Export limit exceeded: 349910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25337 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38476 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 6.5 Medium |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts. | ||||
| CVE-2021-38455 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 7.3 High |
| The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value. | ||||
| CVE-2021-38373 | 1 Kde | 1 Kmail | 2024-11-21 | 5.3 Medium |
| In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. | ||||
| CVE-2021-38304 | 1 Ni | 1 Ni-pal | 2024-11-21 | 7.8 High |
| Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-38297 | 3 Fedoraproject, Golang, Redhat | 4 Fedora, Go, Enterprise Linux and 1 more | 2024-11-21 | 9.8 Critical |
| Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | ||||
| CVE-2021-38209 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls. | ||||
| CVE-2021-38205 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 3.3 Low |
| drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). | ||||
| CVE-2021-38201 | 3 Linux, Netapp, Redhat | 8 Linux Kernel, Element Software, Hci Bootstrap Os and 5 more | 2024-11-21 | 7.5 High |
| net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. | ||||
| CVE-2021-38182 | 1 Kyma-project | 1 Kyma | 2024-11-21 | 8.8 High |
| Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. | ||||
| CVE-2021-38153 | 4 Apache, Oracle, Quarkus and 1 more | 15 Kafka, Communications Brm - Elastic Charging Engine, Communications Cloud Native Core Policy and 12 more | 2024-11-21 | 5.9 Medium |
| Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0. | ||||
| CVE-2021-38015 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 8.8 High |
| Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | ||||
| CVE-2021-38009 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-37996 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 5.5 Medium |
| Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. | ||||
| CVE-2021-37968 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-37939 | 1 Elastic | 1 Kibana | 2024-11-21 | 2.7 Low |
| It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster. | ||||
| CVE-2021-37935 | 1 Huntflow | 1 Huntflow Enterprise | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the "isLdap" JavaScript parameter in the HTML source code. | ||||
| CVE-2021-37909 | 1 Tssservisignadapter Project | 1 Tssservisignadapter | 2024-11-21 | 9.8 Critical |
| WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code. | ||||
| CVE-2021-37863 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 Low |
| Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. | ||||
| CVE-2021-37848 | 1 Pengutronix | 1 Barebox | 2024-11-21 | 7.5 High |
| common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. | ||||
| CVE-2021-37707 | 1 Shopware | 1 Shopware | 2024-11-21 | 6.5 Medium |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||||