Export limit exceeded: 347473 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79418 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3440 | 1 Hp | 1 Hp Smart | 2024-11-21 | 7.8 High |
| HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. | ||||
| CVE-2021-3438 | 2 Hp, Samsung | 382 Color Laser 150 4zb94a, Color Laser 150 4zb95a, Color Laser Mfp 170 4zb96a and 379 more | 2024-11-21 | 7.8 High |
| A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. | ||||
| CVE-2021-3423 | 1 Bitdefender | 1 Gravityzone Business Security | 2024-11-21 | 7.8 High |
| Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329. | ||||
| CVE-2021-3422 | 1 Splunk | 1 Splunk | 2024-11-21 | 7.5 High |
| The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. | ||||
| CVE-2021-3414 | 1 Redhat | 1 Satellite | 2024-11-21 | 8.1 High |
| A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-3412 | 1 Redhat | 2 3scale, 3scale Api Management | 2024-11-21 | 7.3 High |
| It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks. | ||||
| CVE-2021-3410 | 3 Debian, Fedoraproject, Libcaca Project | 3 Debian Linux, Fedora, Libcaca | 2024-11-21 | 7.8 High |
| A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | ||||
| CVE-2021-3404 | 3 Fedoraproject, Redhat, Ytnef Project | 3 Fedora, Enterprise Linux, Ytnef | 2024-11-21 | 7.8 High |
| In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. | ||||
| CVE-2021-3403 | 3 Fedoraproject, Redhat, Ytnef Project | 3 Fedora, Enterprise Linux, Ytnef | 2024-11-21 | 7.8 High |
| In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. | ||||
| CVE-2021-3396 | 1 Opennms | 3 Horizon, Meridian, Newts | 2024-11-21 | 8.8 High |
| OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions. | ||||
| CVE-2021-3394 | 1 Millewin | 1 Millewin | 2024-11-21 | 8.8 High |
| Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation. | ||||
| CVE-2021-3382 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 High |
| Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. | ||||
| CVE-2021-3376 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 8.8 High |
| An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | ||||
| CVE-2021-3348 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.0 High |
| nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. | ||||
| CVE-2021-3345 | 2 Gnupg, Oracle | 2 Libgcrypt, Communications Billing And Revenue Management | 2024-11-21 | 7.8 High |
| _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. | ||||
| CVE-2021-3344 | 1 Redhat | 3 Openshift, Openshift Builder, Openshift Container Platform | 2024-11-21 | 8.8 High |
| A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before. | ||||
| CVE-2021-3341 | 1 Dh2i | 2 Dxenterprise, Dxodyssey | 2024-11-21 | 7.5 High |
| A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request. | ||||
| CVE-2021-3337 | 1 Hide Thread Content Project | 1 Hide Thread Content | 2024-11-21 | 7.5 High |
| The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit. | ||||
| CVE-2021-3336 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 8.1 High |
| DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers. | ||||
| CVE-2021-3330 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.1 High |
| RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456 | ||||