Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365359 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33603 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2024-11-21 | 5.5 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | ||||
| CVE-2021-33602 | 1 F-secure | 4 Atlant, Cloud Protection, Internet Gatekeeper and 1 more | 2024-11-21 | 5.5 Medium |
| A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | ||||
| CVE-2021-33601 | 1 F-secure | 1 Internet Gatekeeper | 2024-11-21 | 7.6 High |
| A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server. | ||||
| CVE-2021-33600 | 1 F-secure | 1 Internet Gatekeeper | 2024-11-21 | 5.4 Medium |
| A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product. | ||||
| CVE-2021-33599 | 3 Apple, F-secure, Microsoft | 6 Macos, Atlant, Cloud Protection For Salesforce and 3 more | 2024-11-21 | 4.6 Medium |
| A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. | ||||
| CVE-2021-33598 | 3 Apple, F-secure, Microsoft | 5 Macos, Atlant, Elements Endpoint Protection and 2 more | 2024-11-21 | 4.6 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | ||||
| CVE-2021-33597 | 3 Apple, F-secure, Microsoft | 6 Macos, Business Suite, Client Security and 3 more | 2024-11-21 | 3.5 Low |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | ||||
| CVE-2021-33596 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 Low |
| Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS. | ||||
| CVE-2021-33595 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 Low |
| A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. | ||||
| CVE-2021-33594 | 1 F-secure | 1 Safe | 2024-11-21 | 3.5 Low |
| An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. | ||||
| CVE-2021-33593 | 1 Navercorp | 1 Whale | 2024-11-21 | 5.3 Medium |
| Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. | ||||
| CVE-2021-33592 | 1 Naver | 1 Toolbar | 2024-11-21 | 9.8 Critical |
| NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function. | ||||
| CVE-2021-33591 | 1 Naver | 1 Comic Viewer | 2024-11-21 | 8.8 High |
| An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | ||||
| CVE-2021-33590 | 1 Labapart | 1 Gattlib | 2024-11-21 | 9.8 Critical |
| GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c. | ||||
| CVE-2021-33587 | 2 Css-what Project, Netapp | 2 Css-what, E-series Performance Analyzer | 2024-11-21 | 7.5 High |
| The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. | ||||
| CVE-2021-33586 | 1 Inspircd | 1 Inspircd | 2024-11-21 | 4.3 Medium |
| InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. | ||||
| CVE-2021-33583 | 1 Reiner-sct | 1 Timecard | 2024-11-21 | 9.8 Critical |
| REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file. | ||||
| CVE-2021-33582 | 4 Cyrus, Debian, Fedoraproject and 1 more | 5 Imap, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 High |
| Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. | ||||
| CVE-2021-33581 | 1 Softwareag | 1 Mashzone Nextgen | 2024-11-21 | 7.2 High |
| MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService. | ||||
| CVE-2021-33580 | 1 Apache | 1 Roller | 2024-11-21 | 7.5 High |
| User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2. | ||||