Export limit exceeded: 350304 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36287 | 1 Dell | 10 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 7 more | 2024-11-21 | 7.3 High |
| Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. | ||||
| CVE-2021-36218 | 1 Skale | 1 Sgxwallet | 2024-11-21 | 7.5 High |
| An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0 | ||||
| CVE-2021-36195 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.2 Medium |
| Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments. | ||||
| CVE-2021-36194 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. | ||||
| CVE-2021-36186 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | ||||
| CVE-2021-36185 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.8 High |
| A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2021-36182 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | ||||
| CVE-2021-36180 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.1 High |
| Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | ||||
| CVE-2021-36179 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution | ||||
| CVE-2021-36173 | 1 Fortinet | 14 Fortigate-1100e, Fortigate-200f, Fortigate-2600f and 11 more | 2024-11-21 | 8 High |
| A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images. | ||||
| CVE-2021-36134 | 2 Microsoft, Netop | 2 Windows, Vision Pro | 2024-11-21 | 7.4 High |
| Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS). | ||||
| CVE-2021-36100 | 1 Otrs | 3 Otrs, Otrs Itsm, Otrs Storm | 2024-11-21 | 6.4 Medium |
| Specially crafted string in OTRS system configuration can allow the execution of any system command. | ||||
| CVE-2021-36089 | 2 Linux, Zope | 2 Linux Kernel, Grok | 2024-11-21 | 7.8 High |
| Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour). | ||||
| CVE-2021-36083 | 1 Kde | 1 Kimageformats | 2024-11-21 | 5.5 Medium |
| KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. | ||||
| CVE-2021-36082 | 1 Ntop | 1 Ndpi | 2024-11-21 | 8.8 High |
| ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello. | ||||
| CVE-2021-36077 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-11-21 | 5.5 Medium |
| Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability. | ||||
| CVE-2021-36066 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-36065 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-36024 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. | ||||
| CVE-2021-36022 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. | ||||