi-m, Morphowave Compact Mdpi-m Firmware and 5 more 2024-11-21 6.2 Medium
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.
CVE-2021-35517 4 Apache, Netapp, Oracle and 1 more 29 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 26 more 2024-11-21 7.5 High
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
CVE-2021-35516 4 Apache, Netapp, Oracle and 1 more 26 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 23 more 2024-11-21 7.5 High
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVE-2021-35515 4 Apache, Netapp, Oracle and 1 more 28 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 25 more 2024-11-21 7.5 High
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVE-2021-35514 1 Narou Project 1 Narou 2024-11-21 9.8 Critical
Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.
CVE-2021-35513 1 Mermaid Project 1 Mermaid 2024-11-21 6.1 Medium
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
CVE-2021-35512 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 6.5 Medium
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVE-2021-35508 1 Terarecon 1 Aquariusnet 2024-11-21 8.8 High
NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service.
CVE-2021-35506 1 Afian 1 Filerun 2024-11-21 6.1 Medium
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.
CVE-2021-35505 1 Afian 1 Filerun 2024-11-21 7.2 High
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
CVE-2021-35504 1 Afian 1 Filerun 2024-11-21 7.2 High
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
CVE-2021-35503 1 Afian 1 Filerun 2024-11-21 6.1 Medium
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.
CVE-2021-35502 1 Misp 1 Misp 2024-11-21 9.8 Critical
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.
CVE-2021-35501 1 Pandorafms 1 Pandora Fms 2024-11-21 5.4 Medium
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
CVE-2021-35500 1 Tibco 2 Data Virtualization, Data Virtualization For Aws Marketplace 2024-11-21 6.3 Medium
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
CVE-2021-35499 1 Tibco 1 Nimbus 2024-11-21 8 High
The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below.