Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27377 | 1 Yottadb | 1 Yottadb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free. | ||||
| CVE-2021-27376 | 1 Nb-connect Project | 1 Nb-connect | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | ||||
| CVE-2021-27375 | 1 Containous | 1 Traefik | 2024-11-21 | 5.3 Medium |
| Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. | ||||
| CVE-2021-27374 | 1 Vertigis | 1 Weboffice | 2024-11-21 | 7.5 High |
| VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation." | ||||
| CVE-2021-27372 | 1 Realtek | 2 Xpon Rtl9601d, Xpon Rtl9601d Software Development Kit | 2024-11-21 | 9.8 Critical |
| Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | ||||
| CVE-2021-27371 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Description field. | ||||
| CVE-2021-27370 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field. | ||||
| CVE-2021-27369 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field. | ||||
| CVE-2021-27368 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the First Name field. | ||||
| CVE-2021-27367 | 1 Boltcms | 1 Bolt | 2024-11-21 | 7.5 High |
| Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. | ||||
| CVE-2021-27365 | 5 Debian, Linux, Netapp and 2 more | 12 Debian Linux, Linux Kernel, Solidfire Baseboard Management Controller and 9 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. | ||||
| CVE-2021-27364 | 6 Canonical, Debian, Linux and 3 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2024-11-21 | 7.1 High |
| An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. | ||||
| CVE-2021-27363 | 4 Debian, Linux, Netapp and 1 more | 10 Debian Linux, Linux Kernel, Cloud Backup and 7 more | 2024-11-21 | 4.4 Medium |
| An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. | ||||
| CVE-2021-27362 | 1 Irfanview | 2 Irfanview, Wpg | 2024-11-21 | 9.8 Critical |
| The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code. | ||||
| CVE-2021-27358 | 3 Grafana, Netapp, Redhat | 4 Grafana, E-series Performance Analyzer, Acm and 1 more | 2024-11-21 | 7.5 High |
| The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | ||||
| CVE-2021-27357 | 1 Riot-os | 1 Riot | 2024-11-21 | 9.8 Critical |
| RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. | ||||
| CVE-2021-27352 | 1 Ilch | 1 Ilch Cms | 2024-11-21 | 5.4 Medium |
| An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login. | ||||
| CVE-2021-27351 | 1 Telegram | 1 Telegram | 2024-11-21 | 5.3 Medium |
| The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. | ||||
| CVE-2021-27349 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | 6.1 Medium |
| Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. | ||||
| CVE-2021-27347 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2024-11-21 | 5.5 Medium |
| Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. | ||||