Export limit exceeded: 365299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33057 1 Tencent 1 Qq 2024-11-21 7.5 High
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device's location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center.
CVE-2021-33056 1 Linphone 1 Belle-sip 2024-11-21 7.5 High
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message.
CVE-2021-33055 2 Microsoft, Zohocorp 2 Windows, Manageengine Adselfservice Plus 2024-11-21 9.8 Critical
Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.
CVE-2021-33054 2 Debian, Inverse 2 Debian Linux, Sogo 2024-11-21 7.5 High
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)
CVE-2021-33046 1 Dahuasecurity 56 Asc2204c, Asc2204c Firmware, Hcvr7xxx and 53 more 2024-11-21 9.8 Critical
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
CVE-2021-33041 1 Vmd Project 1 Vmd 2024-11-21 6.1 Medium
vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS.
CVE-2021-33040 1 Futurepress 1 Epub.js 2024-11-21 6.1 Medium
managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.
CVE-2021-33038 2 Debian, Hyperkitty Project 2 Debian Linux, Hyperkitty 2024-11-21 7.5 High
An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.
CVE-2021-33037 5 Apache, Debian, Mcafee and 2 more 25 Tomcat, Tomee, Debian Linux and 22 more 2024-11-21 5.3 Medium
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
CVE-2021-33036 1 Apache 1 Hadoop 2024-11-21 8.8 High
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CVE-2021-33035 1 Apache 1 Openoffice 2024-11-21 7.8 High
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10
CVE-2021-33034 4 Debian, Fedoraproject, Linux and 1 more 11 Debian Linux, Fedora, Linux Kernel and 8 more 2024-11-21 7.8 High
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2021-33033 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2024-11-21 7.8 High
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33032 1 Eq-3 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more 2024-11-21 10.0 Critical
A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system commands as root via a simple HTTP request.
CVE-2021-33031 1 Labcup 1 Labcup 2024-11-21 3.1 Low
In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-management privilege can change another user's email address if the attacker knows details of the victim such as the exact roles and group roles, ID, and remote authentication ID settings. These must be sent in a modified save API request. It was fixed in 6.3.0.03.
CVE-2021-33027 1 Sylabs 1 Singularity 2024-11-21 9.8 Critical
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
CVE-2021-33026 1 Flask-caching Project 1 Flask-caching 2024-11-21 9.8 Critical
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision
CVE-2021-33023 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
CVE-2021-33019 1 Deltaww 1 Dopsoft 2024-11-21 7.8 High
A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
CVE-2021-33017 1 Philips 4 Intellibridge Ec40, Intellibridge Ec40 Firmware, Intellibridge Ec80 and 1 more 2024-11-21 8.1 High
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.