Search Results (364917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33600 1 F-secure 1 Internet Gatekeeper 2024-11-21 5.4 Medium
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.
CVE-2021-33599 3 Apple, F-secure, Microsoft 6 Macos, Atlant, Cloud Protection For Salesforce and 3 more 2024-11-21 4.6 Medium
A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
CVE-2021-33598 3 Apple, F-secure, Microsoft 5 Macos, Atlant, Elements Endpoint Protection and 2 more 2024-11-21 4.6 Medium
A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33597 3 Apple, F-secure, Microsoft 6 Macos, Business Suite, Client Security and 3 more 2024-11-21 3.5 Low
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33596 1 F-secure 1 Safe 2024-11-21 3.5 Low
Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
CVE-2021-33595 1 F-secure 1 Safe 2024-11-21 3.5 Low
A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack.
CVE-2021-33594 1 F-secure 1 Safe 2024-11-21 3.5 Low
An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.
CVE-2021-33593 1 Navercorp 1 Whale 2024-11-21 5.3 Medium
Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.
CVE-2021-33592 1 Naver 1 Toolbar 2024-11-21 9.8 Critical
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.
CVE-2021-33591 1 Naver 1 Comic Viewer 2024-11-21 8.8 High
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2021-33590 1 Labapart 1 Gattlib 2024-11-21 9.8 Critical
GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c.
CVE-2021-33587 2 Css-what Project, Netapp 2 Css-what, E-series Performance Analyzer 2024-11-21 7.5 High
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
CVE-2021-33586 1 Inspircd 1 Inspircd 2024-11-21 4.3 Medium
InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.
CVE-2021-33583 1 Reiner-sct 1 Timecard 2024-11-21 9.8 Critical
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.
CVE-2021-33582 4 Cyrus, Debian, Fedoraproject and 1 more 5 Imap, Debian Linux, Fedora and 2 more 2024-11-21 7.5 High
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
CVE-2021-33581 1 Softwareag 1 Mashzone Nextgen 2024-11-21 7.2 High
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.
CVE-2021-33580 1 Apache 1 Roller 2024-11-21 7.5 High
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.
CVE-2021-33578 1 Echobh 1 Sharecare 2024-11-21 9.8 Critical
Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.
CVE-2021-33577 1 Cleo 1 Lexicom 2024-11-21 5.3 Medium
An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.
CVE-2021-33576 1 Cleo 1 Lexicom 2024-11-21 9.8 Critical
An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk.