Export limit exceeded: 364308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364308 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29666 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400. | ||||
| CVE-2021-29665 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 7.8 High |
| IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. | ||||
| CVE-2021-29663 | 1 Course Registration Management System Project | 1 Course Registration Management System | 2024-11-21 | 4.8 Medium |
| CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS payload. This payload will execute whenever anyone visits the registration page. | ||||
| CVE-2021-29662 | 2 Data\, Netapp | 2 \, Snapcenter | 2024-11-21 | 7.5 High |
| The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||||
| CVE-2021-29661 | 1 Softing | 1 Opc Toolbox | 2024-11-21 | 5.4 Medium |
| Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. | ||||
| CVE-2021-29660 | 1 Softing | 1 Opc Toolbox | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | ||||
| CVE-2021-29658 | 1 Vscode-rufo Project | 1 Vscode-rufo | 2024-11-21 | 8.8 High |
| The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder. | ||||
| CVE-2021-29657 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.4 High |
| arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun. | ||||
| CVE-2021-29656 | 1 Pexip | 1 Infinity Connect | 2024-11-21 | 9.8 Critical |
| Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked. | ||||
| CVE-2021-29655 | 1 Pexip | 1 Infinity Connect | 2024-11-21 | 9.8 Critical |
| Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute. | ||||
| CVE-2021-29654 | 1 Stackpath | 1 Ajaxsearchpro | 2024-11-21 | 7.2 High |
| AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution. | ||||
| CVE-2021-29653 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 High |
| HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1. | ||||
| CVE-2021-29652 | 1 Pomerium | 1 Pomerium | 2024-11-21 | 6.1 Medium |
| Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process | ||||
| CVE-2021-29651 | 1 Pomerium | 1 Pomerium | 2024-11-21 | 6.1 Medium |
| Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). | ||||
| CVE-2021-29650 | 4 Debian, Fedoraproject, Linux and 1 more | 5 Debian Linux, Fedora, Linux Kernel and 2 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. | ||||
| CVE-2021-29649 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. | ||||
| CVE-2021-29648 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. | ||||
| CVE-2021-29647 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. | ||||
| CVE-2021-29646 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. | ||||
| CVE-2021-29645 | 2 Hitachi, Microsoft | 15 It Operations Director, Job Management Partner 1\/it Desktop Management-manager, Job Management Partner 1\/it Desktop Management 2-manager and 12 more | 2024-11-21 | 7 High |
| Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system. | ||||