Export limit exceeded: 79686 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79686 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45918 | 1 Nhi | 1 Health Insurance Web Service Component | 2024-11-21 | 7.5 High |
| NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service. | ||||
| CVE-2021-45917 | 1 Sun Moon Jingyao | 2 Network Computer Terminal Protection System, Network Computer Terminal Protection System Firmware | 2024-11-21 | 8 High |
| The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service. | ||||
| CVE-2021-45913 | 1 Controlup | 1 Controlup Agent | 2024-11-21 | 7.2 High |
| A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel. | ||||
| CVE-2021-45912 | 1 Controlup | 1 Real-time Agent | 2024-11-21 | 7.8 High |
| An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. | ||||
| CVE-2021-45911 | 2 Debian, Gif2apng Project | 2 Debian Linux, Gif2apng | 2024-11-21 | 7.8 High |
| An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer. | ||||
| CVE-2021-45910 | 2 Debian, Gif2apng Project | 2 Debian Linux, Gif2apng | 2024-11-21 | 7.8 High |
| An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written. | ||||
| CVE-2021-45909 | 2 Debian, Gif2apng Project | 2 Debian Linux, Gif2apng | 2024-11-21 | 7.8 High |
| An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. | ||||
| CVE-2021-45908 | 1 Gif2apng Project | 1 Gif2apng | 2024-11-21 | 7.8 High |
| An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. | ||||
| CVE-2021-45907 | 1 Gif2apng Project | 1 Gif2apng | 2024-11-21 | 7.8 High |
| An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. | ||||
| CVE-2021-45897 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. | ||||
| CVE-2021-45896 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2024-11-21 | 8.8 High |
| Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. | ||||
| CVE-2021-45893 | 1 Zauner | 1 Arc | 2024-11-21 | 7.5 High |
| An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier. | ||||
| CVE-2021-45891 | 1 Zauner | 1 Arc | 2024-11-21 | 8.8 High |
| An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. | ||||
| CVE-2021-45886 | 1 Ponton | 1 X\/p Messenger | 2024-11-21 | 8.8 High |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin). | ||||
| CVE-2021-45885 | 1 Stormshield | 1 Network Security | 2024-11-21 | 7.5 High |
| An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. | ||||
| CVE-2021-45884 | 4 Apple, Brave, Linux and 1 more | 4 Macos, Brave, Linux Kernel and 1 more | 2024-11-21 | 7.5 High |
| In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916. | ||||
| CVE-2021-45856 | 1 Accu-time | 2 Maximus, Maximus Firmware | 2024-11-21 | 7.5 High |
| Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash | ||||
| CVE-2021-45851 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | 7.5 High |
| A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server. | ||||
| CVE-2021-45848 | 2 Fedoraproject, Nicotine-plus | 2 Fedora, Nicotine\+ | 2024-11-21 | 7.5 High |
| Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. | ||||
| CVE-2021-45845 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2024-11-21 | 7.8 High |
| The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. | ||||