Search Results (365329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-41079 4 Apache, Debian, Netapp and 1 more 6 Tomcat, Debian Linux, Management Services For Element Software And Netapp Hci and 3 more 2024-11-21 7.5 High
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
CVE-2021-41078 1 Nameko 1 Nameko 2024-11-21 7.8 High
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.
CVE-2021-41077 1 Travis-ci 1 Travis Ci 2024-11-21 7.5 High
The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by a customer, and added to git) is for a Travis service to perform builds in a way that prevents public access to customer-specific secret environment data such as signing keys, access credentials, and API tokens. However, during the stated 8-day interval, secret data could be revealed to an unauthorized actor who forked a public repository and printed files during a build process.
CVE-2021-41075 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 9.8 Critical
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
CVE-2021-41073 4 Debian, Fedoraproject, Linux and 1 more 21 Debian Linux, Fedora, Linux Kernel and 18 more 2024-11-21 7.8 High
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
CVE-2021-41072 3 Debian, Redhat, Squashfs-tools Project 3 Debian Linux, Enterprise Linux, Squashfs-tools 2024-11-21 8.1 High
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
CVE-2021-41067 1 Listary 1 Listary 2024-11-21 7.5 High
An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.
CVE-2021-41066 1 Bopsoft 1 Listary 2024-11-21 7.5 High
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary).
CVE-2021-41065 1 Bopsoft 1 Listary 2024-11-21 7.3 High
An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds).
CVE-2021-41063 1 Xylem 1 Aanderaa Geoview 2024-11-21 9.8 Critical
SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands.
CVE-2021-41061 1 Riot-os 1 Riot 2024-11-21 5.5 Medium
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots.
CVE-2021-41057 3 Microsoft, Siemens, Wibu 11 Windows, Pss Cape, Pss E and 8 more 2024-11-21 7.1 High
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
CVE-2021-41055 1 Gajim 1 Gajim 2024-11-21 7.5 High
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
CVE-2021-41054 2 Atftp Project, Debian 2 Atftp, Debian Linux 2024-11-21 7.5 High
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.
CVE-2021-41043 2 Redhat, Tcpdump 3 Enterprise Linux, Rhel Eus, Tcpslice 2024-11-21 5.5 Medium
Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.
CVE-2021-41042 1 Eclipse 1 Lyo 2024-11-21 5.3 Medium
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.
CVE-2021-41041 3 Eclipse, Oracle, Redhat 4 Openj9, Java Se, Enterprise Linux and 1 more 2024-11-21 5.3 Medium
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
CVE-2021-41040 1 Eclipse 1 Wakaama 2024-11-21 7.5 High
In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data.
CVE-2021-41039 1 Eclipse 1 Mosquitto 2024-11-21 7.5 High
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
CVE-2021-41038 1 Eclipse 1 Theia 2024-11-21 6.1 Medium
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().