Export limit exceeded: 78985 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78985 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33647 | 1 Mindspore | 1 Mindspore | 2024-11-21 | 7.5 High |
| When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers. | ||||
| CVE-2021-33638 | 1 Openeuler | 1 Isula | 2024-11-21 | 8.4 High |
| When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. | ||||
| CVE-2021-33637 | 1 Openeuler | 1 Isula | 2024-11-21 | 8.4 High |
| When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. | ||||
| CVE-2021-33636 | 1 Openeuler | 1 Isula | 2024-11-21 | 8.4 High |
| When the isula load command is used to load malicious images, attackers can execute arbitrary code. | ||||
| CVE-2021-33629 | 1 Openeuler | 1 Isula-build | 2024-11-21 | 7.5 High |
| isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data. | ||||
| CVE-2021-33623 | 4 Debian, Netapp, Redhat and 1 more | 5 Debian Linux, E-series Performance Analyzer, Acm and 2 more | 2024-11-21 | 7.5 High |
| The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. | ||||
| CVE-2021-33615 | 1 Rsa | 1 Archer | 2024-11-21 | 7.5 High |
| RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. | ||||
| CVE-2021-33601 | 1 F-secure | 1 Internet Gatekeeper | 2024-11-21 | 7.6 High |
| A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server. | ||||
| CVE-2021-33591 | 1 Naver | 1 Comic Viewer | 2024-11-21 | 8.8 High |
| An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | ||||
| CVE-2021-33587 | 2 Css-what Project, Netapp | 2 Css-what, E-series Performance Analyzer | 2024-11-21 | 7.5 High |
| The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. | ||||
| CVE-2021-33582 | 4 Cyrus, Debian, Fedoraproject and 1 more | 5 Imap, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 High |
| Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. | ||||
| CVE-2021-33581 | 1 Softwareag | 1 Mashzone Nextgen | 2024-11-21 | 7.2 High |
| MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService. | ||||
| CVE-2021-33580 | 1 Apache | 1 Roller | 2024-11-21 | 7.5 High |
| User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2. | ||||
| CVE-2021-33571 | 3 Djangoproject, Fedoraproject, Redhat | 5 Django, Fedora, Openstack and 2 more | 2024-11-21 | 7.5 High |
| In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . | ||||
| CVE-2021-33563 | 1 Koel | 1 Koel | 2024-11-21 | 7.5 High |
| Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier. | ||||
| CVE-2021-33558 | 1 Boa | 1 Boa | 2024-11-21 | 7.5 High |
| Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa. | ||||
| CVE-2021-33555 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2024-11-21 | 7.5 High |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | ||||
| CVE-2021-33554 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-11-21 | 7.2 High |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-33553 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-11-21 | 7.2 High |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-33552 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-11-21 | 7.2 High |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | ||||