Export limit exceeded: 365339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365339 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33502 | 2 Normalize-url Project, Redhat | 6 Normalize-url, Acm, Enterprise Linux and 3 more | 2024-11-21 | 7.5 High |
| The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. | ||||
| CVE-2021-33501 | 1 Overwolf | 1 Overwolf | 2024-11-21 | 9.6 Critical |
| Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL. | ||||
| CVE-2021-33500 | 2 Microsoft, Putty | 2 Windows, Putty | 2024-11-21 | 7.5 High |
| PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons. | ||||
| CVE-2021-33499 | 1 Pexip | 1 Infinity | 2024-11-21 | 7.5 High |
| Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2). | ||||
| CVE-2021-33498 | 1 Pexip | 1 Infinity | 2024-11-21 | 7.5 High |
| Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2). | ||||
| CVE-2021-33497 | 1 Dutchcoders | 1 Transfer.sh | 2024-11-21 | 9.1 Critical |
| Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | ||||
| CVE-2021-33496 | 1 Dutchcoders | 1 Transfer.sh | 2024-11-21 | 6.1 Medium |
| Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. | ||||
| CVE-2021-33495 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite 7.10.5 allows XSS via an OX Chat system message. | ||||
| CVE-2021-33494 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. | ||||
| CVE-2021-33493 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.0 Medium |
| The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. | ||||
| CVE-2021-33492 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite 7.10.5 allows XSS via an OX Chat room name. | ||||
| CVE-2021-33491 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.5 Medium |
| OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. | ||||
| CVE-2021-33490 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. | ||||
| CVE-2021-33489 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. | ||||
| CVE-2021-33488 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.1 Medium |
| chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. | ||||
| CVE-2021-33486 | 1 Codesys | 1 Runtime Toolkit | 2024-11-21 | 7.5 High |
| All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions. | ||||
| CVE-2021-33484 | 1 Onyaktech Comments Pro Project | 1 Onyaktech Comments Pro | 2024-11-21 | 7.5 High |
| An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryption key (sent as a parameter in the comment form request) by setting this encrypted value as the username, which will appear on the comment page in its decrypted form. Using these two values (combined with the encryption functionality discovered in the decompiled installer), the attacker can encrypt another user's ID and username. These values can be used as part of the comment posting request in order to spoof the user. | ||||
| CVE-2021-33483 | 1 Onyaktech Comments Pro Project | 1 Onyaktech Comments Pro | 2024-11-21 | 5.4 Medium |
| An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment. | ||||
| CVE-2021-33481 | 1 Optical Character Recognition Project | 1 Optical Character Recognition | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c. | ||||
| CVE-2021-33480 | 1 Optical Character Recognition Project | 1 Optical Character Recognition | 2024-11-21 | 5.5 Medium |
| An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c. | ||||