Export limit exceeded: 76242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76242 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 7.5 High |
| IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. | ||||
| CVE-2021-20378 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 8.8 High |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709. | ||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 7.5 High |
| IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521. | ||||
| CVE-2021-20360 | 1 Ibm | 1 Cloud Pak For Applications | 2024-11-21 | 7.5 High |
| IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031. | ||||
| CVE-2021-20354 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 7.5 High |
| IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. | ||||
| CVE-2021-20353 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 8.2 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882. | ||||
| CVE-2021-20337 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 7.5 High |
| IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448. | ||||
| CVE-2021-20322 | 6 Debian, Fedoraproject, Linux and 3 more | 34 Debian Linux, Fedora, Linux Kernel and 31 more | 2024-11-21 | 7.4 High |
| A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. | ||||
| CVE-2021-20319 | 1 Redhat | 2 Coreos-installer, Openshift | 2024-11-21 | 7.8 High |
| An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. | ||||
| CVE-2021-20318 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 7.2 High |
| The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage. | ||||
| CVE-2021-20313 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 7.5 High |
| A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-20312 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 7.5 High |
| A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20311 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.5 High |
| A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20310 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.5 High |
| A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20309 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 7.5 High |
| A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20305 | 5 Debian, Fedoraproject, Netapp and 2 more | 10 Debian Linux, Fedora, Active Iq Unified Manager and 7 more | 2024-11-21 | 8.1 High |
| A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2021-20304 | 1 Openexr | 1 Openexr | 2024-11-21 | 7.5 High |
| A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20299 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 7.5 High |
| A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20298 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 7.5 High |
| A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20294 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
| A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. | ||||