Export limit exceeded: 347659 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79427 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3869 | 1 Stanford | 1 Corenlp | 2024-11-21 | 7.5 High |
| corenlp is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2021-3864 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.0 High |
| A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | ||||
| CVE-2021-3861 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | ||||
| CVE-2021-3860 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 8.8 High |
| JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | ||||
| CVE-2021-3859 | 2 Netapp, Redhat | 11 Cloud Secure Agent, Oncommand Insight, Oncommand Workflow Automation and 8 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | ||||
| CVE-2021-3858 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 8.8 High |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3852 | 1 Weseek | 1 Growi | 2024-11-21 | 7.5 High |
| growi is vulnerable to Authorization Bypass Through User-Controlled Key | ||||
| CVE-2021-3847 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 7.8 High |
| An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. | ||||
| CVE-2021-3846 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 8.8 High |
| firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type | ||||
| CVE-2021-3845 | 1 Ws Scrcpy Project | 1 Ws Scrcpy | 2024-11-21 | 7.5 High |
| ws-scrcpy is vulnerable to External Control of File Name or Path | ||||
| CVE-2021-3842 | 3 Debian, Fedoraproject, Nltk | 3 Debian Linux, Fedora, Nltk | 2024-11-21 | 7.5 High |
| nltk is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3840 | 1 Lenovo | 1 Antilles | 2024-11-21 | 8.8 High |
| A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi. | ||||
| CVE-2021-3839 | 3 Dpdk, Fedoraproject, Redhat | 4 Data Plane Development Kit, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. | ||||
| CVE-2021-3835 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | ||||
| CVE-2021-3828 | 1 Nltk | 1 Nltk | 2024-11-21 | 7.5 High |
| nltk is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3823 | 1 Bitdefender | 1 Gravityzone | 2024-11-21 | 7.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249. | ||||
| CVE-2021-3822 | 1 Jsoneditoronline | 1 Jsoneditor | 2024-11-21 | 7.5 High |
| jsoneditor is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3820 | 1 Inflect Project | 1 Inflect | 2024-11-21 | 7.5 High |
| inflect is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3819 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 8.8 High |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-3814 | 1 Redhat | 2 3scale, 3scale Amp | 2024-11-21 | 7.5 High |
| It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure. | ||||