Search Results (364785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-32033 1 Protectimus 2 Slim Nfc 70, Slim Nfc 70 Firmware 2024-11-21 4.6 Medium
Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token.
CVE-2021-32029 2 Postgresql, Redhat 5 Postgresql, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2024-11-21 6.5 Medium
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-32028 2 Postgresql, Redhat 5 Postgresql, Ansible Automation Platform, Enterprise Linux and 2 more 2024-11-21 6.5 Medium
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-32027 2 Postgresql, Redhat 7 Postgresql, Ansible Automation Platform, Enterprise Linux and 4 more 2024-11-21 8.8 High
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-32023 1 Blackberry 1 Protect 2024-11-21 7.8 High
An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.
CVE-2021-32022 1 Blackberry 1 Protect 2024-11-21 5.5 Medium
A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete data from the local system.
CVE-2021-32021 1 Blackberry 1 Protect 2024-11-21 7.8 High
A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.
CVE-2021-32020 1 Amazon 1 Freertos 2024-11-21 9.8 Critical
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.
CVE-2021-32019 1 Openwrt 1 Openwrt 2024-11-21 6.1 Medium
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
CVE-2021-32015 1 Nuvoton 2 Npct75x, Npct75x Firmware 2024-11-21 6.0 Medium
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.
CVE-2021-32014 2 Oracle, Sheetjs 3 Rest Data Services, Sheetjs, Sheetjs Pro 2024-11-21 5.5 Medium
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.
CVE-2021-32013 2 Oracle, Sheetjs Project 3 Rest Data Services, Sheetjs, Sheetjs Pro 2024-11-21 5.5 Medium
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).
CVE-2021-32012 2 Oracle, Sheetjs Project 3 Rest Data Services, Sheetjs, Sheetjs Pro 2024-11-21 5.5 Medium
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).
CVE-2021-32010 1 Secomea 27 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 24 more 2024-11-21 5.6 Medium
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.
CVE-2021-32009 1 Secomea 1 Gatemanager 2024-11-21 5 Medium
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.
CVE-2021-32008 1 Secomea 1 Gatemanager 2024-11-21 9.9 Critical
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories.
CVE-2021-32006 1 Secomea 1 Gatemanager 2024-11-21 5 Medium
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.
CVE-2021-32005 1 Secomea 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more 2024-11-21 6.5 Medium
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.
CVE-2021-32004 1 Secomea 2 Gatemanager 8250, Gatemanager 8250 Firmware 2024-11-21 3.7 Low
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
CVE-2021-32003 1 Secomea 2 Sitemanager, Sitemanager Firmware 2024-11-21 8 High
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.